From owner-freebsd-chat Mon Feb 5 19:29:13 2001 Delivered-To: freebsd-chat@freebsd.org Received: from smtp10.phx.gblx.net (smtp10.phx.gblx.net [206.165.6.140]) by hub.freebsd.org (Postfix) with ESMTP id 0E11137B401 for ; Mon, 5 Feb 2001 19:28:55 -0800 (PST) Received: (from daemon@localhost) by smtp10.phx.gblx.net (8.9.3/8.9.3) id UAA09666; Mon, 5 Feb 2001 20:28:19 -0700 Received: from usr08.primenet.com(206.165.6.208) via SMTP by smtp10.phx.gblx.net, id smtpdBMxOia; Mon Feb 5 20:28:12 2001 Received: (from tlambert@localhost) by usr08.primenet.com (8.8.5/8.8.5) id UAA08814; Mon, 5 Feb 2001 20:28:45 -0700 (MST) From: Terry Lambert Message-Id: <200102060328.UAA08814@usr08.primenet.com> Subject: Re: UNIX-like approach to software and system architecture To: brett@lariat.org (Brett Glass) Date: Tue, 6 Feb 2001 03:28:44 +0000 (GMT) Cc: rsidd@physics.iisc.ernet.in (Rahul Siddharthan), freebsd-chat@FreeBSD.ORG In-Reply-To: <4.3.2.7.2.20010204080917.049ecca0@localhost> from "Brett Glass" at Feb 04, 2001 08:14:38 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Interestingly, Theo De Raadt also seems to agree that djb's approach to > DNS daemons is more sensible and secure than ISC's. In his own words: I have to say that I understand Paul Vixie's decision inre: a closed mailing list, with subscription revenue. I think it's a good idea, from the perspecdtive that BIND has taken a huge amount of flack recently, not the least of which is the DNS outage at Microsoft, and unrelated to the BIND software. For large players, who rely on security through obscurity and have large deployment latencies, it makes sense to charge them for a seperate channel, that is unlikely to have the people who are causing the problems listening in for new cookbook fodder. Actually, SCO had a fix for this a long time ago, where they had the ability to permit particular programs to do things, like bind reserved ports, as an attribute of the program (VMS did this too, with its concept of "installed images"), and not require that such programs run as root. Adding this feature to FreeBSD would go a long way toward resolving the "root exploit" problem. As far as DJB's DNS: I have a fundamental disagreement with his model, in that I believe that all data modifications should be done via a protocol, and he actually locks down the data, prohibiting the historical master/slave relationship, and updates. I firmly believe that, going forward, everything will need to be protocol driven, since it gives the fastest turn-around (and in fact I have modified my local copy of bind to permit creation of new zones via DNSUPDAT). It seems to me that what you lose with his model is nowhere near worth it, to gain so little. I also don't believe that the claim to increased security has really been backed by a formal analysis. At the level of DNS, you really need to not just audit, you need to do completeness proofs. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message