[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEC for IPSEC?

To: dennis.glatting@plaintalk.bellevue.wa.us
Subject: Re: DNSSEC for IPSEC?
From: Ian Duncan <iduncan@newbridge.com>
Date: Mon, 29 Jul 1996 12:16:46 -0400 (EDT)
Cc: ipsec@TIS.COM
In-Reply-To: <199607260645.XAA00284@imo.plaintalk.bellevue.wa.us>
Reply-To: Ian Duncan <iduncan@newbridge.com>
Sender: ipsec-approval@neptune.tis.com

On Thu, 25 Jul 1996, Dennis Glatting wrote:

> The value of DNS-SEC is if everyone uses it. Until that
> time, which may be a decade or more down the road,
> resolvers are going to have to trust any response,
> thereby reducing DNS-SEC's value to a simple checksum.

This seems overly pessimistic. Not so long ago a small number of important
public sites added policy enforcing valid PTR records before access was
granted and a most sloppy practice tightened up remarkably in less than a
year. I don't see why that pattern couldn't be repeated.

> I question the value of using DNS-SEC to aid IPSEC.

And what limited value can we get from IPSEC without DNS-SEC? 

--
     Ian Duncan <iduncan@Newbridge.com>
     Access Products Development
     Newbridge Networks Corp.

References:

Re: DNSSEC for IPSEC?

From: Dennis Glatting <dennisg@plaintalk.bellevue.wa.us>

Prev by Date: DIMACS Workshop on Trust Management in Networks
Next by Date: Re: Stream Cipher Transform -- revisited
Prev by thread: Re: DNSSEC for IPSEC?
Next by thread: Re: DNSSEC for IPSEC?
Index(es):
- Main
- Thread