[dns-operations] security-aware stub resolver
Edward Lewis
Ed.Lewis at neustar.biz
Fri May 23 14:14:13 UTC 2008
At 5:19 +0200 5/23/08, Patrik Fältström wrote:
While you are correct that we need to step up
security as the environment is not so trustable...
>We need any security
>mechanism we have, specifically validation mechanisms.
I don't agree that "we need any security" we can
get. E.g., there's not much need for TSIG if you
are already performing zone updates over a VPN.
Quoting a boss on this "that's like wearing a
belt *and* suspenders." Security tools ought to
be applied appropriately, in ways that address
threats, vulnerabilities and risks. If we apply
too many security mechanisms we might make the
system too complicated to know if it is operating
properly (among other problems).
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.
More information about the dns-operations
mailing list