[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC & ROAD

To: Phil Karn <karn@qualcomm.com>
Subject: Re: IPSEC & ROAD
From: Steve Kent <kent@BBN.COM>
Date: Thu, 03 Dec 92 21:47:16 -0500
Cc: dee@ranger.enet.dec.com, ipsec@ans.net
In-Reply-To: Your message of Tue, 01 Dec 92 22:17:43 -0800. <9212020617.AA27140@servo>

Phil,

	Certainly if hosts open connections to DNS servers and
maintain them for a while, the overhead of a secure connection
establishment (e.g., at layer 3) might be well amortized.  However,
single UDP queries don;t fit that sort of model very well.  An
alternative to dynamically signing DNS records might be to have them
signed in advance.  There are lots of options here and some careful
thought will be needed.

Steve

References:

RE: Re: IPSEC & ROAD

From: karn@qualcomm.com (Phil Karn)

Prev by Date: Re: Network Layer Security Properties
Next by Date: Re: Where does security belong?
Prev by thread: RE: Re: IPSEC & ROAD
Next by thread: Where does security belong?
Index(es):
- Main
- Thread