* Ian Maddison <[email protected]>: > > > On 29 Jul 2015, at 01:46, Viktor Dukhovni <[email protected]> wrote: > > > > On Wed, Jul 29, 2015 at 12:42:52AM +0200, Ian Maddison wrote: > > > >> I'm looking for a way to run a recursive name server on a public IP address > >> restricted to pre-configured roaming clients. > >> > >> Is, or will it be feasible to leverage DANE-TA to reliably authenticate > >> both the clients and server in order to run this type of service? > > > > No, not possible. > > > > And I am afraid this is not an end-user help/support forum, so this > > type of question belongs elsewhere, e.g. the BIND or unbound users > > list, or similar. > > > > -- > > Viktor. > > > Oh ok, I'm sorry about that. > > Although I’ve followed this list for several years, improved readability for > one of your drafts and helped fix an an error or two, it seems I may have > missed details regarding client authentication and would appreciate a > pointer, if that’s not too much to ask :)
There's no usable client authentication at the moment. A first draft for client authentication has been published: https://datatracker.ietf.org/doc/draft-huque-dane-client-cert/ AFAIK it has also been discussed at the recent IETF meeting. That's all there is for the moment. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
