[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS Security

To: <kent@bbn.com>, Kent@itd.nrl.navy.mil, Steve@itd.nrl.navy.mil
Subject: Re: DNS Security
From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Date: Fri, 7 May 93 19:52:35 EDT
Cc: <ipsec@ans.net>, <namedroppers@nic.ddn.mil>

Steve,

  If instead of forwarding the DNS request, the local directory server
were to issue a "DNS redirect", then I think one can get by without
application layer security and might be just fine with lower layer
security.  Such a redirect might be cached at the requestor and there
might be some small reduction in load on the local server if this were
to be done.  So the "DNS redirect" concept might be worth exploring.

  As you say, placement of security mechanisms is a traditional
subject for debate.  My own general philosophy on this is to try to
mostly keep security below the networking programming interface (e.g.
sockets) in order to avoid having to rewrite all of my applications.
I accept that email/ messaging is an exception to this general
philosophy.  DNS might also be an exception to this, but that isn't
clear to me at this time.

  As long as I'm wading towards the swamp, I'll go ahead and note that
the local consensus is that generic user-to-user security should be
implemented at the transport layer or between the transport layer and
the API.  The commonly used APIs (sockets and XTI/TLI) offer transport
layer interfaces.  We strongly desire MLS properties (not everyone
thinks they need MLS) and so we need full user-to-user separation/
protection rather than just system-to-system separation/protection.
The network layer gives us system-to-system but not user-to-user.
Transport layer and above provide user-to-user, but above the API we
would incur the costs of rewriting all of our applications.  Recent
work at NRL indicates that our network security approach also helps
partition the problems into pieces that can be tackled with existing
formal methods technology.  We think that MLS networks really need
B3/A1 assurance, so the ability to apply formal methods to critical
components is very important to us.  Not all of this last paragraph
might be applicable to the IETF since the IETF isn't particularly
trying to work on MLS networking.

Regards,

  Ran
  atkinson@itd.nrl.navy.mil

Follow-Ups:

Re: DNS Security

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: DNS Security
Next by Date: Re: DNS Security
Prev by thread: Re: DNS Security
Next by thread: Re: DNS Security
Index(es):
- Main
- Thread