To:
"Masataka Ohta" <mohta@necom830.hpcl.titech.ac.jp>
Cc:
"Eric A. Hall" <ehall@ehsco.com>, <dnsop@cafax.se>
From:
"BELOEIL Luc FTRD/DMI/CAE" <luc.beloeil@francetelecom.com>
Date:
Fri, 1 Aug 2003 10:55:23 +0200
content-class:
urn:content-classes:message
Sender:
owner-dnsop@cafax.se
Thread-Index:
AcNX5A/LUwmZW95cRemwx45dLMkZNAAJPIZA
Thread-Topic:
avoiding proxies
Subject:
RE: avoiding proxies
Hi Masataka, > -----Message d'origine----- > De : Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp] > Envoye : vendredi 1 aout 2003 05:45 > > 2- we could use anycast > > > > But it is not clear for me how we could use DNSSEC in such > scheme. There > > is still and perhaps a bigger issue there if we need to > distribute keys. > > (I do not argue that RA-based solution is better there ;+) > > Read the draft on security considerations and never say autoconfigured > security. > > Masataka Ohta > I've just read quickly you draft. First point, I'm impressed that you dare say that you ask client to use no security. (I hope I have missed nothing). Indeed we are not using any security within current operational and commercial network for home residential customers, and that works, this is a fact. I do know if we should impose cryptography in all IP datagrams, but I feel that IETF want to propose the option if needed. Second point, I guess if Firewall will must be aware of anycast way of working, because incoming datagrams may not have a source address = to anycast destination address of outcoming datagrams. Did I miss something ? Third point, servers and client will must be able to manage anycast address in different manner if UPd or TCP is used. Is it easy to implement ? Luc #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.