Re: DNS Speculation

["Tetrapodal Giant" <tetrapodalgiant () gmail com>]

Hi All -

On 7/22/08, Parity <pty.err () gmail com> wrote:

> > From DJB's notes:

I'm a huge nobody at this smarty party, but I'm bothered by a few
aspects of this whole issue.

Since there really has been a fair amount of warning on this/these
issue(s), I'm curious why it took so long to actually implement a fix.
Is it pure politics? If so, how does this reflect on the security
community. I guess, in my version of events, I see DJB and others
identifying root issues in an infrastructure; This is followed by
vulnerability research (Klein/Sacramento/Stewart/etc.) and public
demonstrations of various attacks against that infrastructure, such
as: http://ketil.froyn.name/poison.html; And yet, nothing is done
until this latest discovery by DK.

Personally, I've been a djbdns user for many years. Not because I care
about politics, but because I read DJB's work, believed in the threat
he had identified, and took actions to prevent the theoretical from
becoming reality in my networks. At the time, that meant using djbdns.
I'm not saying this as a claim to some superior knowledge, but as a
method of demonstrating a devotion to doing things in a secure manner.
Shouldn't we all be doing that? Are we to believe that no other
adversary has taken a look at the available research and implemented
some other, if not DK's, attack. If so, why?

Again, I'm a nobody at this party. But the previously described
timeline seems to reflect poorly on the people responsible for the
infrastructure. I know I'm likely stirring a huge pot of controversy
on this, but it seems, to me, to be an important point of discussion.
Feel free to spew all manner of flame my way.

tpg

-- 
"The man of knowledge must be able not only to love his
enemies but also to hate his friends." - Friedrich Nietzsche
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave