[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Patrick W. Gilmore
patrick at ianai.net
Fri Jul 11 13:27:15 UTC 2008
On Jul 10, 2008, at 1:30 AM, Randy Bush wrote:
>>> http://www.icann.org/committees/security/sac004.txt
>> I don't think any sane person disagrees that BCP38 is vital.
>
> bcp38 is useful but not vital. we do not suffer serious spoofing
> attacks despite years of fud about it. and it is not really
> critical to
> this particular vulnerability. but it sure is religion for some
> people.
>
> but you already knew i was not sane.
I know people think I am being silly these days, but I have another
silly question: If BCP38 were implemented Internet-wide, how exactly
would you poison a recursive name server?
And doesn't that make it critical to the question at hand?
Or are you saying that since we cannot (will not?) implement it in
time, it really doesn't matter?
--
TTFN,
patrick
More information about the dns-operations
mailing list