[Standards-JIG] Depricating DialBack w/ new CA

Philipp Hancke fippo at goodadvice.pages.de
Tue Jan 9 19:21:49 UTC 2007


Chris Mullins wrote:
> As Peter moves forward with the BIS version of the RFC's, I'm wondering
> if we should finally punt on dialback. The reason it's been kept around
> so long is that self-signed certs aren't sufficient security, and adding
> in the DNS layer helps out with that. 
> 
>  
> 
> Now that we've got a CA, and certs are practical for all, this reason
> doesn't hold as much weight as it used to. 

Who says everyone will trust the ICA (or any other CA)?
For example if I have a certificate signed by CA x and connects
to a server that does only trusts CAs w, y and z. That server
wont be able to authenticate my server and the connection can
not be established.

Dialback has the (only) advantage that it always works as long as DNS
is set up properly.

> Anyone other than me in favor of seeing dialback die off in 2007? 

I would love to... but I dont think that certificate authentication
can replace dialback.

Philipp



More information about the Standards mailing list