[Free-RTC] kamaillio script for federated communications
Daniel Pocock
daniel at pocock.com.au
Fri Jun 21 19:17:45 CEST 2013
On 21/06/13 17:41, Olle E. Johansson wrote:
>
> 21 jun 2013 kl. 15:05 skrev Daniel Pocock <daniel at pocock.com.au>:
>
>>> * The config uses DNS to establish the transport available on the
>>> remote proxy. It doesn't use DNSSEC to do this.
>>
>> I'm not sure if DNSSEC matters if the TLS certificate is valid - some
>> people may prefer to trust the TLS cert and not place any trust in the
>> DNSSEC trust model
>
> THat's quite a misguided statement. If DNS points to an incorrect destination that succeeds
> in providing a certificate that you accept - how can that be a good solution?
It is a relative level of trust (there is no 100% trust)
If the cert is signed by your private root CA you may trust it more than
the DNSSEC trust anchor from ICANN.
More information about the Free-RTC
mailing list