* Paul Hoffman: > The take-away here is not that "Dan didn't discover the problem", but > "Dan got it fixed".
I haven't seen credible claims that the underlying issue can actually be fixed in the classic DNS protocol. There are workarounds on top of workarounds. A real fix requires more or less incompatible protocol changes, and at that point, it might be easier to deploy DNSSEC instead. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
