Re: [dnsext] CDS RRTYPE review - Comments period end Mar 29th

Jelte Jansen <jelte@isc.org> Wed, 09 March 2011 08:33 UTC

Return-Path: <jelte@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF5063A689A for <dnsext@core3.amsl.com>; Wed, 9 Mar 2011 00:33:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.734
X-Spam-Level:
X-Spam-Status: No, score=-99.734 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_NL=0.55, HELO_IS_SMALL6=0.556, HELO_MISMATCH_NL=1.448, HOST_MISMATCH_NET=0.311, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pSEgdZcutLqn for <dnsext@core3.amsl.com>; Wed, 9 Mar 2011 00:33:15 -0800 (PST)
Received: from tjeb.nl (vps6121.xlshosting.net [178.18.82.80]) by core3.amsl.com (Postfix) with ESMTP id C5FEF3A6857 for <dnsext@ietf.org>; Wed, 9 Mar 2011 00:33:14 -0800 (PST)
Received: from [192.168.8.11] (vhe-520087.sshn.net [195.169.221.157]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tjeb.nl (Postfix) with ESMTPSA id 1BDD42431C for <dnsext@ietf.org>; Wed, 9 Mar 2011 09:34:27 +0100 (CET)
Message-ID: <4D773B91.40001@isc.org>
Date: Wed, 09 Mar 2011 09:34:25 +0100
From: Jelte Jansen <jelte@isc.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8
MIME-Version: 1.0
To: dnsext@ietf.org
References: <C99C3502.72B1%roy@nominet.org.uk> <alpine.LSU.2.00.1103082030190.5244@hermes-1.csi.cam.ac.uk> <72A22513B1644CFE9023189F93BFDD32@local> <20110309080006.GA23957@miek.nl>
In-Reply-To: <20110309080006.GA23957@miek.nl>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] CDS RRTYPE review - Comments period end Mar 29th
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 08:33:15 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/09/2011 09:00 AM, Miek Gieben wrote:
> [ Quoting George Barwood in "Re: [dnsext] CDS RRTYPE review - Co"... ]
>>> Why not just use the child zone's SEP DNSKEY RRs for this purpose?
>>
>> From the draft http://tools.ietf.org/html/draft-barwood-dnsop-ds-publish-01
>>
>>   key, delaying the time at which an attacker can start cryptanalysis;
> 
> So this is the sole reason for adding this new type?
> 

disclaimer: I have not read this draft yet, but one other reason I could imagine
is to not have to change your DNSKEY rrset if you want to change what is
published at your parent, even if you do publish the dnskeys themselves.

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk13O5EACgkQ4nZCKsdOncWWBQCgok9t2bjT5UxtDErWFoBnh9wt
6dsAoMaRIrnh/aBzZJ305mtZN0YlqEvy
=ipFt
-----END PGP SIGNATURE-----