Re: how to protect name servers against cache corruptionFrom: randy () psg com (Randy Bush) Date: Tue, 29 Jul 97 20:25 PDT
this statement bothers me. certainly without DNSSEC there can be no
*assurances* of security,
While there are often assurances of security, there can never be assurance
there is a gaping chasm between the current system and DNSSEC that could
be closed significantly with proper design.
simply stating that until DNSSEC arrives these attacks are going to be
allowed is a copout.