[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Patrick W. Gilmore patrick at ianai.net
Thu Jul 10 22:08:25 UTC 2008

On Jul 10, 2008, at 5:59 PM, Joe Abley wrote:
> On 10 Jul 2008, at 17:24, Sean Donelan wrote:
>> Fear too frightening it must be kept secret for 30 days.
>> S/MIME - implement now or email will die
>> S-BGP - implement now or BGP will die
>> DNSSEC - implement now or DNS will die
>> How many times have people made similar claims?
> Since I don't ever recall anybody saying those things about S/MIME  
> or S-BGP, uh, one? :-)

I believe I have been standing next to you in a bar one time when I  
heard the S-BGP claims.  Perhaps you had one too many? :-)

More seriously, some have claimed that without S-BGP the Internet  
would die.  (Personally I think the TTL-hack is good enough.)  In  
fact, I think I might have seen a NANOG presentation on it.

But that's not the point.  The point is eventually the towns people  
get tired of hearing "GLOBAL THERMONUCLEAR WAR!!" from those who won't  
tell you why, then when you finally get the info you realize it is  
just a baby wolf wondering around.  I don't want to get bit any more  
than the next guy, but I also don't want to dig a bunker to prevent it.

That said, pardon me while I go dig a bunker and crawl into it, since  
I think this one might be more than a baby wolf (but still not the end  
of the world).


More information about the dns-operations mailing list