Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Prevent

On Fri, 28 Sep 2007, Jaap Akkerhuis wrote:

    There are two major reasons for an organization to not want roaming
    users to trust locally-assigned DNS servers.

Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.


That's why you want your own caching resolver on your laptop. But I
guess hotspots won't work as well with that. Then again, the whole
captive portal by hacking up DNS packets needs to go away when DNSSEC
deployment deems that interfering inappropriate.

Is there some IETF work going on to standarize captive portal bootstraps?

Paul

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: IPv4 to IPv6 transition, Tony Hansen

Next by Date:

[secdir] security review of draft-edwards-urn-smpte-02, Tobias Gondrom

Previous by Thread:

Re: Random addresses answering TMDA Queries, John Levine

Next by Thread:

Re: [DNSOP] Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP, Paul Wouters

Indexes:

[Date] [Thread] [Top] [All Lists]