Re: [DNSOP] Fwd: New Version Notificationfor draft-mekking-dnsop-auto-cpsync-00
Mark Andrews <marka@isc.org> Tue, 29 June 2010 23:28 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 34E9E3A69F0 for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 16:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odMN96kLJg6N for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 16:27:59 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by core3.amsl.com (Postfix) with ESMTP id B738F3A69C5 for <dnsop@ietf.org>; Tue, 29 Jun 2010 16:27:58 -0700 (PDT)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id DBC5AC9420; Tue, 29 Jun 2010 23:27:58 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 5976CE601A; Tue, 29 Jun 2010 23:27:58 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id o5TNRqWo062148; Wed, 30 Jun 2010 09:27:54 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <201006292327.o5TNRqWo062148@drugs.dv.isc.org>
To: Stephan Lagerholm <stephan.lagerholm@secure64.com>
From: Mark Andrews <marka@isc.org>
References: <4C29F2FA.1000907@nlnetlabs.nl> <4C29FE8F.6030002@nlnetlabs.nl> <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>
In-reply-to: Your message of "Tue, 29 Jun 2010 08:32:07 CST." <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>
Date: Wed, 30 Jun 2010 09:27:52 +1000
Sender: marka@isc.org
Cc: dnsop@ietf.org, Matthijs Mekking <matthijs@NLnetLabs.nl>
Subject: Re: [DNSOP] Fwd: New Version Notificationfor draft-mekking-dnsop-auto-cpsync-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2010 23:28:00 -0000
In message <DD056A31A84CFC4AB501BD56D1E14BBB826B70@exchange.secure64.com>, "Ste phan Lagerholm" writes: > HI Matthijs, > > I like this draft but I'm a little bit concerned about the scalability. > How will a busy parent provision a unique secret key for each of the > child? And how will this key be transported between the parent and the > child in a secure way? How are NS records passed to the parent in a secure manner today? If a parent can accept the volume of NS records required to delegate it can generate keys just as fast and send them back over the same channel. There is no scaling issue here. > Thanks, Stephan > ---------------------------------------------------------------------- > Stephan Lagerholm > Senior DNS Architect, M.Sc. ,CISSP > Secure64 Software Corporation, www.secure64.com > Cell: 469-834-3940 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] Fwd: New Version Notificationfor draf… Wolfgang Nagele
- [DNSOP] Fwd: New Version Notification for draft-m… Matthijs Mekking
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthijs Mekking
- Re: [DNSOP] Fwd: New Version Notificationfor draf… Stephan Lagerholm
- Re: [DNSOP] Fwd: NewVersion Notificationfor draft… Stephan Lagerholm
- Re: [DNSOP] Fwd: NewVersion Notificationfor draft… Wolfgang Nagele
- Re: [DNSOP] Fwd: New Version Notificationfor draf… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification fordraf… George Barwood
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Stephan Lagerholm
- Re: [DNSOP] Fwd: New Version Notificationfordraft… George Barwood
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Tony Finch
- Re: [DNSOP] Fwd: NewVersion Notificationfor draft… Matthijs Mekking
- Re: [DNSOP] Fwd: New Version Notification fordraf… Wolfgang Nagele
- Re: [DNSOP] Fwd: New Version Notification fordraf… Shane Kerr
- Re: [DNSOP] Fwd: New Version Notification fordraf… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notificationfordraft… George Barwood
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Wolfgang Nagele
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notificationfordraft… George Barwood
- Re: [DNSOP] Fwd: New Version Notification fordraf… George Barwood
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Andrew Sullivan
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Wolfgang Nagele
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Jakob Schlyter
- Re: [DNSOP] Fwd: New Version Notificationfordraft… Jakob Schlyter
- Re: [DNSOP] Fwd: New Version Notification for dra… bmanning