[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT



>I think yes, were are talking about something different.
>Yes, using 'AD is secure' works and solve the particular
>problem I'm describing.

	as far as i understand the use of recursive resolver (DNS-ALG) is part
	of the deal in NAT-PT.  so the point you made previously (nodes that
	make recursive query by themselves) are not covered/supported by NAT-PT.

>What I'm saying is that imposing to use 'AD is secure'
>to operate DNSsec in IPv6 networks is a big step
>that I'm not sure I'm ready to make.

	you are generalizing it too much by saying "in IPv6 networks" - what
	i'm suggesting is to use "AD is secure" for NAT-PT, that's all.
	it doesn't have to be imposed for all IPv6 networks.

itojun