[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-dnsext-ad-is-secure
At Wed, 09 Jul 2003 13:10:08 -0400, Russ Housley wrote:
>
> Further, I suggest that the Security Considerations be expanded to
> provide a discussion on how a secure transport can be provided. I would
> think that DNSSEC and IPsec are obvious alternatives.
Without expressing an opinion on whether this expansion is necessary:
a) s/DNSSEC/TSIG or SIG(0)/ (already mentioned in section 3);
b) in the IPsec case, beware of circular dependencies (IPSECKEY or the
older method it replaces).