[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNSSEC for IPSEC?
On Thu, 25 Jul 1996, Dennis Glatting wrote:
> The value of DNS-SEC is if everyone uses it. Until that
> time, which may be a decade or more down the road,
> resolvers are going to have to trust any response,
> thereby reducing DNS-SEC's value to a simple checksum.
This seems overly pessimistic. Not so long ago a small number of important
public sites added policy enforcing valid PTR records before access was
granted and a most sloppy practice tightened up remarkably in less than a
year. I don't see why that pattern couldn't be repeated.
> I question the value of using DNS-SEC to aid IPSEC.
And what limited value can we get from IPSEC without DNS-SEC?
--
Ian Duncan <iduncan@Newbridge.com>
Access Products Development
Newbridge Networks Corp.
References: