[Pdns-dev] Confirmation of DNSSEC flaws
Dean Anderson
dean at av8.com
Tue Feb 9 01:50:49 CET 2010
FYI, Cache Poisoning was found to exist despite DNSSEC, exactly as I
described it:
Most officially, I discussed it in my DNSSEC NTIA comments:
http://www.ntia.doc.gov/dns/comments/comment027.pdf
in the section on Cache Poisoning. Notably, Vixie et al disputed
this when discussed on DNSOP and namedroppers. Guess they were wrong
again.
If you want to engage in honest uncensored discussion of DNS issues,
subscribe to dnsop-honest or namedroppers-honest through the interface
at lists.iadl.org
[*] See DNSSEC cache poisoning links contained in
http://lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html
The IETF has known of these problems for a long time, and silenced me
to keep these problems quiet.
So, please be sure to credit me with discovering the DNSSEC flaws.
<sarcasm>
Funny, that. Of course, there was nothing dishonest in covering this
up. And of course, there /wasn't/ anything dishonest in covering up the
fact that ECPA applied to ISPs back in the late 1990s (this was the
first thing I was silenced for)
</sarcasm>
The same Vixie/Cerf crowd was involved in every case. I've been
vindicated/validated/confirmed in all cases.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 256 5494
More information about the Pdns-dev
mailing list