[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dist-obj] Extranet security
Albert Scherbinsky wrote:
> Kevin Dick wrote:
> > What if I attack the DNS connection from party2 clients or the DNS
> > server at party1.
> This is the key point.
> > If this doesn't work, why involve DNS at all. Provide a link from a
> > trusted internal server on the party2 network using an IP address in the
> > URL instead of a domain name (though you then have to worry about the DN
> > in the server certificate if you're using SSL).
> Don't use DNS, but do use domain names. Do it with host file
> settings on the communicating nodes.
I had thought of this, but I don't know much about how DNS clients on
various platforms work. Wouldn't it require manipulating the host file
settings on every client? With a lot of clients, this could be a
problem, especially if you think there's a chance the server IP address
may chage occasionally.
To manage your subscription, mailto:firstname.lastname@example.org
Archives, FAQ, etc. http://www.distributedcoalition.org/mailing_lists/