Re: The problem I see with DNSSEC as a potential end user and administrator.
Ralf Weber <denic@eng.colt.net> Fri, 08 August 2008 10:37 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 970743A6ACC; Fri, 8 Aug 2008 03:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.689
X-Spam-Level:
X-Spam-Status: No, score=0.689 tagged_above=-999 required=5 tests=[AWL=0.826, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGTqvt93mzYB; Fri, 8 Aug 2008 03:37:09 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 82AEB3A6830; Fri, 8 Aug 2008 03:37:09 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRPGC-000KSR-IN for namedroppers-data@psg.com; Fri, 08 Aug 2008 10:31:52 +0000
Received: from [212.74.77.49] (helo=smtp.lon.dcn.colt.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <denic@eng.colt.net>) id 1KRPG4-000KRe-I6 for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 10:31:47 +0000
Received: from [194.45.79.6] (quo.fra.ws.COLT.NET [212.74.79.242]) by smtp.lon.dcn.colt.net (Postfix) with ESMTP id 3C5B43574A; Fri, 8 Aug 2008 12:31:42 +0200 (CEST)
From: Ralf Weber <denic@eng.colt.net>
To: "\"Ondřej Surý\"" <ondrej.sury@nic.cz>
In-Reply-To: <e90946380808080252r35e88807v15e904d10c73cb76@mail.gmail.com>
Subject: Re: The problem I see with DNSSEC as a potential end user and administrator.
References: <489BE047.1010100@e164.org> <e90946380808080203g65c99a72meca9db15c1194df1@mail.gmail.com> <489C0E08.3040406@e164.org> <e90946380808080218n7acddd46gd99d39fa71edcb26@mail.gmail.com> <489C112A.8000306@e164.org> <e90946380808080232w756e1123u2237fa1ac846173f@mail.gmail.com> <489C140C.60205@e164.org> <e90946380808080252r35e88807v15e904d10c73cb76@mail.gmail.com>
Message-Id: <B1390EF1-C87F-4D5F-A7C8-A09A23B7C013@eng.colt.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Fri, 08 Aug 2008 12:31:41 +0200
Cc: Duane at e164 dot org <duane@e164.org>, Namedroppers <namedroppers@ops.ietf.org>, Mark Andrews <Mark_Andrews@isc.org>, Paul Vixie <paul@vix.com>, bert hubert <bert.hubert@netherlabs.nl>
X-Mailer: Apple Mail (2.928.1)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Moin! On Aug 8, 2008, at 11:52 , Ondřej Surý wrote: > Well, we don't need to sell it to masses. We just need to educated > registrars, > ISPs and big zone hosters, where people with (at least some) clue > works. Well even these guys (I think my company is in one of the above mentioned business ;-) want tools that don't put to much operational burden on them. So a switch or checkbox that says DNSSEC enabled for that zone, and does all the rest in background (KSK, ZSK generation, zone signing and resigning, ZSK rollover, KSK rollover) is something that we and I guess others want. Ok for KSK it would be good if it offer to access it via an external storage that you only attach to the box at certain times to not have always on the box and at risk being compromised. And we do want it in an integrated manner and not as a bunch of different toolsets that you can stick together. So far I know of no solution that does offer that, but if anyone knows tell me. > And that's something what we are working on. You can try, but I guess you will have problems when the operational overhead is bigger than the potential benefit. So long -Ralf --- Ralf Weber Platform Infrastructure Manager Colt Telecom GmbH Herriotstrasse 4 60528 Frankfurt Germany DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 Fax: +49 (0)69 56606 6280 Email: Ralf.Weber@colt.net http://www.colt.net/ Data | Voice | Managed Services ***************************************** COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 * Geschäftsführer: Albertus Marinus Oosterom (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 53898 * USt.-IdNr. DE 220 772 475 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- The problem I see with DNSSEC as a potential end … Duane
- Re: The problem I see with DNSSEC as a potential … David Ulevitch
- Re: list policies Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Ondřej Surý
- Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Ondřej Surý
- Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Ondřej Surý
- Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Olaf Kolkman
- Re: The problem I see with DNSSEC as a potential … Stefan Schmidt
- Re: The problem I see with DNSSEC as a potential … Ralf Weber
- Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
- Re: The problem I see with DNSSEC as a potential … Ondřej Surý
- Re: list policies bmanning
- Re: list policies Duane at e164 dot org