how to protect name servers against cache corruption
Randy Bush
randy at psg.com
Wed Jul 30 03:25:00 UTC 1997
> this statement bothers me. certainly without DNSSEC there can be no
> *assurances* of security,
While there are often assurances of security, there can never be assurance
of security.
> there is a gaping chasm between the current system and DNSSEC that could
> be closed significantly with proper design.
>
> simply stating that until DNSSEC arrives these attacks are going to be
> allowed is a copout.
Send code.
randy
More information about the NANOG
mailing list