Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

• From: Chris Adams
• Date: Thu Jul 24 09:03:26 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Once upon a time, Robert Kisteleki <[email protected]> said:
> I understand this is a huge can of worms, but maybe it's time to change the 
> default behavior of browsers from http to https...?

This is a _DNS_ vulnerability.  The Internet is more than HTTP(S).

Think about email (how many MTAs do TLS and validate the certs?).  Even
things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning
the cache for thepiratebay?).

-- 
Chris Adams <[email protected]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

• References:
  • Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco
  • Re: Exploit for DNS Cache Poisoning - RELEASED Joe Abley
  • Re: Exploit for DNS Cache Poisoning - RELEASED Jasper Bryant-Greene
  • Re: Exploit for DNS Cache Poisoning - RELEASED Patrick W. Gilmore
  • https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Robert Kisteleki

• Prev by Date: RE: Software router state of the art
• Next by Date: Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
• Date Index
• Thread Index
• Author Index
• Historical