To:
bert hubert <ahu@ds9a.nl>
CC:
Rob Austein <sra+namedroppers@hactrn.net>, namedroppers@ops.ietf.org, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Tue, 11 Nov 2003 02:39:38 +0900
In-Reply-To:
<20031110072529.GA3354@outpost.ds9a.nl>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject:
Re: Reality check (was Re: Wildcard NS and DNSSEC)
Bert; >>>Just discard DNSSEC and move along. >> >>I think secure DNS, with its complexity, is hard to deploy and does >>not worth the deployment effot. > Some days ago I wrote http://ds9a.nl/secure-dns.html which may be relevant. I mostly agree (of course). But, note that it was intended to provide confidentiality by sharing an IPSEC session key with public keys of a host obtained from secure DNS, though it is not practical with reasons you mentioned. Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.