[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security requirements for identification

To: "Spencer Dawkins" <spencer@mcsr-labs.org>, "Multi6 WG" <multi6@ops.ietf.org>, <hipsec@honor.trusecure.com>
Subject: Re: Security requirements for identification
From: Juan Rodriguez Hervella <jrh@it.uc3m.es>
Date: Wed, 1 Oct 2003 18:00:10 +0200
In-reply-to: <04a701c38826$f3c64d20$0400a8c0@DFNJGL21>
Organization: UC3M
References: <Roam.SIMC.2.0.6.1064961098.11407.nordmark@bebop.france> <200310011203.07689.jrh@it.uc3m.es> <04a701c38826$f3c64d20$0400a8c0@DFNJGL21>
User-agent: KMail/1.5

On Wednesday 01 October 2003 16:18, Spencer Dawkins wrote:
> Dear Juan,
>
> I'm also a little confused by the discussion, but I had assumed that
> we had a service name and were using DNS SRV records, which also
> include port numbers, etc. Not sure how a computer knows
> www.google.com is HTTP - or how travel.yahoo.com is also HTTP, if
> you're keying off the name...

Uh I didn't realize of the existence of DNS SRV records... they
might be talking about that. 

I was thinking about human-machine
interaction which is what most users daily do with computers, i. e,
they open IExplore, they usually type a name and everything ends up well...
IExplore knows the service because it reads the URL. IMO applications
know in advance the service that has to be used (service = port),
so they only need to find the "remote end-point" to start the communication 
with. Not 100% of the applications behave like this, I know, but what I 
wanted to note is that the DNS is used mainly for identification/location
purposes, it is *not* a service lookup....

Anyway, I think this talk  is to be "off topic" in this thread. What I really
would like to know is what they REALLY meant, cause I'm not understanding
a thing (lol)

Cheers ^--^

> But somebody can tell us what they REALLY meant now.
>
> Spencer
>
> ----- Original Message -----
> From: "Juan Rodriguez Hervella" <jrh@it.uc3m.es>
> To: "Erik Nordmark" <Erik.Nordmark@sun.com>; <mbagnulo@ing.uc3m.es>
> Cc: "Erik Nordmark" <Erik.Nordmark@sun.com>; "Pekka Nikander"
> <pekka.nikander@nomadiclab.com>; "Multi6 WG" <multi6@ops.ietf.org>;
> <hipsec@honor.trusecure.com>
> Sent: Wednesday, October 01, 2003 5:03 AM
> Subject: Re: Security requirements for identification
>

>>> As you mention, there are multiple times that i don't really need to know
>>> the identifier of the end-point that i want to communicate to, but what i
>>> want is the identifier of the service that i want to contact (is this
>>> what you meant?)
>>
>> Yep.

> Hello,
>
> I'm trying to follow this thread, which seems very interesting, but
>
> I'm
>
> surprised with this statement. IMO when you make a DNS query
> you want to get the identifier of the end-point, to be able to start
> the communication. Although it's true that the name usually
> gives hints about the service, this isn't always true. If you
> need "www.google.com", you already know that the service will
> be "HTTP". You don't ask the DNS for the service, what you really
> need to know is the address of "google" to start the HTTP transfer.
>
> Don't you agree with this ?
>
> Cheers.
>
> --
> JFRH

-- 
JFRH

References:
- RE: Security requirements for identification
  - From: Erik Nordmark <Erik.Nordmark@sun.com>
- Re: Security requirements for identification
  - From: Juan Rodriguez Hervella <jrh@it.uc3m.es>
- Re: Security requirements for identification
  - From: "Spencer Dawkins" <spencer@mcsr-labs.org>

Prev by Date: Re: Security requirements for identification
Next by Date: Terminology
Previous by thread: Re: Security requirements for identification
Next by thread: Re: Security requirements for identification
Index(es):
- Date
- Thread