[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS Security

To: dee@skidrow.ljo.dec.com
Subject: Re: DNS Security
From: "Hilarie Orman" <ho@cs.arizona.edu>
Date: Thu, 8 Apr 1993 14:57:38 MST
Cc: namedroppers@nic.ddn.mil, ipsec@ans.net
In-Reply-To: Your message <9304081856.AA28311@skidrow.ljo.dec.com>

While applauding the call for consolidation of security services into
appropriate layers, I think I see a counter-argument to the need to
feed datagram security requirements into the IP layer.  The services
themselves can easily be configured to use host-to-host signed,
private datagrams that provide the authentication required for
securing their services.  Perhaps they would share some sort of
certificate or key information with the IP layer, but there is no need
to be dependent on the IP layer itself for security.  In fact, it is
somewhat awkward to do this, because some services will accept
requests (reads) from any host, but accept changes (writes) only from
a trusted subset.  Upon receiving a datagram, they might have to query
the IP layer as to its provenance --- was this an authenticated
datagram or not?

 Hilarie Orman

Follow-Ups:

Re: DNS Security

From: "Beast (Donald E. Eastlake, 3rd)" <dee@skidrow.ljo.dec.com>

References:

DNS Security

From: "Beast (Donald E. Eastlake, 3rd)" <dee@skidrow.ljo.dec.com>

Prev by Date: Re: DNS Security
Next by Date: Re: DNS Security
Prev by thread: DNS Security
Next by thread: Re: DNS Security
Index(es):
- Main
- Thread