I think the working group had discussed the issue and actually the draft is written with: "trusted mechanism such as a preconfigured hosts table or DNSSEC"
Regards, Miao > -----Original Message----- > From: Carson Gaspar [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 25, 2007 3:47 PM > To: [EMAIL PROTECTED] > Subject: Re: [Syslog] Syslog-tls-09 draft - suggested change > > [ re: DNS reverse mapping ] > > DNS is not secure, and isn't likely to be any time soon. > Using DNS as any sort of security measure is just plain stupid. > > Either the other party possesses the private key material > that matches their public key or they don't. If they don't, > SSL will fail. If they do, then they're exactly who they say > they are (or the private key material has leaked, at which > point it's game over anyway). DNS should have nothing > whatsoever to do with it. Any modern RFC that makes > references to doing reverse lookups in a security context > should be laughed out of the IETF. > > -- > Carson > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
