[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Florian Weimer fweimer at bfk.de
Fri Jul 11 07:38:58 UTC 2008


* bert hubert:

> I bet that people will claim 'with hindsight' that they saw this exact
> problem coming. That is where the envelope comes in!

I think the most difficult step was to actually recognize that the
issue was relevant.  This part is public knowledge now, so that
envelope thing is not a really good proof of anything.

Not that this matters much.  I don't think fixing this bug would have
become easier over time (even the far less invasive change of strong
PRNGs for transaction IDs was not implemented proactively by most
vendors).  This means that once you've recognized it's relevant,
it doesn't make sense not to try fixing the bug.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the dns-operations mailing list