Proposal for using NAPTR/URI records

Simo Sorce simo at
Tue Feb 24 14:55:31 EST 2015

On Tue, 2015-02-24 at 13:42 -0600, Nico Williams wrote:
> On Tue, Feb 24, 2015 at 1:22 PM, Simo Sorce <simo at> wrote:
> > Sorry, but if you are using DNSSEC, MITM is not a problem, so
> > unfortunately I do not understand your concerns with more info on the
> > assumptions you are making.
> The proposal did not mention DNSSEC.  I'm saying you'll need to say
> something about at least that.

You are still not saying why.
The NAPTR proposal does not seem to add any attack vector that is not
already present with the current DNS SRV record discovery mechanism that
is supported in MIT Kerberos and other implementations.
So I see nothing new that needs highlighting.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list