[dns-operations] security-aware stub resolver
Patrik Fältström
patrik at frobbit.se
Fri May 23 03:19:35 UTC 2008
On 22 maj 2008, at 23.48, Florian Weimer wrote:
> * Paul Vixie:
>
>> i think it's important that applications be dnssec aware. i don't
>> know the
>> exact signalling used to tell an app that an answer was validated,
>
> I doubt DNSSEC can be used as a useful security indicator because the
> meaning of a succesful validation will very tremendously from name to
> name (and depend on local configuration as well).
I disagree with you Florian, and agree with Paul. We need any security
mechanism we have, specifically validation mechanisms. In the DNS
lookup, in the BGP peering, in the DNS zone transfer, in the
application that connect a client to a server, ...
The time when we could trust someone "just because we trust each
other" is over.
Patrik
More information about the dns-operations
mailing list