On Wed, Dec 3, 2014 at 1:05 AM, Bill Horne b...@horne.net wrote:
In my capacity as Telecom Digest Moderator, I asked Ian Murdock to comment
on the fork.
His reply was succinct:
Thanks for sharing that, Bill. That is succinct.
Freedom to Fork is one of the RMS/FSF Freedoms. While we may
Edward Ned Harvey (blu) b...@nedharvey.com writes:
From: Derek Atkins [mailto:warl...@mit.edu]
And you've already violated rule #1: You must trust your resolver.
That's the point we've been talking about. I forget who said in this
thread, that DNSSEC only provides security up to the last
Richard,
Richard Pieri richard.pi...@gmail.com writes:
Derek,
According to the DNSSEC specs, if there is no RRSIG record in the
lookup answer then a properly behaved resolver will treat it as
unsigned. Backwards compatibility with so-called insecure DNS is an
explicit requirement of
On 12/3/2014 10:52 AM, Derek Atkins wrote:
Actually, it was designed to protect against that. I sat in the
IETF meetings where that was explicitly discussed. If an intermediary
strips the DNSSEC records out then a resolver expecting DNSSEC will
force a validation error.
Which results in a
So far this looks the most promising. For those interested, here's the
test script I wrote and it let's me display the status of all services.
import sys
import os
sys.path.append(os.path.abspath(/usr/bin)) #path where impacket example
scripts installed
import services #import the
On 12/03/2014 11:20 AM, Richard Pieri wrote:
On 12/3/2014 10:52 AM, Derek Atkins wrote:
Actually, it was designed to protect against that. I sat in the
IETF meetings where that was explicitly discussed. If an intermediary
strips the DNSSEC records out then a resolver expecting DNSSEC will
On 12/03/2014 04:08 PM, Matthew Gillen wrote:
2) have application specific hooks to do the appropriate lookups (for
instance, this firefox extension, while out of maintenance, seemed to do
sort of what I wanted:
https://addons.mozilla.org/en-US/firefox/addon/extended-dnssec-validator/ ;
also
On 12/3/2014 4:08 PM, Matthew Gillen wrote:
The first flaw is DNSSEC to end clients. There are two solutions to this:
That's not a flaw in DNSSEC. It's an expectation that is outside of the
scope of DNSSEC.
The second issue was that DNSSEC has a built-in way to MITM it, where an
Another similar approach would be to use pash,
https://github.com/Pash-Project/Pash. This presumes only that your
target Windows machines already include PowerShell.
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss