[Acme] Re: IETF122 Time Slot Request for draft-li-acme-dns-update-00.txt
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 23 March 2025 12:39 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BA12A113162D for <acme@mail2.ietf.org>; Sun, 23 Mar 2025 05:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLSrP-0TAtSU for <acme@mail2.ietf.org>; Sun, 23 Mar 2025 05:39:38 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 119AD1131625 for <acme@ietf.org>; Sun, 23 Mar 2025 05:39:38 -0700 (PDT)
Authentication-Results: relay.sandelman.ca; dkim=pass (2048-bit key; secure) header.d=sandelman.ca header.i=@sandelman.ca header.a=rsa-sha256 header.s=dyas header.b=QSKX/22M; dkim-atps=neutral
Received: from dyas.sandelman.ca (unknown [38.150.99.26]) by relay.sandelman.ca (Postfix) with ESMTPS id 0A2401F4A4; Sun, 23 Mar 2025 12:39:37 +0000 (UTC)
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 625DCA1DB8; Sun, 23 Mar 2025 19:40:08 +0700 (+07)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=dyas; t=1742733608; bh=3qJVnRLATm/KsfK+QBFLwxIWC32qmknfJWCtxI5XQNo=; h=From:To:cc:Subject:In-reply-to:References:Date:From; b=QSKX/22MpMTvCLqTyCeZOMxZWAj06xIWA5Ekwq+bb9RzlYARjHumdgG69X4LdcWaE 1uwIobOGNbZKgRhdRoAIK03z43WRKDbdHlhyimc1m6qJApFAMKeuIEUFzol7mfP9mZ 4WE5NF4eRi2xMXkaHEPQMMRKDvS+yRl8+qNCu0l3Iea1KgAUY9xJXbgsije/ndbzFn dkDDwLK9IXbeOHmmdf8adYzjAUQG5l/YuLe0ZsxcfdYzSDRAp9CAm4ZDHzg/fxlFpm ST42F5ez8H7DA6DF1m1a3GMbIpvPQKjZbknGiVgmtT1cRG8axomAMuA4wGrbyexA5f W1lnhCvmundoQ==
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 5EF2BA007E; Sun, 23 Mar 2025 19:40:08 +0700 (+07)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "liruochen (A)" <li.ruochen@huawei.com>
In-reply-to: <4177a30eafbc4c2f820c368e6e58768b@huawei.com>
References: <d14d5a993fd145a7ab78920af93fa278@huawei.com> <7717.1740770856@obiwan.sandelman.ca> <4177a30eafbc4c2f820c368e6e58768b@huawei.com>
Comments: In-reply-to "liruochen (A)" <li.ruochen@huawei.com> message dated "Mon, 03 Mar 2025 03:50:34 +0000."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 23 Mar 2025 19:40:08 +0700
Message-ID: <1212873.1742733608@dyas>
Message-ID-Hash: VMY2EAQAFBXJ64HRLUFYXJ2W6ECXMOEQ
X-Message-ID-Hash: VMY2EAQAFBXJ64HRLUFYXJ2W6ECXMOEQ
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "acme@ietf.org" <acme@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: IETF122 Time Slot Request for draft-li-acme-dns-update-00.txt
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/lhe-VM07dH8zroO_vRVep7ir-3Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>
liruochen (A) <li.ruochen@huawei.com> wrote: > We picked TSIG out of TSIG/SIG(0) because TSIG seems to have better > support. We could use SIG(0) for the initial authentication key and > TSIG for transaction keys (established via TKEY), but that requires > clients/servers to implement both TSIG and SIG(0). For larger DNS operators SIG(0) is much safer because the contents of the authorization database is all public keys. For smaller entities, it's kind of a toss-up. TSIG wins because the tools to create SIG(0) have poorer documentation. I continue to believe that this is a HOWTO documentation thing, not an RFC BCP. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
- [Acme] IETF122 Time Slot Request for draft-li-acm… liruochen (A)
- [Acme] Re: IETF122 Time Slot Request for draft-li… Michael Richardson
- [Acme] Re: IETF122 Time Slot Request for draft-li… liruochen (A)
- [Acme] Re: IETF122 Time Slot Request for draft-li… Michael Richardson