[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wes Hardaker: opportunistic encryption deployment problems

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: Wes Hardaker: opportunistic encryption deployment problems
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 07 Aug 2001 10:12:41 +0200
cc: Hugh Daniel <hugh@road.xisp.net>, wes@hardakers.net, ipsec@lists.tislabs.com
In-reply-to: Your message of Mon, 06 Aug 2001 14:07:02 PDT. <2F3EC696EAEED311BB2D009027C3F4F40154CA4B@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   > => first you should complain at your provider provider. I don't know
   > the rules for ARIN but in Europe RIPE rules are clear: someone can get
   > some address space only if it manages the reverse map and delegates
   > it with parts of its address space. Of course  RFC 2317 is not easy
   > so even this kind of rules doesn't provide always a solution...

   Support for reverse DNS lookup for current purposes (limited debugging)
   should not be conflated into support for a dependable service with 
   arbitrary extensions added in to support specific applications.

   In particular reverse DNS is not much use when the target does not
   have a DNS address.

=> DNS name.

   This is the case for the vast majority of DCHP hosted home Internet
   hookups.

=> my answer was about a fixed subnet, not a dynamic single address.

   I *like* my 10Mb/s cable modem into my house, particularly since I
   am the only person on my loop. If you want people to use your technology
   best design it arround their constraints.

=> you don't use the Internet itself, you use an online service connected
to the Internet. Or explain how you can run a server at home...
Obviously you are out of the topics.
(PS: I know you are not responsible of this situation, the shame is
for your monopolistic ISP :-).

   >  Second point, when DNSSEC will be deployed it should be available
   > for reverse maps first because today reverse maps are broken , nobody
   > shall rely on them so they are free for experiments or an "all  or
   > nothing" use (DNSSEC should become a part of the "all" in this view).
   > Don't forget direct maps are for  NICs/RIRs clients and reverse maps
   > are for operators/ISPs which should have the technical skill and
   > a very different relationship with NICs/RIRs.
   > Concretly, there are some deployment efforts from various NICs/RIRs
   > and we can expect some results one day.

   I would not rely on any outcome being achieved as a byproduct of 
   DNSSEC.

=> you can believe in DNSSEC or not, or would like to believe in it
in the future (my case). I've just said that DNSSEC deployment efforts
should be for reverse maps...

Regards

Francis.Dupont@enst-bretagne.fr

Follow-Ups:

Re: Wes Hardaker: opportunistic encryption deployment problems

From: Bill Manning <bmanning@ISI.EDU>

References:

RE: Wes Hardaker: opportunistic encryption deployment problems

From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Re: IKE must have no Heirs
Next by Date: Re: Phase 1 IDs ("son of IKE")
Prev by thread: RE: Wes Hardaker: opportunistic encryption deployment problems
Next by thread: Re: Wes Hardaker: opportunistic encryption deployment problems
Index(es):
- Main
- Thread