> On 29 May 2024, at 12:55 AM, John Levine <jo...@taugh.com> wrote: > > It appears that Ond� ej Surý <ond...@sury.org> said: >> I don’t know why are you trying to create rift where there’s really none. > > I suspect that I am not the only person who is getting a wee bit tired > of papers that say OMG MOST AWFUL DNS FLAW EVER! INTERNET WILL > COLLAPSE! MUST CHANGE ALL RFCS! and the authors send out press > releases, when in fact it should say "here's a DNS attack that was > described a decade ago but isn't yet patched everywhere" or at most > "here's yet another amplification attack you should defend against." > > I realize it can be a challenge to get conference papers accepted but > that's not our problem.
Yup - totally agree John. I tried to point out to the folk on the keytrap bandwagon that the exploit was documented first some years ago, but was completely drowned out by the hysterical fanfare of "we found a weakness in DNS behaviour! Aren't we clever!" I appreciate that testing widely used software for vulnerabilities is valuable work, but turning the effort into some bizzarre circus sideshow does nobody any favours at all. Geoff
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
