[Standards] dnssec

Matthias Wimmer m at tthias.eu
Thu Mar 29 15:44:29 UTC 2007


Hi Bruce!

Bruce Campbell schrieb:
> The thing about DNSSEC is that it secures the information that you 
> obtain via the DNS protocol.  However, you can store things other than 
> the IP address of a remote host in the DNS; you could also store the 
> verification for the host's connection certificate in the DNS, thus 
> easing the pain of distributing certs for DNSSEC-aware clients.  ( I'm 
> glossing over a lot of details here ).

But then you do not use DNSsec, but another protocol, that utilizes 
DNSsec. I am aware of other record types then A and AAAA in DNS, and 
even of records like KEY and SSHFP.

> However, this usage only assists in the authentication of a server to a 
> client or another server.  It does not assist in the authentication of a 
> client to a server.  Without the client or server having a closer 
> connection to DNS records (and thus yet another dependency), using 
> DNSSEC to authenticate a client to a server is not usable by the common 
> client.

Yes, I am aware of this. I already started some DNSsec support in 
jabberd14 for post 1.6.1. - I just wanted to ask, if there is already 
some DNSsec based things in Jabber I was not aware of.


Matthias



More information about the Standards mailing list