m at tthias.eu
Thu Mar 29 15:44:29 UTC 2007
Bruce Campbell schrieb:
> The thing about DNSSEC is that it secures the information that you
> obtain via the DNS protocol. However, you can store things other than
> the IP address of a remote host in the DNS; you could also store the
> verification for the host's connection certificate in the DNS, thus
> easing the pain of distributing certs for DNSSEC-aware clients. ( I'm
> glossing over a lot of details here ).
But then you do not use DNSsec, but another protocol, that utilizes
DNSsec. I am aware of other record types then A and AAAA in DNS, and
even of records like KEY and SSHFP.
> However, this usage only assists in the authentication of a server to a
> client or another server. It does not assist in the authentication of a
> client to a server. Without the client or server having a closer
> connection to DNS records (and thus yet another dependency), using
> DNSSEC to authenticate a client to a server is not usable by the common
Yes, I am aware of this. I already started some DNSsec support in
jabberd14 for post 1.6.1. - I just wanted to ask, if there is already
some DNSsec based things in Jabber I was not aware of.
More information about the Standards