nanog mailing list archives
Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
From: William Pitcock <nenolod () systeminplace net>
Date: Thu, 24 Jul 2008 04:06:07 -0500
On Thu, 2008-07-24 at 09:51 +0200, Robert Kisteleki wrote:
Patrick W. Gilmore wrote:Anyone have a foolproof way to get grandma to always put "https://" in front of "www"?I understand this is a huge can of worms, but maybe it's time to change the default behavior of browsers from http to https...? I'm sure it's doable in FF with a simple plugin, one doesn't have to wait for FF4. (That would work for bookmarks too.)
I don't think anything involving HTTPS is necessairly an answer to this problem. Specifically: * not all sites do HTTPS * many organizations use transparent proxies like Microsoft ICA * certification authorities can in theory be bought off (or otherwise manipulated) to issue bogus certs, making switching to HTTPS worthless William
Current thread:
- https (was: Re: Exploit for DNS Cache Poisoning - RELEASED), (continued)
- https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Robert Kisteleki (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Steven M. Bellovin (Jul 24)
- Re: https Sam Stickland (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jeffrey Ollie (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Hank Nussbacher (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Matthew Petach (Jul 25)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 25)
- Re: https Patrick Giagnocavo (Jul 31)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jasper Bryant-Greene (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) William Pitcock (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Chris Adams (Jul 24)
- Re: https Ken A (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET (Jul 23)
- Re: Software router state of the art Petri Helenius (Jul 26)
- Re: Software router state of the art William Herrin (Jul 26)
- Re: Software router state of the art Florian Weimer (Jul 26)
- Re: Software router state of the art Petri Helenius (Jul 26)
- Re: Software router state of the art Florian Weimer (Jul 26)