FYI, Two people (myself and Dr. Bernstein) who have often cited the
insecurity of DNS, and this attack in particular, are currently or have
been previously blocked from namedroppers, and so can't discuss the
proper solutions to these problems. I have been following the
namedroppers discussion with some amusement, however.
It was really too bad that all these problems weren't fixed with a
different resolver for IPv6, as could have been the case and indeed
would have been the case but for a few people.
If anyone knows of these 'bugs' in djbdns, and patches, please let me
know, and I'll make sure the patches get distributed.
--Dean
---------- Forwarded message ----------
Date: Thu, 7 Aug 2008 09:41:05 -0500
From: Emilio Perea <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Kaminsky on djbdns bugs
The long-awaited description of Dan Kaminsky's seems to have been
released as a 104-slide Powerpoint presentation (of all stupid formats):
http://www.doxpara.com/DMK_BO2K8.ppt
On slide 34 (and only partially visible due to bad formatting) it says:
* DJB WAS RIGHT
-- NOT PERFECT -- he has bugs too, as
we're seeing (and patching, don't ask)
* For example, he didn't implement
birthday attack protection - he
believed port randomization was
enough
* DJBDNS has other known issues too
Does anybody know what that worthless son of a bitch means by bugs he's
"seeing (and patching, don't ask)"
I'm asking!
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
