[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security requirements for identification
On Wednesday 01 October 2003 16:18, Spencer Dawkins wrote:
> Dear Juan,
>
> I'm also a little confused by the discussion, but I had assumed that
> we had a service name and were using DNS SRV records, which also
> include port numbers, etc. Not sure how a computer knows
> www.google.com is HTTP - or how travel.yahoo.com is also HTTP, if
> you're keying off the name...
Uh I didn't realize of the existence of DNS SRV records... they
might be talking about that.
I was thinking about human-machine
interaction which is what most users daily do with computers, i. e,
they open IExplore, they usually type a name and everything ends up well...
IExplore knows the service because it reads the URL. IMO applications
know in advance the service that has to be used (service = port),
so they only need to find the "remote end-point" to start the communication
with. Not 100% of the applications behave like this, I know, but what I
wanted to note is that the DNS is used mainly for identification/location
purposes, it is *not* a service lookup....
Anyway, I think this talk is to be "off topic" in this thread. What I really
would like to know is what they REALLY meant, cause I'm not understanding
a thing (lol)
Cheers ^--^
> But somebody can tell us what they REALLY meant now.
>
> Spencer
>
> ----- Original Message -----
> From: "Juan Rodriguez Hervella" <jrh@it.uc3m.es>
> To: "Erik Nordmark" <Erik.Nordmark@sun.com>; <mbagnulo@ing.uc3m.es>
> Cc: "Erik Nordmark" <Erik.Nordmark@sun.com>; "Pekka Nikander"
> <pekka.nikander@nomadiclab.com>; "Multi6 WG" <multi6@ops.ietf.org>;
> <hipsec@honor.trusecure.com>
> Sent: Wednesday, October 01, 2003 5:03 AM
> Subject: Re: Security requirements for identification
>
>>> As you mention, there are multiple times that i don't really need to know
>>> the identifier of the end-point that i want to communicate to, but what i
>>> want is the identifier of the service that i want to contact (is this
>>> what you meant?)
>>
>> Yep.
> Hello,
>
> I'm trying to follow this thread, which seems very interesting, but
>
> I'm
>
> surprised with this statement. IMO when you make a DNS query
> you want to get the identifier of the end-point, to be able to start
> the communication. Although it's true that the name usually
> gives hints about the service, this isn't always true. If you
> need "www.google.com", you already know that the service will
> be "HTTP". You don't ask the DNS for the service, what you really
> need to know is the address of "google" to start the HTTP transfer.
>
> Don't you agree with this ?
>
> Cheers.
>
> --
> JFRH
--
JFRH