On Fri, 21.03.14 00:27, Paul Wouters (paul(a)nohats.ca) wrote:
On Fri, 21 Mar 2014, Lennart Poettering wrote:
>I mean, in this day and age we should not consider an ACL language well
>designed if it basically pushes users to use IDENT and DNS for
>authentication. (And no, don't say the words DNSSEC, nobody sets that
>up, we don't have it as default, and tcpwrap doesn't check wether DNSSEC
>is enabled either, before trusting a hostname...).
we kinda do have dnssec per default. All DNS servers installed per
default do DNSSEC. Installing dnssec-trigger makes that even more
pervasive.
Well, but glibc can't do the DNSSEC client side, can it?
Lennart
--
Lennart Poettering, Red Hat