Attacking networks using DHCP, DNS - probably kills DNSSEC

bear bear at sonic.net
Tue Jul 1 09:48:37 PDT 2003



On Tue, 1 Jul 2003, Peter Gutmann wrote:


> Given that their goal is zero-configuration networking, I can see
> that being required to provide a shared secret would mess things up
> a bit for them.  It'd be a bit like PKIX being asked to make
> ease-of-use a consideration in their work, or OpenPGP to take X.509
> compatibility into account.

I tend to agree...  I don't think "zero-configuration" networking has
a real possibility to create any safety zones beyond the immediate
physical machine.  After all, if you can plug it into any network and
it just works, you can plug it into an insecure or subverted network
and it'll just work.

At the very least you've got to have a file of keys.

				Bear





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com





More information about the cypherpunks-legacy mailing list