[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-dnsext-ad-is-secure

To: Randy Bush <randy@psg.com>
Subject: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
From: "Jeffrey I. Schiller" <jis@mit.edu>
Date: Thu, 10 Jul 2003 14:57:38 -0400
Cc: "Steven M. Bellovin" <smb@research.att.com>, Rob Austein<sra@hactrn.net>, iesg@ietf.org
Organization: Massachusetts Institute of Technology
References: <20030710012019.4FB507B4D@berkshire.research.att.com> <3F0CD2F7.9020406@mit.edu> <E19agAX-0003uN-Ku@roam.psg.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Whats worse then insecure DNS is something marketed as "Secure" DNS that isn't....

-Jeff

Randy Bush wrote:

My concern would be that the clients would be so thin as to not have any secure transport technology and just "hope" that the link from the DNS server to the client isn't compromised.
that is the most likely scenario

randy

Follow-Ups:
- Re: Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: Randy Bush <randy@psg.com>

References:
- Re: Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: "Steven M. Bellovin" <smb@research.att.com>
- Re: Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: "Jeffrey I. Schiller" <jis@mit.edu>
- Re: Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: Randy Bush <randy@psg.com>

Prev by Date: Drafts to read related to problem/solution for Sunday
Next by Date: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Previous by thread: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Next by thread: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Index(es):
- Date
- Thread