> At Sun, 16 Mar 2008 19:44:12 +0100, > Iljitsch van Beijnum wrote: > > > > On 16 mrt 2008, at 2:16, Mark Andrews wrote: > > > > > Enable DNSSEC validation on the network's servers. At a > > > minimum make them DNSSEC transparent. > > > > > > Is there any software out there for common OSes that does something > > useful with this? > > > > A more interesting experiment would be to do away with SSL for a bit > > and use IPsec instead. > > Why would this be either interesting or desirable? DNSSEC transparency is important for machines on the IPv6 only net trying to validate answers off IPv4 only servers. Validatation is useful for protecting the resolvers themselves. Mark > -Ekr > _______________________________________________ > IETF mailing list > IETF@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf