IETF Logo Mail Archive

Re: [DNSOP] proposal: Covert in-band zone data

Witold Krecicki <wpk@isc.org> Sat, 06 July 2019 23:05 UTC

Return-Path: <wpk@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B21781200FB for <dnsop@ietfa.amsl.com>; Sat, 6 Jul 2019 16:05:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpreluczX52T for <dnsop@ietfa.amsl.com>; Sat, 6 Jul 2019 16:05:32 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927751200F1 for <dnsop@ietf.org>; Sat, 6 Jul 2019 16:05:32 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 64C873AB005 for <dnsop@ietf.org>; Sat, 6 Jul 2019 23:05:32 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5BCF816006B for <dnsop@ietf.org>; Sat, 6 Jul 2019 23:05:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3DB20160069 for <dnsop@ietf.org>; Sat, 6 Jul 2019 23:05:32 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id gGRCgVi2eXDp for <dnsop@ietf.org>; Sat, 6 Jul 2019 23:05:32 +0000 (UTC)
Received: from [192.168.69.142] (unknown [31.179.189.14]) by zmx1.isc.org (Postfix) with ESMTPSA id AE230160068 for <dnsop@ietf.org>; Sat, 6 Jul 2019 23:05:31 +0000 (UTC)
To: dnsop@ietf.org
References: <20190706213024.GA56650@isc.org> <CAJhMdTMwCiAS+S_j-i3BXPZ=G1zVhAq+YKH07RsDWRgezPhejg@mail.gmail.com>
From: Witold Krecicki <wpk@isc.org>
Message-ID: <caa695e7-21e6-9c41-1814-1f4c1d64df7f@isc.org>
Date: Sun, 07 Jul 2019 01:05:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CAJhMdTMwCiAS+S_j-i3BXPZ=G1zVhAq+YKH07RsDWRgezPhejg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bdy8KCGsGvkNjDlV8JFqoZtCWX4>
Subject: Re: [DNSOP] proposal: Covert in-band zone data
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 23:05:34 -0000

W dniu 07.07.2019 o 00:39, Joe Abley pisze:
> What's the use-case for using the DNS to transfer private key data?All of those methods require configuring an external, out-of-band
mechanism to transfer the ZSK - using covert records is something that'd
work 'out of the box'.
The primary use case I'm thinking about is to give secondaries the
ability to do online NSEC signing to provide white lies. Proposed NSEC5
also requires a method to transfer the private key to the slave.
And, again - this is just one of the proposed uses of covert RRs, this
document is showing it just as an example.
-- 
Witold

v2.23.0 | Report a Bug | By Email