NS record question

Brad Knowles brad.knowles at skynet.be
Tue Mar 27 22:56:28 UTC 2001 

At 2:19 PM -0800 3/27/01, Bill Manning wrote:

>  	There is this little bit of wisdom from the security community.
>  	small, simple bits of code that have had lots of public scrutiny
>  	tend to be more secure (not to mention faster) than large
>  	chunks of new code, with new features and unknown/untested
>  	interactions.

	I understand the "many eyes" theory, but the problem is that with 
two million lines of code, it's impossible to mathematically prove 
the code secure, and just because you have a lot of people *looking* 
at the code, doesn't mean that you have a lot of people that are 
*telling* you about the security holes that they're finding.

	Moreover, sticking with the old code prevents you from making use 
of the new "programming by contract" security features of BINDv9, 
where now each routine and function call applies near-paranoid levels 
of checking to all of its inputs, to do everything possible to ensure 
that a security compromise simply cannot occur.

>                  even when they were created in "ancient labs"
>  	by undergrads (kind of like IP.. no? :) and much respect to
>  	Paul, but there were/are many professionals who made v8 work
>  	in an open, sharing environment.

	And there are many professionals making BINDv9 work in an open, 
sharing environment.  All the code is there to see, and if anyone 
wants to suggest any new code to add any new functionality, they're 
more than welcome to submit that -- just like they always could.

	The primary difference is that any code submitted would be used 
for inspiration for a redesign from the BINDv9 programming team, much 
as frequently happens with many other open source projects (Eric 
Allman always said that his biggest mistake in sendmail was simply 
taking code contributed by others, instead of taking that as a 
starting point for code he wrote himself).

>  	When we get a release of v9 that lasts more than 4 weeks,
>  	we can talk about stability.

	That's a very good point.  Myself, I'd like to see it being used 
by all or many of the root nameservers.  When it can be trusted to do 
that, it'll probably be good enough for me to run in production 
environments.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list