[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [dist-obj] Extranet security
Albert Scherbinsky wrote:
>
> Kevin Dick wrote:
> > What if I attack the DNS connection from party2 clients or the DNS
> > server at party1.
>
> This is the key point.
Thank you.
> > If this doesn't work, why involve DNS at all. Provide a link from a
> > trusted internal server on the party2 network using an IP address in the
> > URL instead of a domain name (though you then have to worry about the DN
> > in the server certificate if you're using SSL).
>
> Don't use DNS, but do use domain names. Do it with host file
> settings on the communicating nodes.
I had thought of this, but I don't know much about how DNS clients on
various platforms work. Wouldn't it require manipulating the host file
settings on every client? With a lot of clients, this could be a
problem, especially if you think there's a chance the server IP address
may chage occasionally.
Kevin
==========================================================================
To manage your subscription, mailto:dist-obj-help@distributedcoalition.org
Archives, FAQ, etc. http://www.distributedcoalition.org/mailing_lists/