Re: [BEHAVE] The renumbering problem [Re: Comments on the NAT66 draft]

On 19 nov 2008, at 1:29, james woodyatt wrote:

My hunch is that those folks should probably be using DNS-SD insteadof the fragile cruftiness they're struggling against now.


Can DNS service discovery be secured with DNSSEC?

What if there are unsigned delegations in the delegation hiearchy?

If I'm going to base my firewalling rules or VPN setup on the DNS thenthe DNS info must be protected against poisoning and other attacks.


Iljitsch

References:
- RE: Comments on the NAT66 draft
  - From: "Wes Beebee (wbeebee)" <wbeebee@cisco.com>
- Re: [BEHAVE] Comments on the NAT66 draft
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Comments on the NAT66 draft
  - From: EricLKlein@softhome.net
- Re: Comments on the NAT66 draft
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Comments on the NAT66 draft
  - From: EricLKlein@softhome.net
- Re: Comments on the NAT66 draft
  - From: Gert Doering <gert@space.net>
- Re: Comments on the NAT66 draft
  - From: EricLKlein@softhome.net
- Re: Comments on the NAT66 draft
  - From: james woodyatt <jhw@apple.com>
- The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
  - From: james woodyatt <jhw@apple.com>
- Re: The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
  - From: Gert Doering <gert@space.net>
- Re: The renumbering problem [Re: [BEHAVE] Comments on the NAT66 draft]
  - From: james woodyatt <jhw@apple.com>