ietf-asrg
[Top] [All Lists]

Re: DNS over SCTP

2009-05-29 09:29:44
On Fri, 29 May 2009, Alessandro Vesely wrote:

transport security is pretty meaningless in the DNS world which operates using a distributed caching system.

One has to trust each cache!

Your solution to protect the DNS is "just trust everyone"?

Given that it is pretty easy to predict a subset of the queries a given server will issue in a give time frame, using SCTP can improve reliability better than adding another 32bit random number.

The source port randomization patch is not DNSSEC. DNSSEC is much more then
a 32bit random number. Please read the RFCs.

Paul
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>