nanog mailing list archives

Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

From: William Pitcock <nenolod () systeminplace net>
Date: Thu, 24 Jul 2008 04:06:07 -0500

On Thu, 2008-07-24 at 09:51 +0200, Robert Kisteleki wrote:

Patrick W. Gilmore wrote:

Anyone have a foolproof way to get grandma to always put "https://"; in 
front of "www"?


I understand this is a huge can of worms, but maybe it's time to change the 
default behavior of browsers from http to https...?

I'm sure it's doable in FF with a simple plugin, one doesn't have to wait 
for FF4. (That would work for bookmarks too.)


I don't think anything involving HTTPS is necessairly an answer to this
problem. Specifically:

* not all sites do HTTPS
* many organizations use transparent proxies like Microsoft ICA
* certification authorities can in theory be bought off (or otherwise
manipulated) to issue bogus certs, making switching to HTTPS worthless

William

Current thread:

https (was: Re: Exploit for DNS Cache Poisoning - RELEASED), (continued)
- - - https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Robert Kisteleki (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Steven M. Bellovin (Jul 24)
    - Re: https Sam Stickland (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jeffrey Ollie (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Hank Nussbacher (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Matthew Petach (Jul 25)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jim Popovitch (Jul 25)
    - Re: https Patrick Giagnocavo (Jul 31)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Jasper Bryant-Greene (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) William Pitcock (Jul 24)
    - Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Chris Adams (Jul 24)
    - Re: https Ken A (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET (Jul 23)
    - Re: Software router state of the art Petri Helenius (Jul 26)
    - Re: Software router state of the art William Herrin (Jul 26)
    - Re: Software router state of the art Florian Weimer (Jul 26)
    - Re: Software router state of the art Petri Helenius (Jul 26)
    - Re: Software router state of the art Florian Weimer (Jul 26)
  - Re: Software router state of the art Joel Jaeggli (Jul 23)
- Re: Software router state of the art Andrew D Kirch (Jul 26)

(Thread continues...)