From owner-cvs-all Fri Jul 14 13: 5:39 2000 Delivered-To: cvs-all@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id 5FE1837B802; Fri, 14 Jul 2000 13:05:28 -0700 (PDT) (envelope-from asmodai@lucifer.ninth-circle.org) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.9.3/8.9.3) id WAA70323; Fri, 14 Jul 2000 22:05:24 +0200 (CEST) (envelope-from asmodai) Date: Fri, 14 Jul 2000 22:05:24 +0200 From: Jeroen Ruigrok van der Werven To: Robert Watson Cc: Hajimu UMEMOTO , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libutil realhostname.c Message-ID: <20000714220524.E69824@lucifer.bart.nl> References: <20000714214518.C69824@lucifer.bart.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from rwatson@FreeBSD.org on Fri, Jul 14, 2000 at 03:55:58PM -0400 Organisation: VIA Net.Works The Netherlands Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -On [20000714 22:00], Robert Watson (rwatson@FreeBSD.org) wrote: >On Fri, 14 Jul 2000, Jeroen Ruigrok van der Werven wrote: > >> >if two, then also the hostname at the time that the connection occurred. >> >Furthermore, it would be nice if an authenticity parameter was present for >> >both fields: (1) protection assuring that the IP was accurate (based on >> >IPsec somehow), and (2) protection assuring the name for the IP was >> >accurate (based on DNSsec). I don't see either happening soon, but we can >> >and should fix the incorrect/inappropriate use of wtmp and utmp. >> >> DNSsec is still a problem due to the licensing if I understood Peter >> Wemm correctly. Corrections on this topic are very much welcome, I will >> then pursue to make sure DNSsec gets imported and enabled. > >The only licensing problem I know about is the dependence on RSA, which >goes away soon. Is there another licensing problem I don't know about? Hmm, and since WCCDROM/BSDi is allowed to export it I can effectively start enabling it? >We'd presumably prefer to use the BIND9 implementation, when available. BIND 9.0.0 is only in RC3 stage. Plus there appear to be a few problems with it on FreeBSD. I am aiming for some examination on that this weekend. >(There's also the traditional philosophical objections to DNSsec, but I'm >more concerned with legal and technical issues here) *nod* Same here. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl Only the good die young, all the evil seems to live forever... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message