ietf
[Top] [All Lists]

Re: [ietf] DNS spoofing at captive portals

2010-09-27 11:33:00

On 27September2010Monday, at 7:48, Tony Finch wrote:

On Fri, 24 Sep 2010, Phillip Hallam-Baker wrote:

DNSSEC is a mechanism for establishing inter-domain trust. It is not an
appropriate technology for intra-domain trust.

Why not?


        Because the "atomic" unit of DNSSEC is a domain/zone/delegation, not a 
specific RRset.
        Everything in a domain has the exact same threat model.

--bill


Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf