In message <201010210114.o9L1E0MH004556@xxxxxxxxxxxxxxxxxxx>, Martin Rex writes : > Phillip Hallam-Baker wrote: > > > > The weakest DNS architectural idea is the notion that DNS resolvers are > > untrusted. This is simply wrong. Every DNS resolver performs a trusted role > . > > Nope, just the opposite. Name to address translation is meant to > be an extremely lightweight and fast service. The DNS is not just name to address translation. > Hostnames are NOT supposed to be trusted in any way and it a serious > misconception to think they're trusted. > > If you want to authenticate your peer, use something like an SSH host key. And how do you know you should trust the host key the remote machine presents? > The routing of datagrams on the internet is also untrusted, so any notion > that a service that translates hostnames into IP-Addresses should be > trusted is fatally flawed and is totally ignorant about the fundamental > architecture of the internet. > > -Martin > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf