On Fri, 15 Jul 2005 11:48:28 -0700
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
There are certain limitations to the SRV prefix scheme but these are
entirely fixable. All we actually need is one new RR to allow one
level of indirection to be introduced. With that in place it is
possible to use prefixed SRV records in place of port assignments and
prefixed TXT records as a means of expressing protocol configuration
information.
I'm concerned this may usher in DNS SRV message filtering in addition
to protocol port filtering. One way of addressing that potential
effect is to make the port assignments be negotiated between two
communicating end hosts. This could be used with or without DNS. It
might also provide some remote attack protection, since only a simple
passive listener is used to perform the local/remote address/port
selection for any active client before the real communication switches
to agreed upon (and bound only to) the two process end points.
John
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf