Jason Stone wrote:
So you say, "But I don't send important information over that connection, nor do I trust the information I get back?" Maybe. I think that the AOL data leak fiasco proved that, while people don't generally think of search queries as sensitive, they really kind of are. And you almost certainly place _some_ trust in the results you get back; I mean, you're not reading them purely as fiction.
I validate such unauthenticated information at the human layer. Have to -- even when nobody has tampered with DNS, BGP, or HTTP, the stuff at nytimes.com and wikipedia.org is still often false.
So, if your DNS resolver is vulnerable to cache poisoning, then every time you casually surf the web, you're allowing for the possibility that you will get spoofed, surf to some malware site, get served a browser exploit, and get 0wned.
That is already true, and is true regardless of the "security" of the DNS. Think hard on why this is possible: http://ex-parrot.com/~pete/upside-down-ternet.html :) Similarly, why does YouTube disappear whenever Pervez Musharraf gets cranky?
I agree that DNSSEC is the real solution.
It won't, and can't, solve *any* of the problems you cited. Any attacker than can mangle my DNS traffic (and cache poisoning is hardly the only way to do that) can also just read and alter *any* non-secure-by-design plaintext network traffic.
I also think that making it easy (or even possible) to sandbox the browsers is a real solution. I think that using strong crypto everywhere and making fine-grained capabilities and MAC systems ubiquitous is also a real solution.
Okay, I know when I'm being trolled. :) I'll stop posting now. It's bed time anyway.
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
