[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-dnsext-ad-is-secure
In message <Roam.SIMC.2.0.6.1057786493.15936.nordmark@bebop.france>, Erik Nordm
ark writes:
>
>> I fear that implementors will trust the AD bit as meaning "secure" and
>> then not bother to protect the transport, which admits the possibility of
>> spoofing attacks. Therefore I propose an alternative paragraph for the RFC
>> Editor note:
>>
>> In the latter two cases, the end consumer must also completely
>> trust the network path to the trusted resolvers or a secure
>> transport is employed to protect the traffic.
>
>It was smb that suggested
> In the latter two cases, the end consumer must also trust the
> path to the trusted resolvers.
>so as long as he is ok with the above text ...
Either is fine with me.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)