Re: Signature at parent (draft-ietf-dnsop-parent-sig-00.txt)
ted@tednet.nl (Ted Lindgreen) Fri, 06 April 2001 16:18 UTC
Received: from psg.com (exim@[147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA13587 for <dnsext-archive@lists.ietf.org>; Fri, 6 Apr 2001 12:18:43 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 3.16 #1) id 14lYYe-0004Y1-00 for namedroppers-data@psg.com; Fri, 06 Apr 2001 08:53:56 -0700
Received: from [63.218.17.194] (helo=h236.s254.netsol.com) by psg.com with esmtp (Exim 3.16 #1) id 14lYYc-0004Xs-00 for namedroppers@ops.ietf.org; Fri, 06 Apr 2001 08:53:55 -0700
Received: (from markk@localhost) by h236.s254.netsol.com (8.11.0/8.11.0) id f36EvrF01739 for namedroppers@ops.ietf.org; Fri, 6 Apr 2001 10:57:53 -0400
Received: from open.nlnetlabs.nl ([213.53.69.1]) by psg.com with esmtp (Exim 3.16 #1) id 14lVrX-000Nhg-00 for namedroppers@ops.ietf.org; Fri, 06 Apr 2001 06:01:16 -0700
Received: (from ted@localhost) by open.nlnetlabs.nl (8.11.2/8.11.1) id f36D14s95349; Fri, 6 Apr 2001 15:01:04 +0200 (CEST) (envelope-from ted)
Message-Id: <200104061301.f36D14s95349@open.nlnetlabs.nl>
From: ted@tednet.nl
Date: Fri, 06 Apr 2001 15:01:04 +0200
In-Reply-To: "John Gilmore's message as of Apr 6, 14:12"
Reply-To: Ted.Lindgreen@tednet.nl
X-Organization: TedNet BV
X-Address: Omval 56, 1096HV Amsterdam, The Netherlands
X-Phone: +31 20 6631060 Fax: +31 20 4684462
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: John Gilmore <gnu@toad.com>, Miek Gieben <miekg@open.nlnetlabs.nl>
Subject: Re: Signature at parent (draft-ietf-dnsop-parent-sig-00.txt)
Cc: Dan Massey <masseyd@isi.edu>, namedroppers@ops.ietf.org
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
[Quoting John Gilmore, on Apr 6, 14:12, in "Re: Signature at par ..."] > There's nothing wrong with putting an IPSEC KEY record at the top > of a zone, along with the zone keys. The problems with it are: 1. Inflexibility: Any change, update, addition, or removal of such a KEY needs the involvement of the parent. 2. Cost: It will be pretty likely, that TLDs will charge for signing KEYs, and probably more when lots of non-zone-KEYs are involved. 3. Liability: He, who signs, must make sure that he knows he is signing, and must accept some responsibility for it (otherwise the signature is worthless). I think a TLD should accept the responsibility for a proper delegation of a domain, but I don't think the TLD will accept the responsibility for local stuff like IPSEC-KEYS under those already delegated domains. I think that smart zone-administrators keep their local KEYs out of the apex' KEYset. But some education may help to get them smart. So, the question is: in a to be written "Best Current Practice document" should we be silent about this, or just make a note or remark, or discourage it, or make it a SHOULD NOT, or perhaps even a MUST NOT? I agree with Brian Wellington, that a "SHOULD NOT" will do fine. Regards, -- Ted. to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body.
- Re: Signature at parent (draft-ietf-dnsop-parent-… Ted Lindgreen
- Re: Signature at parent (draft-ietf-dnsop-parent-… Olaf Kolkman
- Re: Signature at parent (draft-ietf-dnsop-parent-… Roy Arends
- Re: Signature at parent (draft-ietf-dnsop-parent-… Miek Gieben
- Re: Signature at parent (draft-ietf-dnsop-parent-… Edward Lewis
- Re: Signature at parent (draft-ietf-dnsop-parent-… Edward Lewis
- Re: Signature at parent (draft-ietf-dnsop-parent-… Edward Lewis
- Re: Signature at parent (draft-ietf-dnsop-parent-… John Gilmore
- Re: Signature at parent (draft-ietf-dnsop-parent-… Olaf Kolkman
- Re: Signature at parent (draft-ietf-dnsop-parent-… Brian Wellington
- Re: Signature at parent (draft-ietf-dnsop-parent-… Ted Lindgreen
- Re: DNS vs. non-DNS Data (was Re: Signature at pa… Kevin Darcy
- Re: Signature at parent (draft-ietf-dnsop-parent-… Ted Lindgreen
- Re: DNS vs. non-DNS Data (was Re: Signature at pa… Eric A. Hall
- Re: Signature at parent (draft-ietf-dnsop-parent-… Dan Massey
- DNS vs. non-DNS Data (was Re: Signature at parent… Kevin Darcy
- Re: Signature at parent (draft-ietf-dnsop-parent-… Randy Bush
- Re: Signature at parent (draft-ietf-dnsop-parent-… Ted Lindgreen
- Re: Signature at parent (draft-ietf-dnsop-parent-… Peter Koch
- Re: DNS vs. non-DNS Data (was Re: Signature at pa… Eric A. Hall
- Re: Signature at parent (draft-ietf-dnsop-parent-… Brian Wellington
- Re: Signature at parent (draft-ietf-dnsop-parent-… Edward Lewis
- Re: Signature at parent (draft-ietf-dnsop-parent-… Edward Lewis