On Thu, Apr 23, 2009 at 07:10:13AM -0400, Scott Rose <sco...@nist.gov> wrote a message of 65 lines which said:
> Those are the DNS protocol mechanisms in place. There is also lower > level security technologies such as IPsec that could be used between > stub clients and recursive servers that don't rely on DNSSEC at all. TSIG, IPsec and friends have all the same issue: they check that the response does come from the intended resolver, not that the response is authentic. At a time where any hotel provides Internet access with a lying resolver, this is probably not sufficient. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
