[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: [dns-operations] security-aware stub resolver
From: patrik () frobbit ! se (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=)
Date: 2008-05-23 14:39:57
Message-ID: 1A8A3753-0C73-4030-938A-161A8E078281 () frobbit ! se
[Download RAW message or body]
On 23 maj 2008, at 16.14, Edward Lewis wrote:
> E.g., there's not much need for TSIG if you are already performing
> zone updates over a VPN.
ONLY if it is the case that the VPN and the TSIG security enclosure
are both controlled by the same entity. Otherwise I definitely would
use both. And, I am not a person that like doing what I call
"inheriting" security from one layer in the protocol stack to another.
So yes, in some circumstances you can optimize, but in general most
people have neither suspenders, nor belt... And I rather have both
than none.
Patrik
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic