Dan Kaminsky

• Previous message (by thread): Dan Kaminsky
• Next message (by thread): Dan Kaminsky
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote:
> There is NO fix. There never will be as the problem is architectural
> to the most fundamental operation of DNS. Other than replacing DNS (not
> feasible), the only way to prevent this form of attack is DNSSEC. The
> "fix" only makes it much harder to exploit.

I don't understand why replacing DNS is "not feasible".

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090805/32c4207c/attachment.sig>

• Previous message (by thread): Dan Kaminsky
• Next message (by thread): Dan Kaminsky
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]