Re: [dhcwg] Trust model of Client FQDN option
Ted Lemon <mellon@nominum.com> Wed, 04 August 2004 19:49 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03671; Wed, 4 Aug 2004 15:49:07 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsRh4-0007nU-8J; Wed, 04 Aug 2004 15:44:58 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BsRZb-0006U2-JE for dhcwg@megatron.ietf.org; Wed, 04 Aug 2004 15:37:15 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA02777 for <dhcwg@ietf.org>; Wed, 4 Aug 2004 15:37:13 -0400 (EDT)
Received: from toccata.fugue.com ([204.152.186.142]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BsRcv-0006yh-Qp for dhcwg@ietf.org; Wed, 04 Aug 2004 15:40:43 -0400
Received: from [130.129.131.89] (opene-130-129-131-89.ietf60.ietf.org [130.129.131.89]) by toccata.fugue.com (Postfix) with ESMTP id AF56E1B22C7; Wed, 4 Aug 2004 14:36:14 -0500 (CDT)
In-Reply-To: <000201c47a4f$78a634e0$3f428182@amer.cisco.com>
References: <000201c47a4f$78a634e0$3f428182@amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <AD320063-E64D-11D8-8860-000A95D9C74C@nominum.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@nominum.com>
Subject: Re: [dhcwg] Trust model of Client FQDN option
Date: Wed, 04 Aug 2004 12:37:10 -0700
To: Bernie Volz <volz@cisco.com>
X-Mailer: Apple Mail (2.618)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 79899194edc4f33a41f49410777972f8
Content-Transfer-Encoding: 7bit
Cc: dhcwg@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Content-Transfer-Encoding: 7bit
On Aug 4, 2004, at 11:18 AM, Bernie Volz wrote: > And, we probably should add a 4th point ... If a DNS server allows > dynamic > DNS updates, it is the final authority of what it allows to be added, > removed, or modified in a zone and should have properly configured > policies > to prohibit operations that are not intended. Simply assuming that any > update from a trusted source (such as a DHCP server with a valid TSIG > key) > should be performed is likely not acceptable. I would expect this to be a rather controversial statement, and I think we should leave it out. It could be equally legitimately argued that if you give some entity a key to update a zone, you are trusting that entity not to do anything inappropriate with the key, and that if you do not trust that entity, you should not have given it such a key. I'm not saying either position is correct - they are both valid. So asserting one over the other seems like a recipe for delay. _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- Re: [dhcwg] Trust model of Client FQDN option Pekka Savola
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Mark Stapp
- RE: [dhcwg] Trust model of Client FQDN option Pekka Savola
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon
- RE: [dhcwg] Trust model of Client FQDN option Bernie Volz
- Re: [dhcwg] Trust model of Client FQDN option Ted Lemon