[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS Security

To: Ran Atkinson <atkinson@itd.nrl.navy.mil>
Subject: Re: DNS Security
From: Steve Kent <kent@BBN.COM>
Date: Mon, 10 May 93 10:01:31 -0400
Cc: kent@BBN.COM, Kent@itd.nrl.navy.mil, Steve@itd.nrl.navy.mil, ipsec@ans.net, namedroppers@nic.ddn.mil
In-Reply-To: Your message of Fri, 07 May 93 19:52:35 -0400. <9305072352.AA21840@itd.nrl.navy.mil>

Ran,

	If one were to limit directory interaction to referrals rather
than chaining (to use X.500 terminology), then the particular example
I cited would not require application layer security.  However, I
think there are other examples in this application where application
layer security is required (strongly encouraged?), but I'll have to
think a bit before giving a good example.

	As you note, arguments about where to provide security
services in a protocol stack are fodder for long running debates.  The
argument you made about transport layer security for MLS applications
is one that has been made before. I'll repeat the counterargument, for
those who may not be familair with the debate.  If one has an MLS host
and wishes to provide security on a per-process basis, then it is
feasible to trust the host to keep the processes connections separate
after demuxing for security level at layer 3.  This is not a conclusive
argument, just another data point in the debate.

Steve

References:

Re: DNS Security

From: atkinson@itd.nrl.navy.mil (Ran Atkinson)

Prev by Date: Re: DNS Security
Next by Date: Re: DNS Security
Prev by thread: Re: DNS Security
Next by thread: Re: DNS Security
Index(es):
- Main
- Thread