[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-dnsext-ad-is-secure

To: Rob Austein <sra@hactrn.net>
Subject: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 09 Jul 2003 21:20:19 -0400
Cc: iesg@ietf.org, jis@mit.edu

In message <20030709173725.E220F18EF@thrintun.hactrn.net>, Rob Austein writes:
>At Wed, 09 Jul 2003 13:10:08 -0400, Russ Housley wrote:
>> 
>>    Further, I suggest that the Security Considerations be expanded to 
>> provide a discussion on how a secure transport can be provided.  I would 
>> think that DNSSEC and IPsec are obvious alternatives. 
>
>Without expressing an opinion on whether this expansion is necessary:
>
>a) s/DNSSEC/TSIG or SIG(0)/ (already mentioned in section 3);
>

Right -- the whole point of this is to avoid the need for DNSsec on 
thin clients.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: "Jeffrey I. Schiller" <jis@mit.edu>

Prev by Date: Re: Evaluation: draft-ietf-ips-fcip-slp - Finding FCIP Entities Using SLPv2
Next by Date: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Previous by thread: Re: Evaluation: draft-ietf-ips-fcip-slp - Finding FCIP Entities Using SLPv2
Next by thread: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Index(es):
- Date
- Thread