In message [EMAIL PROTECTED], Simon Josefsson writes:
Of course, everything fails if you ALSO get your DNSSEC root key from
the DHCP server, but in this case you shouldn't expect to be secure.
I wouldn't be surprised if some people suggest pushing the DNSSEC root
key via DHCP though, because
At 11:49 PM 06/29/2003 +0200, Simon Josefsson wrote:
No, I believe only one of the following situations can occur:
* Your laptop see and uses the name yahoo.com, and the DNS server
translate them into yahoo.com.attackersdomain.com. If your laptop
knows the DNSSEC root key, the attacker
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
entries, but unless you are using bad software or
FYI ( from http://www.cenorm.be/isss/newsletter/ ):
--- Forwarded message follows ---
ETSI interoperability testing event for IPsec on 21-25 July 2003
The European Telecommunications Standards Institute's (ETSI) Plugtests
service is mounting its first interoperability testing event for
On Mon, 30 Jun 2003, Simon Josefsson wrote:
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
In message [EMAIL PROTECTED], Simon Josefsson writes:
Bill Stewart [EMAIL PROTECTED] writes:
* Your laptop see and uses the name yahoo.com.attackersdomain.com.
You may be able to verify this using your DNSSEC root key, if the
attackersdomain.com people have set up DNSSEC for their spoofed
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Simon Josefsson writes:
Of course, everything fails if you ALSO get your DNSSEC root key from
the DHCP server, but in this case you shouldn't expect to be secure.
I wouldn't be surprised if some people suggest pushing the DNSSEC root
Once upon a time, bear sent Kevin a note that said...
I think that the problem would be somewhat ameliorated if there
were a DNS cache on the laptop itself. It would still use DNS
servers, but if it got a different IP number for the same address,
it should notify someone.
Win2k and WinXP have a
also sprach Arnold G. Reinhold [EMAIL PROTECTED] [2003.06.29.0424 +0200]:
I am not sure I understand. How does this relate to my question?
Where does the other factor come from?
I got the impression, and maybe I misunderstood, that you were
viewing a product of two primes aA, where a was
Ian Grigg wrote:
Tying the certificate into the core crypto protocol seems to be a
poor design choice; outsourcing any certification to a higher layer
seems to work much better out in the field.
I'll reserve judgement about the significance of SSLBar, but I couldn't
agree more with the above
On Fri, Jun 27, 2003 at 12:56:24AM +1000, Mister Lee wrote:
Regarding the usefulness of SSLbar itself, its immediate purpose was
fingerprint display, as a (theoretically) easy means of checking a cert's
validity yourself, rather than relying on a third party signing. That list
of
11 matches
Mail list logo