[dnsop] Question on key rollover requirement
Gilles Guette <gguette@irisa.fr> Tue, 14 September 2004 15:52 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19945 for <dnsop-archive@lists.ietf.org>; Tue, 14 Sep 2004 11:52:56 -0400 (EDT)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i8EEVfdQ004492; Tue, 14 Sep 2004 07:31:41 -0700 (PDT)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.12.11/8.12.11/Submit) id i8EEVfJx004489; Tue, 14 Sep 2004 07:31:41 -0700 (PDT)
Received: from smtp.irisa.fr (smtp.irisa.fr [131.254.254.26]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i8EEVeui004475 for <dnsop@lists.uoregon.edu>; Tue, 14 Sep 2004 07:31:41 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by localhost.irisa.fr (Postfix) with ESMTP id E5551FAA9 for <dnsop@lists.uoregon.edu>; Tue, 14 Sep 2004 16:31:39 +0200 (CEST)
Received: from smtp.irisa.fr ([131.254.254.26]) by localhost (meli.irisa.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28844-01 for <dnsop@lists.uoregon.edu>; Tue, 14 Sep 2004 16:31:39 +0200 (CEST)
Received: from irisa.fr (medoc.irisa.fr [131.254.70.2]) by smtp.irisa.fr (Postfix) with ESMTP id 5F101FAB7 for <dnsop@lists.uoregon.edu>; Tue, 14 Sep 2004 16:31:39 +0200 (CEST)
Message-ID: <414700CB.8070909@irisa.fr>
Date: Tue, 14 Sep 2004 16:31:39 +0200
From: Gilles Guette <gguette@irisa.fr>
Organization: Irisa/Inria - Rennes
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: fr, en
MIME-Version: 1.0
To: dnsop <dnsop@lists.uoregon.edu>
Subject: [dnsop] Question on key rollover requirement
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at irisa.fr
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Reply-To: Gilles Guette <gguette@irisa.fr>
Content-Transfer-Encoding: 7bit
Hello, In the draft draft-ietf-dnsop-key-rollover-requirements-01.txt we define requirements for automated key rollover between parent and child zones. In section 4, we propose to use only DNSSEC mechanisms to secure exchanged data between parent and child zones. Recent comments from Olaf suggest to use another mechanism. I think the first question is: Do the requirements include the choice of the mechanism used to secure key exchanged between parent and child zones? If the answer is yes, there are several choices: DNSSEC only: motivation to use only DNSSEC mechanism is to keep the automatic key rollover process independant from other protocol. Using IPsec to secure communications. Using EPP. ... We think that comments and discussions about this point are needed to enlightened pros and cons of each choice. Regards . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] Question on key rollover requirement Gilles Guette
- RE: [dnsop] Question on key rollover requirement Scott Hollenbeck