Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Ben Laurie
Tony Finch wrote: On Sun, 10 Aug 2008, Ben Laurie wrote: Tony Finch wrote: On Sun, 10 Aug 2008, Ted Lemon wrote: Paul's comment (the first of the three articles you quoted) implies that secure NXDOMAIN is not a feature of Ohta-san's proposal. That seems like a bit of a problem, because fake d

Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Tony Finch
On Sun, 10 Aug 2008, Ben Laurie wrote: > Tony Finch wrote: > > On Sun, 10 Aug 2008, Ted Lemon wrote: > > > > > > Paul's comment (the first of the three articles you quoted) implies > > > that secure NXDOMAIN is not a feature of Ohta-san's proposal. That > > > seems like a bit of a problem, because

Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Ben Laurie
Tony Finch wrote: On Sun, 10 Aug 2008, Ted Lemon wrote: Paul's comment (the first of the three articles you quoted) implies that secure NXDOMAIN is not a feature of Ohta-san's proposal. That seems like a bit of a problem, because fake domains are definitely a useful phishing tool. As far as

Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Tony Finch
On Sun, 10 Aug 2008, Ted Lemon wrote: > > Paul's comment (the first of the three articles you quoted) implies that > secure NXDOMAIN is not a feature of Ohta-san's proposal. That seems like a > bit of a problem, because fake domains are definitely a useful phishing tool. As far as I can tell fro

Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Ted Lemon
On Aug 10, 2008, at 5:51 AM, Andras Salamon wrote: An alternative was proposed by Masataka Ohta around 1995. It did not progress, but maybe it is time to trawl the archives and revisit it? Paul's comment (the first of the three articles you quoted) implies that secure NXDOMAIN is not a featu

Re: [DNSOP] Is it possible to force bind to use TCP exclusively?

2008-08-10 Thread Roy Arends
On Aug 10, 2008, at 4:24 PM, Joe Baptista wrote: Are there any configuration changes that can be made to bind to force it to only use TCP as opposed to UDP? Ask bind-users Roy ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/

[DNSOP] Is it possible to force bind to use TCP exclusively?

2008-08-10 Thread Joe Baptista
Are there any configuration changes that can be made to bind to force it to only use TCP as opposed to UDP? regards joe baptista -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transpare

Re: [DNSOP] Kaminsky on djbdns bugs (fwd)

2008-08-10 Thread Andras Salamon
On Sat, Aug 09, 2008 at 04:33:55PM -0400, Paul Wouters wrote: > In general, for all those people who claim DNSSEC is not the solution, I > have a few questions > > 1) What is more broken with DNSSEC then on DNS? > 2) If DNSSEC is flawed, where is a better alternative? An alternative was proposed