Proposal for using NAPTR/URI records
Simo Sorce
simo at redhat.com
Tue Feb 24 14:22:04 EST 2015
On Tue, 2015-02-24 at 12:47 -0600, Nico Williams wrote:
> There is work under way to add confidentiality protection to DNS
> queries and responses, FYI.
>
> Basically, to make this work you'll have to say that DNSSEC support
> and use on the client side is required (zones can opt-out, as always).
> And you may have to say something about MITMs and sname leakage.
> You're right that the srealm is probably a lost cause in all cases.
Sorry, but if you are using DNSSEC, MITM is not a problem, so
unfortunately I do not understand your concerns with more info on the
assumptions you are making.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list