[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Wes Hardaker: opportunistic encryption deployment problems
On Mon, 6 Aug 2001, Hallam-Baker, Phillip wrote:
> In particular reverse DNS is not much use when the target does not
> have a DNS address. This is the case for the vast majority of DCHP
> hosted home Internet hookups.
Remember that with continuous connectivity, your provider gains nothing
by not assigning you a permanent address -- there is no longer any
possibility of sharing a small pool of addresses among a large number of
users. Not all providers have figured this out yet, but it's coming.
(Most of Toronto's ADSL providers will give you a static IP address for a
small extra fee.) Getting stuff into the reverse map is more challenging,
admittedly, especially if you're dealing with a big stupid provider.
> I would not rely on any outcome being achieved as a byproduct of
> DNSSEC...
In other words, we can't ever rely on DNS being secure? Come now.
Admittedly, there are obstacles between here and there, but it is still
the right solution for a number of problems. Solving its remaining
difficulties is a better investment of time than inventing half-baked
alternatives.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: