On Fri, 28 Sep 2007, Stephane Bortzmeyer wrote:
> On Thu, Sep 27, 2007 at 06:45:55PM -0700,
> Paul Hoffman <[EMAIL PROTECTED]> wrote
> a message of 36 lines which said:
>
> > It ignores one of the main reasons that many organizations purposely
> > choose to provide recursive lookup to the public, namely for their
> > own roaming users.
>
> No, it is *not* ignored. See section 4, for instance :
>
> o Use TSIG [RFC2845] or SIG(0) [RFC2931] signed queries to
> authenticate the clients. This is a less error prone method,
> which allows server operators to provide service to clients who
> change IP address frequently (e.g. roaming clients).
Not widely supported in clients. Therefore, not a solution.
> VPN are another solution, although not mentioned in the I-D, may be
> because it is obvious.
Maybe its not mentioned because its not a practical solution. But
whatever the reason it isn't mentioned, a 25 million user VPN is not
going to happen with 10/8. A comcast person recently complained on PPML
that there wasn't enough RFC1918 space for their internal network.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
