Proposal for using NAPTR/URI records
Simo Sorce
simo at redhat.com
Tue Feb 24 14:55:31 EST 2015
On Tue, 2015-02-24 at 13:42 -0600, Nico Williams wrote:
> On Tue, Feb 24, 2015 at 1:22 PM, Simo Sorce <simo at redhat.com> wrote:
> > Sorry, but if you are using DNSSEC, MITM is not a problem, so
> > unfortunately I do not understand your concerns with more info on the
> > assumptions you are making.
>
> The proposal did not mention DNSSEC. I'm saying you'll need to say
> something about at least that.
You are still not saying why.
The NAPTR proposal does not seem to add any attack vector that is not
already present with the current DNS SRV record discovery mechanism that
is supported in MIT Kerberos and other implementations.
So I see nothing new that needs highlighting.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list