Reverse DNS RFCs and Recommendations

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Andrews wrote:

> That said it is possible to completely automate the secure assignment
> of PTR records.  It is also possible to completely automate the
> secure delegation of the reverse name space.  See
> http://tools.ietf.org/html/draft-andrews-dnsop-pd-reverse-00

It is a lot simpler and a lot more practical just to
use shared secret between a CPE and a ISP's name server
for TSIG generation.

As the secret can be directly shared end to end, it is more
secure than DNSSEC involving untrustworthy third parties.

						Masataka Ohta

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]