[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNSSEC for IPSEC?

To: ipsec@TIS.COM
Subject: DNSSEC for IPSEC?
From: Dennis Glatting <dennisg@plaintalk.bellevue.wa.us>
Date: Tue, 23 Jul 96 19:56:57 -0700
Reply-To: dennis.glatting@plaintalk.bellevue.wa.us
Sender: ipsec-approval@neptune.tis.com


I have some questions I am asking myself with regard to
using DNS to aid IPSEC. Are they valid? I dunno, but here
they are. What do you think?

* I am not confident of the security of the root servers.
  What is the effect of root server key compromise or
  the server itself?

* I believe that, for DNS records to be trustworthy, all
  zones from the source zone to the root be verifiable. What
  is the likelihood that will happen anytime soon? What is
  "soon"?

Also, the InterNIC does not impress me as a body that
reacts quickly. I am not confident of receiving quick
response should I want to change my zone key as a result of
compromise.


-dpg

Follow-Ups:

Re: DNSSEC for IPSEC?

From: John Gilmore <gnu@toad.com>

Prev by Date: IPsec Implementation Summary (7/23/96)
Next by Date: Re: Key Management, anyone?
Prev by thread: IPsec Implementation Summary (7/23/96)
Next by thread: Re: DNSSEC for IPSEC?
Index(es):
- Main
- Thread