Re: Experimental ICMP Domain Name messages - RFC-to-be
stev@ftp.com Fri, 17 March 1995 19:46 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa07271; 17 Mar 95 14:46 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa07267; 17 Mar 95 14:46 EST
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa14874; 17 Mar 95 14:46 EST
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa07260; 17 Mar 95 14:45 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa07256; 17 Mar 95 14:45 EST
Received: from venera.isi.edu by CNRI.Reston.VA.US id aa14864; 17 Mar 95 14:45 EST
Received: from ftp.com by venera.isi.edu (5.65c/5.61+local-21) id <AA21428>; Fri, 17 Mar 1995 11:46:23 -0800
Received: from ftp.com by ftp.com ; Fri, 17 Mar 1995 14:46:20 -0500
Received: from mailserv-D.ftp.com by ftp.com ; Fri, 17 Mar 1995 14:46:20 -0500
Received: from stev.d-cell.ftp.com by mailserv-D.ftp.com (5.0/SMI-SVR4) id AA22291; Fri, 17 Mar 95 14:44:28 EST
Date: Fri, 17 Mar 1995 14:44:28 -0500
Message-Id: <9503171944.AA22291@mailserv-D.ftp.com>
To: jkrey@isi.edu
Subject: Re: Experimental ICMP Domain Name messages - RFC-to-be
X-Orig-Sender: iesg-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: stev@ftp.com
Cc: scoya@CNRI.Reston.VA.US, iesg@isi.edu, rfc-editor@isi.edu
X-Orig-Sender: stev@mailserv-d.ftp.com
Repository: mailserv-D.ftp.com, [message accepted at Fri Mar 17 14:44:26 1995]
Originating-Client: d-cell.ftp.com
Content-Length: 1598
Security Considerations
A primary purpose of this specification is to provide a mechanism for
address to name resolution which is more secure than the IN-ADDR
reverse tree. This mechanism is amenable to use of the IP Security
Protocols for authentication and privacy.
more secure? i am going to let every PC at ftp software potentially
*lie* about it's domain name, as opposed to just letting my system
administrators lie? please, this would be a big boon to the spoofing
people . . .
Although the routing infrastructure to the Destination does not
provide security in and of itself, it is as least as reliable as
delivery of correspondence for the other sessions with the same peer.
hmm, this implies that most machines provide DNS service for themselves.
at ftp, we have somewhere over 1000 IP addressable devices. we have 4
official nameservers. (5 if you count research.ftp.com:)
this is amazing.
A DNS cryptographic signature, located by using the reply in the
forward DNS direction, can be used to verify the reply itself.
this is a cute little thing to appeand, espically since i dont remember
it appearing before this in the RFC.
"encrypting the data woudl make it more secure. this is left as an
excercise for the reader. let me know how it goes."
this should appear right before the IP Traceroute Option in my list
of "things to implement when my life is so pathetic i have nothing
better to do" list.
sorry, was i doing the Mike O'dell thing? sorry, i should have cursed
more. . . .
- Experimental ICMP Domain Name messages - RFC-to-be jkrey
- Re: Experimental ICMP Domain Name messages - RFC-… Steve Coya
- Re: Experimental ICMP Domain Name messages - RFC-… postel
- Re: Experimental ICMP Domain Name messages - RFC-… jkrey
- Re: Experimental ICMP Domain Name messages - RFC-… Scott Bradner
- Re: Experimental ICMP Domain Name messages - RFC-… stev
- Re: Experimental ICMP Domain Name messages - RFC-… William Allen Simpson
- Re: Experimental ICMP Domain Name messages - RFC-… Paul Mockapetris
- Re: Experimental ICMP Domain Name messages - RFC-… Scott Bradner
- Re: Experimental ICMP Domain Name messages - RFC-… Paul Mockapetris
- Re: Experimental ICMP Domain Name messages - RFC-… IESG Secretary