On Mon, 18 Dec 2000 22:54:47 EST, "Donald E. Eastlake 3rd"
<dee3(_at_)torque(_dot_)pothole(_dot_)com> said:
If DNSSEC were deployed, I see no reason why SAs could not be
bound to domain names.
I admit to not having read the DNSSEC RFCs. I however do hope that they
are immune to the same sort of attacks against SSL and SSHv1 that are currently
getting a lot of publicity.
Anybody got a pointer to where in the RFC it discusses how the resolver on
my workstation initially verifies that it's not being man-in-the-middle'ed
from a spoof of our local nameserver?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
pgp3dnmBowmOu.pgp
Description: PGP signature