[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-dnsext-ad-is-secure
In message <20030709173725.E220F18EF@thrintun.hactrn.net>, Rob Austein writes:
>At Wed, 09 Jul 2003 13:10:08 -0400, Russ Housley wrote:
>>
>> Further, I suggest that the Security Considerations be expanded to
>> provide a discussion on how a secure transport can be provided. I would
>> think that DNSSEC and IPsec are obvious alternatives.
>
>Without expressing an opinion on whether this expansion is necessary:
>
>a) s/DNSSEC/TSIG or SIG(0)/ (already mentioned in section 3);
>
Right -- the whole point of this is to avoid the need for DNSsec on
thin clients.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)