Re: Attacking networks using DHCP, DNS - probably kills DNSSEC
William Allen Simpson
Would this be the DHCP working group that on at least 2 occasions when I was there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't supposed to require "configuration"?
Given that their goal is zero-configuration networking, I can see that being required to provide a shared secret would mess things up a bit for them. It'd be a bit like PKIX being asked to make ease-of-use a consideration in their work, or OpenPGP to take X.509 compatibility into account. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
On Tue, 1 Jul 2003, Peter Gutmann wrote:
Given that their goal is zero-configuration networking, I can see that being required to provide a shared secret would mess things up a bit for them. It'd be a bit like PKIX being asked to make ease-of-use a consideration in their work, or OpenPGP to take X.509 compatibility into account.
I tend to agree... I don't think "zero-configuration" networking has a real possibility to create any safety zones beyond the immediate physical machine. After all, if you can plug it into any network and it just works, you can plug it into an insecure or subverted network and it'll just work. At the very least you've got to have a file of keys. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (2)
-
bear -
pgut001@cs.auckland.ac.nz