Hi, Phillip,
You are right.
In order to make this solution work securely and efficiently. Except the issues
you mentioned, the key rollover schemes for both client and recursive server
should be designed.
BR,
Zhiwei
在 2015-03-11 20:26:13,Phillip Hallam-Baker i...@hallambaker.com 写道:
The
On Wed, Mar 11, 2015 at 08:26:13AM -0400, Phillip Hallam-Baker wrote:
The proposal is a reasonable approach and not overly complex. The question
that concerns me though is how the client authenticates the resolver.
Without authentication, encryption is useless because you could be having
the
The proposal is a reasonable approach and not overly complex. The question
that concerns me though is how the client authenticates the resolver.
Without authentication, encryption is useless because you could be having
the conversation with Mallet.
Using DNSSEC for that is problematic since the