Subject: Re: per-process socket security settings
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 03/07/2001 23:36:50
In some email I received from firstname.lastname@example.org, sie wrote:
> >Um, some application programs will do multiple host transactions,
> >possibly (probably) with different security constraints for each
> >host. To use your example:
> > % secure telnet peer
> >What about the DNS transaction to get the IP address of "peer"?
> >I recognize that you're trying to make IPsecurity useful without
> >requiring a wholesale change to every IP-speaking application, but
> >I'm not sure that's really possible...
> > just thinking out loud,
> you right. i will need some trick to allow DNS lookups to go out
> without ipsec...
maybe libresolv could explicity check and reset it if it's not enabled
via resolv.conf ?