Re: _DNS_ security problems

• To: Rich Salz <rsalz@osf.org>
• Subject: Re: _DNS_ security problems
• From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
• Date: Sat, 2 Mar 1996 09:34:37 -0800 (PST)
• cc: ekr@terisa.com, www-security@ns2.rutgers.edu
• In-Reply-To: <9603020207.AA03861@sulphur.osf.org>

Are you saying that the folks working on sendmail are _not_ responsible 
for knowing the implications of using syslog?  Eric scheduled and 
deployed a fix - the java team has apparently scheduled one.

Again, DNS should be made safer - It's just not sensible to be able to 
publish information about addresses you've not been delegated.  Again, 
the bind folks could add a routine that checks for PTR's (and hope no 
one is using an old libresolv or old named.xfer(?)), but this is more taxing 
for both name server hardware and application programmers (who can't be 
guaranteed to be knowledgeable about all things), than just going to the
source of the problem.

Fools ignore complexity.
Pragmatists suffer it.
Geniuses eliminate it (without creating undue inflexibility).

(I'm not about to claim that was original)

On Fri, 1 Mar 1996, Rich Salz wrote:

> >Saying java is responsible for fixing this problem, is like saying 
> >sendmail is responsible for fixing the syslog problem.
> 
> No.
> 
> If Java decides to add DNS to its trusted computing base, then Java is
> responsible for knowing the implications of doing so.  If java safety in
> this area were based on IP addresses rather then an unsecured name/address
> database, then there would be fewer concerns (modulo IP hijacking, etc.)
> 
> It all goes to reinforce the notion that security, even if watered-down under
> the rubric safety, is generally not a game for amatuers.
> 	/r$
> 

• Re: _DNS_ security problems
• From: Rich Salz <rsalz@osf.org>

• Previous: IIS - .CMD/.BAT Patch Provides Security Enhancements to IIS
• Next: Re: _DNS_ security problems
• Index(es):
  • Index
  • Thread