Re: _DNS_ security problems

• To: Dan Stromberg <strombrg@test34a.acs.uci.edu">strombrg@test34a.acs.uci.edu>, Irving Reid <irving@border.com>
• Subject: Re: _DNS_ security problems
• From: Bob Denny <rdenny@dc3.com>
• Date: Mon, 26 Feb 1996 23:06:18 -0800
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: Dan Stromberg <strombrg@test34a.acs.uci.edu> "Re: _DNS_ security problems" (Feb 26, 11:01)
• References: <96Feb26.125556est.20481-2@janus.border.com> <3132039E.167EB0E7@hydra.acs.uci.edu>

OK, I gotta get out of this discussion, for time reasons.

At this point:

(1) DNS is just fine for a lightweight name service (that's what I meant, not 
to replace it)

(2) The security issues with downloaded applets and the like would be helped 
immensely if you could guarantee that you could determine the source of the 
code, down to the human that created and packaged it. Accepting only digitally 
signed bits would do the trick, it seems. Yes, someone could create a 
malicious applet and offer it, and you'd only find out after the damage was 
done, but at least you'd know where to go for redress. The infrastructure is 
certainly NOT there now, but the technology exists, it is fairly well proven, 
and has even been cast in the mold of S-HTTP, so the jump is not far.

  -- Bob

• Re: _DNS_ security problems
• From: "Irving Reid" <irving@border.com>
• Re: _DNS_ security problems
• From: Dan Stromberg <strombrg@test34a.acs.uci.edu>
• From:

• Previous: Re: JavaScript to grab e-mail
• Next: IBM-ERS Alert: Vulnerability in NCSA/Apache CGI Sample Code
• Index(es):
  • Index
  • Thread