In-Band Rollover and Out-Of-Band Priming
"Olaf M. Kolkman" <olaf@ripe.net> Tue, 13 July 2004 12:24 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA05207 for <dnsext-archive@lists.ietf.org>; Tue, 13 Jul 2004 08:24:56 -0400 (EDT)
Received: from majordom by psg.com with local (Exim 4.34 (FreeBSD)) id 1BkMDB-0002QU-Kr for namedroppers-data@psg.com; Tue, 13 Jul 2004 12:16:41 +0000
Received: from [193.0.0.199] (helo=postman.ripe.net) by psg.com with esmtp (Exim 4.34 (FreeBSD)) id 1BkMDA-0002QD-Ek for namedroppers@ops.ietf.org; Tue, 13 Jul 2004 12:16:40 +0000
Received: by postman.ripe.net (Postfix, from userid 8) id 927174FD12; Tue, 13 Jul 2004 14:16:39 +0200 (CEST)
Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by postman.ripe.net (Postfix) with ESMTP id 54CD04FCFF for <namedroppers@ops.ietf.org>; Tue, 13 Jul 2004 14:16:39 +0200 (CEST)
Received: from x50.ripe.net (x50.ripe.net [193.0.1.50]) by birch.ripe.net (8.12.10/8.11.6) with SMTP id i6DCGd4c011243 for <namedroppers@ops.ietf.org>; Tue, 13 Jul 2004 14:16:39 +0200
Date: Tue, 13 Jul 2004 14:16:39 +0200
From: "Olaf M. Kolkman" <olaf@ripe.net>
To: namedroppers@ops.ietf.org
Subject: In-Band Rollover and Out-Of-Band Priming
Message-Id: <20040713141639.0e844225.olaf@ripe.net>
Organization: RIPE NCC
X-Mailer: Sylpheed version 0.9.11 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-RIPE-Spam-Status: N 0.013952 / 0.0 / 0.0 / disabled
X-RIPE-Signature: ff7fd7d29e955f0e644694d0d3f1ecc8
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on psg.com
X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
This is a heads up for: draft-kolkman-dnsext-dnssec-in-band-rollover-00: http://www.ietf.org/internet-drafts/draft-kolkman-dnsext-dnssec-in-band-rollover-00.txt Abstract The DNS Security Extensions (DNSSEC) works by validating so called chains of authority. The start of these chains of authority are usually public keys that are anchored in the DNS clients, the so called trust anchors. This memo describes a method how these client trust anchors can be replaced using the DNS validation and querying mechanisms (in-band) if the key pairs used for signing by zone owner are rolled. This memo also describes a method to establish the validity of trust anchors for initial configuration, or priming, using out of band mechanisms. This will be on the agenda of Thuesday slot. -- Olaf Co-author ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- In-Band Rollover and Out-Of-Band Priming Olaf M. Kolkman
- Re: In-Band Rollover and Out-Of-Band Priming Masataka Ohta