On Mon, 18 Dec 2000 22:54:47 EST, "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>
said:
> If DNSSEC were deployed, I see no reason why SAs could not be
> bound to domain names.
I admit to not having read the DNSSEC RFCs. I however do hope that they
are immune to the same sort of attacks against SSL and SSHv1 that are currently
getting a lot of publicity.
Anybody got a pointer to where in the RFC it discusses how the resolver on
my workstation initially verifies that it's not being man-in-the-middle'ed
from a spoof of our local nameserver?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
PGP signature- Re: NATs *ARE* evil! Geoff Huston
- Re: NATs *ARE* evil! Matt Crawford
- Re: NATs *ARE* evil! Randy Bush
- Re: NATs *ARE* evil! John Collis
- Re: NATs *ARE* evil! RJ Atkinson
- Re: NATs *ARE* evil! Mike Fisk
- RE: NATs *ARE* evil! RJ Atkinson
- Re: NATs *ARE* evil! Donald E. Eastlake 3rd
- Re: naming RJ Atkinson
- Re: NATs *ARE* evil! Matt Crawford
- Re: NATs *ARE* evil! Valdis . Kletnieks
- Re: NATs *ARE* evil! Donald E. Eastlake 3rd
- Re: NATs *ARE* evil! J. Noel Chiappa
- Re: NATs *ARE* evil! Theodore Y. Ts'o
- Re: NATs *ARE* evil! Bill Sommerfeld
- Re: NATs *ARE* evil! Theodore Y. Ts'o
- Re: NATs *ARE* evil! Steven M. Bellovin
- Re: NATs *ARE* evil! Francis Dupont
- Re: NATs *ARE* evil! Ken Raeburn
- Re: NATs *ARE* evil! Theodore Y. Ts'o
- Re: NATs *ARE* evil! Keith Moore
