William Allen Simpson [EMAIL PROTECTED] writes:
Would this be the DHCP working group that on at least 2 occasions when I was
there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't
supposed to require configuration?
Given that their goal is zero-configuration networking, I
On Tue, 1 Jul 2003, Peter Gutmann wrote:
Given that their goal is zero-configuration networking, I can see
that being required to provide a shared secret would mess things up
a bit for them. It'd be a bit like PKIX being asked to make
ease-of-use a consideration in their work, or OpenPGP
In message [EMAIL PROTECTED], Simon Josefsson writes:
Of course, everything fails if you ALSO get your DNSSEC root key from
the DHCP server, but in this case you shouldn't expect to be secure.
I wouldn't be surprised if some people suggest pushing the DNSSEC root
key via DHCP though, because
At 11:49 PM 06/29/2003 +0200, Simon Josefsson wrote:
No, I believe only one of the following situations can occur:
* Your laptop see and uses the name yahoo.com, and the DNS server
translate them into yahoo.com.attackersdomain.com. If your laptop
knows the DNSSEC root key, the attacker
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
entries, but unless you are using bad software or
On Mon, 30 Jun 2003, Simon Josefsson wrote:
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
In message [EMAIL PROTECTED], Simon Josefsson writes:
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Simon Josefsson writes:
Of course, everything fails if you ALSO get your DNSSEC root key from
the DHCP server, but in this case you shouldn't expect to be secure.
I wouldn't be surprised if some people suggest pushing the DNSSEC root
Once upon a time, bear sent Kevin a note that said...
I think that the problem would be somewhat ameliorated if there
were a DNS cache on the laptop itself. It would still use DNS
servers, but if it got a different IP number for the same address,
it should notify someone.
Win2k and WinXP have a
In message [EMAIL PROTECTED], Bill Stewart writes:
Somebody did an interesting attack on a cable network's customers.
They cracked the cable company's DHCP server, got it to provide a
Connection-specific DNS suffic pointing to a machine they owned,
and also told it to use their DNS server.
This
At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Bill Stewart writes:
This looks like it has the ability to work around DNSSEC.
Somebody trying to verify that they'd correctly reached yahoo.com
would instead verify that they'd correctly reached
Bill Stewart [EMAIL PROTECTED] writes:
At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Bill Stewart writes:
This looks like it has the ability to work around DNSSEC.
Somebody trying to verify that they'd correctly reached yahoo.com
would instead verify
Somebody did an interesting attack on a cable network's customers.
They cracked the cable company's DHCP server, got it to provide a
Connection-specific DNS suffic pointing to a machine they owned,
and also told it to use their DNS server.
This meant that when your machine wanted to look up
On Sat, Jun 28, 2003 at 01:06:03PM -0700, Bill Stewart wrote:
Somebody did an interesting attack on a cable network's customers.
They cracked the cable company's DHCP server, got it to provide a
Connection-specific DNS suffic pointing to a machine they owned,
and also told it to use their DNS
14 matches
Mail list logo
