On Tue, 2005-07-19 at 09:23 -0500, John Kristoff wrote: > On Fri, 15 Jul 2005 11:48:28 -0700 > "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> wrote: > > > There are certain limitations to the SRV prefix scheme but these are > > entirely fixable. All we actually need is one new RR to allow one > > level of indirection to be introduced. With that in place it is > > possible to use prefixed SRV records in place of port assignments and > > prefixed TXT records as a means of expressing protocol configuration > > information. > > I'm concerned this may usher in DNS SRV message filtering in addition > to protocol port filtering. Filtering can always be done, that is the right of the network administrator doing the filtering. That some users won't like it is indeed an issue, but that is political and not technical. > One way of addressing that potential > effect is to make the port assignments be negotiated between two > communicating end hosts. This could be used with or without DNS. It > might also provide some remote attack protection, since only a simple > passive listener is used to perform the local/remote address/port > selection for any active client before the real communication switches > to agreed upon (and bound only to) the two process end points. As previously mentioned, RFC1078 - TCPMUX: http://www.ietf.org/rfc/rfc1078.txt Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf