At 1:08 PM -0400 8/27/08, Andrew Sullivan wrote:
>What I haven't seen much of is discussion of protecting caches _as
>such_. That is, given that we are going to cache, are there
>techniques that solve the dangers of a cache other than just
>preventing the cache from ever having the wrong data in the first

What I have not seen, even post-Kaminsky, is a good discussion of
what we put into a cache. For example, I am still befuddled about why
part of the Kaminsky attack works. If I have a record in my cache
with days left on the TTL, why should an attacker be able to change
that record with bad information when I'm asking about a different
record? The advantage of this ("we gave too long of a TTL and now
need to move the IP address quickly") seems to be heavily outweighed
by the ease of the attack.

--Paul Hoffman, Director
--VPN Consortium

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.