William Allen Simpson <[EMAIL PROTECTED]> writes:
>Would this be the DHCP working group that on at least 2 occasions when I was
>there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't
>supposed to require "configuration"?
Given that their goal is zero-configuration networkin
On Monday 30 June 2003 20:59, Morlock Elloi wrote:
> There is no such thing as "automatic security." That's an oxymoron.
>
> Any system that is "secure" without the ongoing burn of end-user
> brain cycles is subject to more-or-less easy subversion [a corollary
> of this is that "masses" will never
At 01:05 PM 6/30/03 -0400, William Allen Simpson wrote:
>"Steven M. Bellovin" wrote:
>>
>> I can pretty much guarantee that the IETF will never standardize
that,
>> except possibly in conjunction with authenticated dhcp.
>>
>Would this be the DHCP working group that on at least 2 occasions
>when I
> "security", but having both the user and administrator configure a per
> host secret was apparently out of the question.
There is no such thing as "automatic security." That's an oxymoron.
Any system that is "secure" without the ongoing burn of end-user brain cycles
is subject to more-or-less e
"Steven M. Bellovin" wrote:
>
> In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
> >Of course, everything fails if you ALSO get your DNSSEC root key from
> >the DHCP server, but in this case you shouldn't expect to be secure.
> >I wouldn't be surprised if some people suggest pushing the DNS
In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
>Bill Stewart <[EMAIL PROTECTED]> writes:
>
>>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com".
>>> You may be able to verify this using your DNSSEC root key, if the
>>> attackersdomain.com people have set up DNSSEC for
Bill Stewart <[EMAIL PROTECTED]> writes:
>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com".
>> You may be able to verify this using your DNSSEC root key, if the
>> attackersdomain.com people have set up DNSSEC for their spoofed
>> entries, but unless you are using bad sof
At 11:49 PM 06/29/2003 +0200, Simon Josefsson wrote:
No, I believe only one of the following situations can occur:
* Your laptop see and uses the name "yahoo.com", and the DNS server
translate them into yahoo.com.attackersdomain.com. If your laptop
knows the DNSSEC root key, the attacker cann
In message <[EMAIL PROTECTED]>, Simon Josefsson writes:
>
>Of course, everything fails if you ALSO get your DNSSEC root key from
>the DHCP server, but in this case you shouldn't expect to be secure.
>I wouldn't be surprised if some people suggest pushing the DNSSEC root
>key via DHCP though, becau
Bill Stewart <[EMAIL PROTECTED]> writes:
> At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
>>In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>> >This looks like it has the ability to work around DNSSEC.
>> >Somebody trying to verify that they'd correctly reached yahoo.com
>> >would in
At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote:
In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>This looks like it has the ability to work around DNSSEC.
>Somebody trying to verify that they'd correctly reached yahoo.com
>would instead verify that they'd correctly reached
>yahoo.com.a
In message <[EMAIL PROTECTED]>, Bill Stewart writes:
>Somebody did an interesting attack on a cable network's customers.
>They cracked the cable company's DHCP server, got it to provide a
>"Connection-specific DNS suffic" pointing to a machine they owned,
>and also told it to use their DNS server.
12 matches
Mail list logo
