NS record question
Bill Manning
bmanning at ISI.EDU
Tue Mar 27 23:01:34 UTC 2001
%
% At 2:19 PM -0800 3/27/01, Bill Manning wrote:
%
% > There is this little bit of wisdom from the security community.
% > small, simple bits of code that have had lots of public scrutiny
% > tend to be more secure (not to mention faster) than large
% > chunks of new code, with new features and unknown/untested
% > interactions.
%
% I understand the "many eyes" theory, but the problem is that with
% two million lines of code, it's impossible to mathematically prove
% the code secure, and just because you have a lot of people *looking*
% at the code, doesn't mean that you have a lot of people that are
% *telling* you about the security holes that they're finding.
v8 is nowhere near 2million lines of code. v9 on the other hand...
otherwise, your statements are valid.
% Moreover, sticking with the old code prevents you from making use
% of the new "programming by contract" security features of BINDv9,
% where now each routine and function call applies near-paranoid levels
% of checking to all of its inputs, to do everything possible to ensure
% that a security compromise simply cannot occur.
still, the v9 "failure" mode will make a dandy DOS vector
someday.
%
% > even when they were created in "ancient labs"
% > by undergrads (kind of like IP.. no? :) and much respect to
% > Paul, but there were/are many professionals who made v8 work
% > in an open, sharing environment.
%
% And there are many professionals making BINDv9 work in an open,
% sharing environment. All the code is there to see, and if anyone
% wants to suggest any new code to add any new functionality, they're
% more than welcome to submit that -- just like they always could.
True. But the programing model is different enough that
many are still on the fence wrt jumping into the v9 paradigm
% > When we get a release of v9 that lasts more than 4 weeks,
% > we can talk about stability.
%
% That's a very good point. Myself, I'd like to see it being used
% by all or many of the root nameservers. When it can be trusted to do
% that, it'll probably be good enough for me to run in production
% environments.
Not this week... :)
--bill
More information about the bind-users
mailing list