DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bert hubert <ahu@ds9a.nl>
CC: Rob Austein <sra+namedroppers@hactrn.net>, namedroppers@ops.ietf.org, dnsop@cafax.se
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Tue, 11 Nov 2003 02:39:38 +0900
In-Reply-To: <20031110072529.GA3354@outpost.ds9a.nl>
Sender: owner-dnsop@cafax.se
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject: Re: Reality check (was Re: Wildcard NS and DNSSEC)

Bert;

>>>Just discard DNSSEC and move along.
>>
>>I think secure DNS, with its complexity, is hard to deploy and does
>>not worth the deployment effot.

> Some days ago I wrote http://ds9a.nl/secure-dns.html which may be relevant.

I mostly agree (of course).

But, note that it was intended to provide confidentiality by
sharing an IPSEC session key with public keys of a host obtained
from secure DNS, though it is not practical with reasons you
mentioned.

						Masataka Ohta

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.

References:
- Re: Reality check (was Re: Wildcard NS and DNSSEC)
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
- Re: Reality check (was Re: Wildcard NS and DNSSEC)
  - From: bert hubert <ahu@ds9a.nl>

Prev by Date: Re: Reality check (was Re: Wildcard NS and DNSSEC)
Next by Date: Re: Sense of the WG on DNS discovery
Prev by thread: Re: Reality check (was Re: Wildcard NS and DNSSEC)
Next by thread: Draft for RA-based DNS Discovery
Index(es):
- Date
- Thread

Home | Date list | Subject list