Re: [dnsext] DTLS alternative to DNS-Curve
Phillip Hallam-Baker <hallam@gmail.com> Thu, 16 September 2010 18:47 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B17F3A68F8; Thu, 16 Sep 2010 11:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.287
X-Spam-Level:
X-Spam-Status: No, score=-2.287 tagged_above=-999 required=5 tests=[AWL=0.311, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5+LFgQT2ioD; Thu, 16 Sep 2010 11:47:24 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5FAB63A68E8; Thu, 16 Sep 2010 11:47:24 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OwJQv-0000dI-Mr for namedroppers-data0@psg.com; Thu, 16 Sep 2010 18:43:45 +0000
Received: from mail-ww0-f48.google.com ([74.125.82.48]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <hallam@gmail.com>) id 1OwJQs-0000cN-NU for namedroppers@ops.ietf.org; Thu, 16 Sep 2010 18:43:43 +0000
Received: by wwd20 with SMTP id 20so68454wwd.17 for <namedroppers@ops.ietf.org>; Thu, 16 Sep 2010 11:43:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=ifzLN0YFIYUhDVFyJZp1ioCzIXG5re42EtDfSez2KBU=; b=D81UoL2n216giDJMZlO+EM0RQLYeL11dG87VOdRkxWlmPxYKe2HtUISwngnELKBRYW vgYaa2N3sEIBB4cVI6TxXAbL4UaPHiFQ6rFPo/76r7HbVOaTSdHZEqHy+iRiE8+G6TmP IaKZ0ziLIt5TaxmIDYsXNrcgdkIrQaNdOZzc8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=d9XmlVpNeCszaQcaTjsmt8x0w67VLXArlMzspCmUQa497DYOiGhTIDStalLwCgo0mL YoDGBsOyz+ozRYETzDEOqpm7shmWAkLXnD02G9ZmCDZnZEDF3xHHl5huXc1McmJeamlT 8IOh5fOvC+nru2q0CAWiZB2vK5L8VeCf6Xa/o=
MIME-Version: 1.0
Received: by 10.227.152.18 with SMTP id e18mr3276361wbw.1.1284662621043; Thu, 16 Sep 2010 11:43:41 -0700 (PDT)
Received: by 10.216.163.195 with HTTP; Thu, 16 Sep 2010 11:43:40 -0700 (PDT)
In-Reply-To: <alpine.LSU.2.00.1009161925200.31356@hermes-2.csi.cam.ac.uk>
References: <AANLkTin2xY+cAck+3sWcn8hibDrZbXLzttznGM9sRQz+@mail.gmail.com> <alpine.LSU.2.00.1009161925200.31356@hermes-2.csi.cam.ac.uk>
Date: Thu, 16 Sep 2010 14:43:40 -0400
Message-ID: <AANLkTikEq8KVQxzAo3e_RJOWbYvVGrXjLnVCooFs3H=q@mail.gmail.com>
Subject: Re: [dnsext] DTLS alternative to DNS-Curve
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: namedroppers <namedroppers@ops.ietf.org>
Content-Type: multipart/alternative; boundary="001636831d482efc59049064d3e2"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
I think it would take a huge amount of effort to get RFC 2930 into an acceptable state. It is ten years old and like many other DNSSEC drafts of that vintage rather vague on details. http://tools.ietf.org/html/rfc2930 This is really not much more than a RR format with a vague suggestion to use GSSAPI. I still need a ticket format to avoid a need for server side state. On Thu, Sep 16, 2010 at 2:26 PM, Tony Finch <dot@dotat.at> wrote: > On Thu, 16 Sep 2010, Phillip Hallam-Baker wrote: > > > > TSIG is much closer to what I want. All I really want is either TSIG plus > a > > key exchange mechanism or TSIG plus confidentiality plus a key exchange > > mechanism. > > TKEY is DNS's key exchange mechanism. > > Tony. > -- > f.anthony.n.finch <dot@dotat.at> http://dotat.at/ > HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO > 7, > DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR > ROUGH. RAIN THEN FAIR. GOOD. > -- Website: http://hallambaker.com/
- [dnsext] DTLS alternative to DNS-Curve Phillip Hallam-Baker
- Re: [dnsext] DTLS alternative to DNS-Curve Tony Finch
- Re: [dnsext] DTLS alternative to DNS-Curve Phillip Hallam-Baker
- Re: [dnsext] DTLS alternative to DNS-Curve Tony Finch
- Re: [dnsext] DTLS alternative to DNS-Curve Phillip Hallam-Baker
- Re: [dnsext] DTLS alternative to DNS-Curve Nicholas Weaver
- Re: [dnsext] DTLS alternative to DNS-Curve Joe Abley
- Re: [dnsext] DTLS alternative to DNS-Curve Paul Vixie
- Re: [dnsext] DTLS alternative to DNS-Curve Paul Vixie