Re: correction! Re: The math of RFC3833.2.2-spoofing a randomisingsource port resolver
Paul Vixie wrote:
>>>my position hasn't changed. has yours?[/color]
>>You should change your posision now.[/color][/color]
> that's what you said ten years ago, too. let me caution you now, as then,
> against any attempt at "proof by vigorous reassertion."[/color]
The bitter reality for you is that, if you admitted your mistake 10 years
ago, Kaminsky couldn't have used glue-A for his attack.
Kaminsky's originality beyond rfc3833 is to have provided a yet another
proof that your authority model is broken.
> i've demonstrated
> (again) that your proposed solution is more complex than what everybody now
That many people are using a broken authority model means they
> i agree with florian's answer to this, where he said that the additional
> data section is mostly useless. i agree with your proposed policy, as
> stated above. the only A or AAAA RRs that should be sent or accepted in
> the additional data section are those which (a) referenced by an NS RR
> in the authority or answer sections, and (b) having owner names at or below
> the owner name of the NS RRset who references them.[/color]
Totally wrong. I never proposed such a broken policy.
to unsubscribe send a message to [email]firstname.lastname@example.org[/email] with
the word 'unsubscribe' in a single line as the message text body.