Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticating the network-provided resolver #18

Open
martinthomson opened this issue Sep 9, 2020 · 1 comment
Open

Authenticating the network-provided resolver #18

martinthomson opened this issue Sep 9, 2020 · 1 comment
Labels
design

Comments

@martinthomson
Copy link

Authentication of information presented by the network is particularly fraught. The current treatment doesn't really address this topic very clearly. The text even makes a bald assertion that is unattainable in many situtations, namely:

Authenticate that the DNS resolver is the one provisioned by the network

This needs to be more carefully phrased. There are cases where it is possible for a client to authenticate the network and the configuration information it provides, but this is not universal.

Any "requirement" here should be reduced in strength to "desiderata" or something weaker and more words need to be spent on explaining the limitations of any authentication.
@chris-box
Copy link
Contributor

See also issue #8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
design
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinthomson @chris-box