[1241] in Hesiod
Re: [Hesiod] Announce: Hesutils, the Hesiod utilities
daemon@ATHENA.MIT.EDU (Andy Bennett)
Thu Feb 25 08:47:17 2021
From: Andy Bennett <andyjpb@ashurst.eu.org>
To: JFLF <jflf-gitlab@outlook.com>
Date: Thu, 25 Feb 2021 13:46:08 +0000
MIME-Version: 1.0
Message-ID: <7c1dfa42-4577-41d8-a53e-776dc62ec4a7@ashurst.eu.org>
In-Reply-To: <VI1PR04MB7101DE1A2AD42903E3C547C8819E9@VI1PR04MB7101.eurprd04.prod.outlook.com>
X-SA-Exim-Mail-From: andyjpb@ashurst.eu.org
Cc: hesiod@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hesiod-bounces@mit.edu
Hi,
>> It looks great.
>> I also have a script called `hesgen` that I wrote years ago but it's
>> nowhere near as sophisticated or well written as this one! ...
>
> Thank you for the kind words! I hope that you won't change your
> mind after looking into it more closely. :)
It still looks great, although I noticed that he 2 example pages don't seem
to exist.
> I was going to add that the MIT still have their Hesiod NS
> (ns.athena.mit.edu) available over the internet without any
> security of any sort. That's the reason why there's an option to
> block requests to that NS in the Hesutils configuration file, as
> unconfigured clients would send their requests there. But it
> seems to have disappeared! I'm only getting a custom SOA with
> "HESREQ.mit.edu." as the rname.
>
> When I started writing those scripts, about 4 years ago, that
> NS still answered. So it seems that the changes have happened
> comparatively recently. Does anyone know what happened? Are they
> still using Hesiod internally, or have they decommissioned their
> Hesiod infrastructure entirely?
I had noticed that the ns.athena.mit.edu zone was still available a few
years ago when I was thinking about GDPR stuff here in the UK.
I hadn't noticed that it had since disappeared tho'.
Good find!
It strikes me that Hesiod + Kerberos are a good design that haven't kept up
with advances in cryptography practice. ...and there are lots of projects
which are vainly attempting to do similar things over https, etc. They all
seem a lot more complex. It'd be nice if Hesiod & Kerberos were up-to-date
with security and crypto practices as they otherwise still seem to be
best-in-class approaches to the underlying problems.
Best wishes,
@ndy
--
andyjpb@ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF
_______________________________________________
Hesiod@mit.edu
http://mailman.mit.edu/mailman/listinfo/hesiod
