From owner-freebsd-stable Thu Apr 2 21:44:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA22045 for freebsd-stable-outgoing; Thu, 2 Apr 1998 21:44:38 -0800 (PST) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA22035 for ; Thu, 2 Apr 1998 21:44:13 -0800 (PST) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (1PzAlc0QUANwS5PCmIt59WjJ3Oaxa+4o@greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.8.8/8.8.8) with ESMTP id HAA03698; Fri, 3 Apr 1998 07:43:56 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (3Nkls/iIbOPX+kedB0mkX40v5XKcMZxY@localhost [127.0.0.1]) by greenpeace.grondar.za (8.8.8/8.8.8) with ESMTP id HAA24161; Fri, 3 Apr 1998 07:43:49 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199804030543.HAA24161@greenpeace.grondar.za> X-Mailer: exmh version 2.0.2 2/24/98 To: Robert Watson cc: Charles Quarri , stable@FreeBSD.ORG Subject: Re: Hesiod support on 2.2 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 03 Apr 1998 07:43:43 +0200 From: Mark Murray Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk Robert Watson wrote: > To make Hesiod secure, you need secure name service. I understand that > MIT implemented a kerberized DNS query of some kind -- this is not > scalable, of course. DNSsec should provide a nice architecture for > handling this kind of thing. See also draft-ietf-dnssec-ar-00.txt for > some thoughts on how to handle authentication in the context of DNSsec, > and assigning identities to DNS names. To make Hesiod secure, you should not use it to distribute passwords (encrypted or not). That is what Kerberos is for. One of the things I have picked up in 48 hours of research. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message