Hi, With the introduction of DNSSEC, it should be possible to publish a security policy via a DNS record which is encrypted and signed to verify its authenticity which could be read by every computer within a domain.
This record could be used to set the security policy on every computer, by setting nis, ldap, smtp, nfs servers and locking down the networks by setting global firewall parameters. As DNS is a hierarchical model, child domains could inherit settings from the parent or be allowed to override them. This would also apply to individual DNS records to allow permissions on a per machine basis. Using this approach, settings could be enforced via DHCP internally and if an organisation published a security policy publicly on the internet it could be used to ensure that all computers would follow a corporate standard. Unfortunately this technology would require an acceptable platform independant framework to allow it to be used by an internet connected device, laptop, server or mobile phone. -- This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
