Re: Logging on to debian machines

To: debian-devel@lists.debian.org
Subject: Re: Logging on to debian machines
From: Sam Hartman <hartmans@mit.edu>
Date: 02 Feb 2001 10:55:34 -0500
Message-id: <[🔎] tslzog5rseh.fsf@sweet-transvestite.mit.edu>
In-reply-to: Hamish Moffatt's message of "Thu, 1 Feb 2001 22:58:11 +1100"
References: <20010118215304.B29588@phx.mjr.org> <20010119120323.B1141@wonderland.linux.it> <tslg0i0vvks.fsf@sweet-transvestite.mit.edu> <[🔎] 20010201225811.A1898@silly.cloud.net.au>

>>>>> "Hamish" == Hamish Moffatt <hamish@debian.org> writes:

    Hamish> On Wed, Jan 31, 2001 at 05:56:35AM -0500, Sam Hartman
    Hamish> wrote:
    >> >>>>> "Marco" == Marco d'Itri <md@Linux.IT> writes:
    >> 
    Marco> On Jan 18, Paul Hedderly <paul@mjr.org> wrote:
    >> >> Anyone got a cluestick I can hit myself with?
    Marco> Broken DNS reverse mapping?
    >>  Why do we have the machines configured to care about this?

    Hamish> Because it's good practice?

Yes, you are right.  It's good practice to have machines that use
Berkeley rhosts verify DNS in both directions.  It's good practice to log both DNS and IPs.

However, DNS does not provide you any security.  Security comes for
the most part from cryptography, and once you have cryptographically
strong security, being paranoid about DNS is only inconvenient.

    Hamish> Hamish -- Hamish Moffatt VK3SB <hamish@debian.org>
    Hamish> <hamish@cloud.net.au>

    Hamish> -- To UNSUBSCRIBE, email to
    Hamish> debian-devel-request@lists.debian.org with a subject of
    Hamish> "unsubscribe". Trouble? Contact
    Hamish> listmaster@lists.debian.org

Reply to:

References:
- Re: Logging on to debian machines
  - From: Hamish Moffatt <hamish@debian.org>

Prev by Date: Re: Bug#84406: ITP: shoop - OOP in shell
Next by Date: RE: debfoster, deborphan share a keep file
Previous by thread: Re: Logging on to debian machines
Next by thread: grill
Index(es):
- Date
- Thread