[dns-operations] CERT VU#800113 Multiple DNS implementations vulne rable to cache poisoning

Randy Bush randy at psg.com
Thu Jul 10 06:30:28 UTC 2008

> As for Randy's "fud" comment, please note all the things for which Randy
> has fought, e.g. MD5 on BGP sessions, and compare that to the actual and
> potential damage caused by spoofed packets.

i have not fought for md5, just wished all my competitors would not use
it.  fyi, there have been session attacks which md5 would have
prevented, and session attacks md5 did prevent.

and there have been some attacks which bcp 38 would have ameliorated.

but not one wsj level attack on either vector.  so, as you said *potential*.


More information about the dns-operations mailing list