[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reverse Lookup Server SSL Certivicate CN





--On Wednesday, January 07, 2004 3:19 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:



I am specifically referring to validation of Kerberos tickets using information gained through non-secured DNS. That's broken. DNS is easily spoofed or otherwise fooled into giving out incorrect information.

I certainly agree there. ;) My response was really geared to what Jack had stated though, because that bit really didn't seem correct to me. ;)


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html