On Fri, 28 Sep 2007, Jaap Akkerhuis wrote: > There are two major reasons for an organization to not want roaming > users to trust locally-assigned DNS servers. > > Open recursive servers doesn't help in against man in the middle > attacks. If you want to avoid that use VPN's or (for DNS) TSIG. That's why you want your own caching resolver on your laptop. But I guess hotspots won't work as well with that. Then again, the whole captive portal by hacking up DNS packets needs to go away when DNSSEC deployment deems that interfering inappropriate. Is there some IETF work going on to standarize captive portal bootstraps? Paul _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf