IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notificationfor draft-mekking-dnsop-auto-cpsync-00

Mark Andrews <marka@isc.org> Tue, 29 June 2010 23:28 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 34E9E3A69F0 for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 16:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odMN96kLJg6N for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 16:27:59 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id B738F3A69C5 for <dnsop@ietf.org>; Tue, 29 Jun 2010 16:27:58 -0700 (PDT)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id DBC5AC9420; Tue, 29 Jun 2010 23:27:58 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 5976CE601A; Tue, 29 Jun 2010 23:27:58 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id o5TNRqWo062148; Wed, 30 Jun 2010 09:27:54 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <201006292327.o5TNRqWo062148@drugs.dv.isc.org>
To: Stephan Lagerholm <stephan.lagerholm@secure64.com>
From: Mark Andrews <marka@isc.org>
References: <4C29F2FA.1000907@nlnetlabs.nl> <4C29FE8F.6030002@nlnetlabs.nl> <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>
In-reply-to: Your message of "Tue, 29 Jun 2010 08:32:07 CST." <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>
Date: Wed, 30 Jun 2010 09:27:52 +1000
Sender: marka@isc.org
Cc: dnsop@ietf.org, Matthijs Mekking <matthijs@NLnetLabs.nl>
Subject: Re: [DNSOP] Fwd: New Version Notificationfor draft-mekking-dnsop-auto-cpsync-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2010 23:28:00 -0000

In message <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>, "Ste
phan Lagerholm" writes:
> HI Matthijs,
> 
> I like this draft but I'm a little bit concerned about the scalability.
> How will a busy parent provision a unique secret key for each of the
> child? And how will this key be transported between the parent and the
> child in a secure way?

How are NS records passed to the parent in a secure manner today?
If a parent can accept the volume of NS records required to delegate
it can generate keys just as fast and send them back over the same
channel.  There is no scaling issue here.

> Thanks, Stephan
> ----------------------------------------------------------------------
> Stephan Lagerholm
> Senior DNS Architect, M.Sc. ,CISSP
> Secure64 Software Corporation, www.secure64.com
> Cell: 469-834-3940
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email