On Sun, Dec 10, 2006 at 12:45:27PM -0800, Christian Huitema wrote:

> In these conditions, what is the point of securing the DNS look-up? The
> end-to-end verification of the certificate will validate it.

Exactly. This is also the reason why we don't have an "ARPSEC" protocol.

Or perhaps we do, but is about as exciting as DNSSEC. I wrote about this on
http://ds9a.nl/secure-dns.html .


http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.