At Wed, 19 Mar 2008 22:59:52 +1100, Mark Andrews wrote: > > > > At Sun, 16 Mar 2008 19:44:12 +0100, > > Iljitsch van Beijnum wrote: > > > > > > On 16 mrt 2008, at 2:16, Mark Andrews wrote: > > > > > > > Enable DNSSEC validation on the network's servers. At a > > > > minimum make them DNSSEC transparent. > > > > > > > > > Is there any software out there for common OSes that does something > > > useful with this? > > > > > > A more interesting experiment would be to do away with SSL for a bit > > > and use IPsec instead. > > > > Why would this be either interesting or desirable? > > DNSSEC transparency is important for machines on the IPv6 > only net trying to validate answers off IPv4 only servers. > > Validatation is useful for protecting the resolvers themselves. I was referring to Iljitsch's suggestion about SSL and IPsec, not the suggestion about DNSSEC. -Ekr _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf