[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

sthaug at nethelp.no sthaug at nethelp.no
Sat Jul 19 09:53:46 UTC 2008


(late answer due to vacation time here, also not particularly relevant
to DNS ...)

> The last time we had something like this was the BGP/MD5 fiasco.  We  
> were told to trust the messengers, it was horrifically bad, the  
> Internet was about to die.
> 
> In that case, the cure was (literally) infinitely worse than the  
> disease.  (Cumulatively, years of session downtime due to  
> implementation of and problems with MD5 vs. _ZERO_ downtime due to the  
> supposed problem.  And we still have people going down to this very  
> day over MD5 issues.)

Some of us disagree with you. We have lots of BGP sessions, we use MD5
for most of them, and have had minimal downtime due to MD5 use. We like
the protection that MD5 gives us, and certainly intend to continue using
it.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no



More information about the dns-operations mailing list