Vulnerability to cache poisoning -- the rest of the solution

Jeff Lightner jlightner at water.com
Wed Jul 16 16:34:59 UTC 2008 

No committees.  

So who would you appoint to be the Internet Tsar that issues edicts?

Like it or not sometimes you do have to work towards a consensus -
especially if you expect the majority of folks to decide to do it the
way its published.


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of G.W. Haywood
Sent: Wednesday, July 16, 2008 4:24 AM
To: Mark Andrews
Cc: bind-users at isc.org
Subject: Re: Vulnerability to cache poisoning -- the rest of the
solution 

Hi there,

On Wed, 16 Jul 2008, Mark Andrews wrote:

> > >>> This makes TCP much harder, but not impossible, to spoof than
UDP.
> > >>
> > >> As an interim measure, I take it that using TCP only isn't an
option?
> > >
> > > 	No.  You have people that believe they can block TCP
> > > 	connections to DNS servers despite the RFC's saying they
> > > 	SHOULD be open.
> > >
> > Well, more fundamentally than that, it would be a violation of RFC
1123
>
> 	RFCs can be updated.  If it was felt that the only way to
> 	address this problem was to go to TCP then I'm sure that a
> 	RFC could have made it through the review process in enough
> 	time to stop complaints.

My point was of course that it might be easier to get something done
in a reasonable timeframe if it didn't involve getting people (well,
committees:) to agree on issues like who is to hold the keys.

I can't see how anyone can view the situation which we have at present
as anything other than a monumental cock-up.

--

73,
Ged.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list