Proposal for using NAPTR/URI records

Simo Sorce simo at
Tue Feb 24 14:22:04 EST 2015

On Tue, 2015-02-24 at 12:47 -0600, Nico Williams wrote:
> There is work under way to add confidentiality protection to DNS
> queries and responses, FYI.
> Basically, to make this work you'll have to say that DNSSEC support
> and use on the client side is required (zones can opt-out, as always).
> And you may have to say something about MITMs and sname leakage.
> You're right that the srealm is probably a lost cause in all cases.

Sorry, but if you are using DNSSEC, MITM is not a problem, so
unfortunately I do not understand your concerns with more info on the
assumptions you are making.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list