On Wed, Jul 09, 2008 at 08:20:33AM -0700, Paul Hoffman wrote: > First off, big props to Dan for getting this problem fixed in a > responsible manner. If there were widespread real attacks first, it > would take forever to get fixes out into the field. > > However, we in the security circles don't need to spread the > "Kaminsky finds" meme. Take a look at > <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>. > The first draft of this openly-published document was in January > 2007. It is now in WG last call. > > The take-away here is not that "Dan didn't discover the problem", but > "Dan got it fixed". An alternate take-away is that IETF BCPs don't > make nearly as much difference as a diligent security expert with a > good name.
The "discovery" is almost certainly a generalization of: http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-05#section-4.3 specifically the second paragraph the mentions the "Birthday Attack". The assumptions of that paragraph can be relaxed in a natural way to broaden the scope of the attack. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
