NS record question
Brad Knowles
brad.knowles at skynet.be
Tue Mar 27 22:56:28 UTC 2001
At 2:19 PM -0800 3/27/01, Bill Manning wrote:
> There is this little bit of wisdom from the security community.
> small, simple bits of code that have had lots of public scrutiny
> tend to be more secure (not to mention faster) than large
> chunks of new code, with new features and unknown/untested
> interactions.
I understand the "many eyes" theory, but the problem is that with
two million lines of code, it's impossible to mathematically prove
the code secure, and just because you have a lot of people *looking*
at the code, doesn't mean that you have a lot of people that are
*telling* you about the security holes that they're finding.
Moreover, sticking with the old code prevents you from making use
of the new "programming by contract" security features of BINDv9,
where now each routine and function call applies near-paranoid levels
of checking to all of its inputs, to do everything possible to ensure
that a security compromise simply cannot occur.
> even when they were created in "ancient labs"
> by undergrads (kind of like IP.. no? :) and much respect to
> Paul, but there were/are many professionals who made v8 work
> in an open, sharing environment.
And there are many professionals making BINDv9 work in an open,
sharing environment. All the code is there to see, and if anyone
wants to suggest any new code to add any new functionality, they're
more than welcome to submit that -- just like they always could.
The primary difference is that any code submitted would be used
for inspiration for a redesign from the BINDv9 programming team, much
as frequently happens with many other open source projects (Eric
Allman always said that his biggest mistake in sendmail was simply
taking code contributed by others, instead of taking that as a
starting point for code he wrote himself).
> When we get a release of v9 that lasts more than 4 weeks,
> we can talk about stability.
That's a very good point. Myself, I'd like to see it being used
by all or many of the root nameservers. When it can be trusted to do
that, it'll probably be good enough for me to run in production
environments.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list