[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reverse DNS RFCs and Recommendations

Subject: Reverse DNS RFCs and Recommendations
From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
Date: Sat, 02 Nov 2013 07:50:15 +0900
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Mark Andrews wrote:

>> It is a lot simpler and a lot more practical just to
>> use shared secret between a CPE and a ISP's name server
>> for TSIG generation.
> 
> No it isn't.  It requires a human to transfer the secret to the CPE
> device or to register the secret with the ISP.

Not necessarily. When the CPE is configured through DHCP (or
PPP?), the ISP can send the secret.

> I'm talking about just building this into CPE devices and having it
> just work with no human involvement.

See above.

Involving DNSSEC here is overkill and unnecessarily introduce
vulnerabilities.

						Masataka Ohta

Follow-Ups:
- Reverse DNS RFCs and Recommendations
  - From: marka at isc.org (Mark Andrews)

References:
- Reverse DNS RFCs and Recommendations
  - From: mohta at necom830.hpcl.titech.ac.jp (Masataka Ohta)
- Reverse DNS RFCs and Recommendations
  - From: marka at isc.org (Mark Andrews)

Prev by Date: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
Next by Date: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
Previous by thread: Reverse DNS RFCs and Recommendations
Next by thread: Reverse DNS RFCs and Recommendations
Index(es):
- Date
- Thread