RE: Wes Hardaker: opportunistic encryption deployment problems

[Henry Spencer <henry@spsystems.net>]

On Mon, 6 Aug 2001, Hallam-Baker, Phillip wrote:
> In particular reverse DNS is not much use when the target does not
> have a DNS address. This is the case for the vast majority of DCHP
> hosted home Internet hookups.

Remember that with continuous connectivity, your provider gains nothing
by not assigning you a permanent address -- there is no longer any
possibility of sharing a small pool of addresses among a large number of
users.  Not all providers have figured this out yet, but it's coming.
(Most of Toronto's ADSL providers will give you a static IP address for a
small extra fee.)  Getting stuff into the reverse map is more challenging,
admittedly, especially if you're dealing with a big stupid provider.

> I would not rely on any outcome being achieved as a byproduct of 
> DNSSEC...

In other words, we can't ever rely on DNS being secure?  Come now.
Admittedly, there are obstacles between here and there, but it is still
the right solution for a number of problems.  Solving its remaining
difficulties is a better investment of time than inventing half-baked
alternatives. 

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• RE: Wes Hardaker: opportunistic encryption deployment problems
• From: Michael Thomas <mat@cisco.com>

References:

• RE: Wes Hardaker: opportunistic encryption deployment problems
• From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

---

• Prev by Date: Re: Position statement on IKE development
• Next by Date: Re: Wes Hardaker: opportunistic encryption deployment problems
• Prev by thread: opportunistic encryption and DNSSEC
• Next by thread: RE: Wes Hardaker: opportunistic encryption deployment problems
• Index(es):
  • Main
  • Thread