[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transaction security in the last mile

To: Paul Vixie <vixie@isc.org>
Subject: Re: transaction security in the last mile
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 20 Jul 2008 11:04:06 +0200
Cc: David Ulevitch <davidu@everydns.net>, Ted Lemon <Ted.Lemon@nominum.com>, "namedroppers\@ops.ietf.org" <namedroppers@ops.ietf.org>
In-reply-to: <68941.1216508643@nsa.vix.com> (Paul Vixie's message of "Sat, 19 Jul 2008 23:04:03 +0000")
References: <5721.1216397728@nsa.vix.com> <87abgfosmc.fsf@mid.deneb.enyo.de> <69079541-3324-4DD8-87B9-30F8F150CAE1@nominum.com> <87vdz28cvo.fsf@mid.deneb.enyo.de> <48825B49.8070508@everydns.net> <68941.1216508643@nsa.vix.com>

[ Moderators note: Post was moderated, either because it was posted by
   a non-subscriber, or because it was over 20K.  
   With the massive amount of spam, it is easy to miss and therefore 
   delete relevant posts by non-subscribers. 
   Please fix your subscription addresses. ]

* Paul Vixie:

> end users who really just can't tolerate provider-in-the-middle attacks will
> use VPN to reach an RDNS they trust, or will run an RDNS of their own using
> a VPN through some trusted relay point for their RDNS/ADNS traffic.

Speaking as a vendor, I want to standardize the VPN infrastructure, so
that our users are not tied into the VPN infrastructure we provide.  I
want interoperability at the protocol level, too, so that the software
at the endpoints is interchangeable.

It would be really neat if we could use official DNS protocols for that.
If we can't, it's not a showstopper, but it means that the approach will
be proprietary, no matter how much source code we release.  On the other
hand, I'm not sure if the underlying problem is of sufficient general
interest to justify IETF involvement.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: transaction security in the last mile
  - From: Paul Vixie <vixie@isc.org>

References:
- transaction security in the last mile
  - From: Paul Vixie <vixie@isc.org>
- Re: transaction security in the last mile
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: transaction security in the last mile
  - From: Ted Lemon <Ted.Lemon@nominum.com>
- Re: transaction security in the last mile
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: transaction security in the last mile
  - From: David Ulevitch <davidu@everydns.net>
- Re: transaction security in the last mile
  - From: Paul Vixie <vixie@isc.org>

Prev by Date: Re: transaction security in the last mile
Next by Date: Re: transaction security in the last mile
Previous by thread: Re: transaction security in the last mile
Next by thread: Re: transaction security in the last mile
Index(es):
- Date
- Thread