Re: draft-iab-dns-applications - clarification re: Send-N

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phillip Hallam-Baker wrote:
> 
> The weakest DNS architectural idea is the notion that DNS resolvers are
> untrusted. This is simply wrong. Every DNS resolver performs a trusted role.

Nope, just the opposite.  Name to address translation is meant to
be an extremely lightweight and fast service.

Hostnames are NOT supposed to be trusted in any way and it a serious
misconception to think they're trusted.

If you want to authenticate your peer, use something like an SSH host key.
The routing of datagrams on the internet is also untrusted, so any notion
that a service that translates hostnames into IP-Addresses should be
trusted is fatally flawed and is totally ignorant about the fundamental
architecture of the internet.

-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]