Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enterprise networks with best security practices are still susceptible to internal attacks (see https://tools.ietf.org/html/draft-arkko-farrell-arch-model-t-03). Enterprises have started migrating to "zero trust security" framework to encrypt all communication to minimize the threat (https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/. If internal attacks are not an issue, Enterprises would not move to using HTTPS for internal servers.
I propose the following change: Clients cannot assume that their network does not have such an attacker, encryption and authentication of DNS resolver is required to defend from active and passive attacks.
Originally posted by @tireddy2 in #2 (comment)
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Enterprise networks with best security practices are still susceptible to internal attacks (see https://tools.ietf.org/html/draft-arkko-farrell-arch-model-t-03). Enterprises have started migrating to "zero trust security" framework to encrypt all communication to minimize the threat (https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/. If internal attacks are not an issue, Enterprises would not move to using HTTPS for internal servers.
I propose the following change:
Clients cannot assume that their network does not have such an attacker, encryption and authentication of DNS resolver is required to defend from active and passive attacks.
Originally posted by @tireddy2 in #2 (comment)
The text was updated successfully, but these errors were encountered: