> Is polipo's internal resolver impacted? Do you plan to fix it quickly if this
> is the case?
>From what I've been able to gather, there's nothing new in Kaminsky's
attack. DNS is vulnerable to spoofed replies, and nothing, not even
randomising query ideas, can fix this fundamental vulnerability.
Polipo (like theq glibc resolver) is not a recursive resolver. You
should only ever point it at a single recursive DNS resolver, and one
that lives on an IP address that is not easy to spoof (solution 2 in
the mail you forwarded). If you don't have access to such a resolver,
install a trusted resolver on localhost and point Polipo at 127.0.0.1
(solution 1 in the mail you forwarded).
Once again: DNS is insecure. Only the SSL-protected web (https://...)
has any form of security built in.
Juliusz
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Polipo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/polipo-users
