[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Install DNS mappings based on TLS/IPsec?

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: Install DNS mappings based on TLS/IPsec?
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 4 Jul 2004 11:55:36 +0200
Cc: Multi6 <multi6@ops.ietf.org>
In-reply-to: <40E7C318.8080909@zurich.ibm.com>
References: <906B9382-CA0D-11D8-9359-000A95CD987A@muada.com> <40E7C318.8080909@zurich.ibm.com>

On 4-jul-04, at 10:43, Brian E Carpenter wrote:

Are you suggesting that the multi6 solution should have a strict
dependency on using TLS or IPSEC?

Certainly not. I'm saying two things:

- if the DNS doesn't work, discover information that would normally be in the DNS through the TLS or IKE negotiation, and - the DNS is often insecure, so let the TLS or IKE derived information override it to increase security

But if TLS/IPsec aren't used, the information is taken from the DNS.

Follow-Ups:
- Re: Install DNS mappings based on TLS/IPsec?
  - From: Joe Touch <touch@ISI.EDU>

References:
- Install DNS mappings based on TLS/IPsec?
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Install DNS mappings based on TLS/IPsec?
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: Question re HIP dependency [Re: about Wedgelayer 3.5 / Fat IP approaches]
Next by Date: Re: Question re HIP dependency [Re: about Wedgelayer 3.5 / Fat IP approaches]
Previous by thread: Re: Install DNS mappings based on TLS/IPsec?
Next by thread: Re: Install DNS mappings based on TLS/IPsec?
Index(es):
- Date
- Thread