At Wed, 19 Mar 2008 22:59:52 +1100,
Mark Andrews wrote:
At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
DNSSEC transparency is important for machines on the IPv6
only net trying to validate answers off IPv4 only servers.
Validatation is useful for protecting the resolvers themselves.
I was referring to Iljitsch's suggestion about SSL and IPsec, not
the suggestion about DNSSEC.
IETF mailing list