At Sun, 16 Mar 2008 19:44:12 +0100,
Iljitsch van Beijnum wrote:
On 16 mrt 2008, at 2:16, Mark Andrews wrote:
Enable DNSSEC validation on the network's servers. At a
minimum make them DNSSEC transparent.
Is there any software out there for common OSes that does something
useful with this?
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
DNSSEC transparency is important for machines on the IPv6
only net trying to validate answers off IPv4 only servers.
Validatation is useful for protecting the resolvers themselves.
Mark
-Ekr
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf