[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Patrick W. Gilmore
patrick at ianai.net
Thu Jul 10 22:08:25 UTC 2008
On Jul 10, 2008, at 5:59 PM, Joe Abley wrote:
> On 10 Jul 2008, at 17:24, Sean Donelan wrote:
>
>> Fear too frightening it must be kept secret for 30 days.
>>
>> S/MIME - implement now or email will die
>> S-BGP - implement now or BGP will die
>> DNSSEC - implement now or DNS will die
>>
>> How many times have people made similar claims?
>
> Since I don't ever recall anybody saying those things about S/MIME
> or S-BGP, uh, one? :-)
I believe I have been standing next to you in a bar one time when I
heard the S-BGP claims. Perhaps you had one too many? :-)
More seriously, some have claimed that without S-BGP the Internet
would die. (Personally I think the TTL-hack is good enough.) In
fact, I think I might have seen a NANOG presentation on it.
But that's not the point. The point is eventually the towns people
get tired of hearing "GLOBAL THERMONUCLEAR WAR!!" from those who won't
tell you why, then when you finally get the info you realize it is
just a baby wolf wondering around. I don't want to get bit any more
than the next guy, but I also don't want to dig a bunker to prevent it.
That said, pardon me while I go dig a bunker and crawl into it, since
I think this one might be more than a baby wolf (but still not the end
of the world).
--
TTFN,
patrick
More information about the dns-operations
mailing list