30 Jun
2003
30 Jun
'03
6:54 a.m.
In message <iluof0gh7vy.fsf@latte.josefsson.org>, Simon Josefsson writes:
Of course, everything fails if you ALSO get your DNSSEC root key from the DHCP server, but in this case you shouldn't expect to be secure. I wouldn't be surprised if some people suggest pushing the DNSSEC root key via DHCP though, because alas, getting the right key into the laptop in the first place is a difficult problem.
I can pretty much guarantee that the IETF will never standardize that, except possibly in conjunction with authenticated dhcp. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)