Re: [DNSOP] proposal: Covert in-band zone data
Joe Abley <jabley@hopcount.ca> Sat, 06 July 2019 23:09 UTC
Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 400DD1200FB for <dnsop@ietfa.amsl.com>; Sat, 6 Jul 2019 16:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qW8XoulYseJT for <dnsop@ietfa.amsl.com>; Sat, 6 Jul 2019 16:09:39 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 410D91200F1 for <dnsop@ietf.org>; Sat, 6 Jul 2019 16:09:39 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id x25so5676957ljh.2 for <dnsop@ietf.org>; Sat, 06 Jul 2019 16:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc; bh=KmfKtorM+ZQWtauie0qwG0Ncl5ZeexqJUFHsioky3lE=; b=oyze8kibRMJ3QR+WwfSVvqSepKJk0uI8NV5u68f4rTXEdPaTJgi+vZf42yP8ezvChh YEqvxKyoX//NuwQDzfhxxfl+gAgaPzTu8+aEJ38z9o3dYIF/3eMtZLI42CdKk2X/ZDNt Jd+FXAtiOhrOoMbjvWEJhQuKCsz5+71yf1V2I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc; bh=KmfKtorM+ZQWtauie0qwG0Ncl5ZeexqJUFHsioky3lE=; b=qI6pIw0/AuvO6fzLdiPW7ZQFS6g+Pd1NDVfiBlDrFWVJbQ3XgotaQck5EPw46CYbBS LcqijD7WlTVh3iDmF3n0h2ZuYLbCski2voZNDcOR/+/2Pq0llwxV+OxLXjU/agvfvSIb k2CS8QEACFWCPjcPcGf3S1tD2wnd0Oc7Ksvmy+p2ehSAr1p0vN6b0H2fDjZrxyM29YwI l5+jSFxjn6f+uClSIyAdYmeKWrhahjSf5DzdDkHj+7UrmzA3/AkgeHqyDugtitsh0Uz3 XvMn5evX+VzInRyIOQGbd2Zh3eAZKSNhCwe1c5WkuPC7NlshPNVRU2a+bLI15mv523kr HQHw==
X-Gm-Message-State: APjAAAWOF7IbbEhLTCdGHGzEd/iH46PPIoaBfUHjXQVyTaZmls2F5u9q sNBCl2pvSw7MzhBbfrCVNVhOUJqMHL4xDtM3+Q+/JA==
X-Google-Smtp-Source: APXvYqyz3gcnhKyn8KPbHnoeghr3tAw40lqZvKOzRmYqjgiHs9kUIqx6bOgThLxmMHDywblIoQecYhfSYZKknsFzg8k=
X-Received: by 2002:a2e:b1c1:: with SMTP id e1mr5964265lja.228.1562454577341; Sat, 06 Jul 2019 16:09:37 -0700 (PDT)
Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Sat, 6 Jul 2019 16:09:36 -0700
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <20190706213024.GA56650@isc.org> <CAJhMdTMwCiAS+S_j-i3BXPZ=G1zVhAq+YKH07RsDWRgezPhejg@mail.gmail.com> <caa695e7-21e6-9c41-1814-1f4c1d64df7f@isc.org>
In-Reply-To: <caa695e7-21e6-9c41-1814-1f4c1d64df7f@isc.org>
Date: Sat, 06 Jul 2019 16:09:36 -0700
Message-ID: <CAJhMdTPK3iqg4sF0Kr+jGAXTf2MZ8FAP0DgwQw1kVBHa65wTNA@mail.gmail.com>
To: Witold Krecicki <wpk@isc.org>
Cc: dnsop@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/e1m-dJLD3q1ikBlihU3NNLyAU3U>
Subject: Re: [DNSOP] proposal: Covert in-band zone data
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 23:09:41 -0000
Hi Witold, > On Jul 6, 2019, at 19:05, Witold Krecicki <wpk@isc.org> wrote: > > The primary use case I'm thinking about is to give secondaries the > ability to do online NSEC signing to provide white lies. Proposed NSEC5 > also requires a method to transfer the private key to the slave. > And, again - this is just one of the proposed uses of covert RRs, this > document is showing it just as an example. Interesting, thanks! There's an argument, I suppose, that an out-of-band mechanism to exchange metadata is already required to agree things like DNS NOTIFY targets, master servers andTSIG shared secrets. Those things already need to be exchanged securely, so presumably you're not talking about just setup time, but rather over time to manage automated ZSK rolls, etc? Joe
- [DNSOP] proposal: Covert in-band zone data Evan Hunt
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Evan Hunt
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Wessels, Duane
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Brian Dickson
- Re: [DNSOP] proposal: Covert in-band zone data Richard Gibson
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Bill Woodcock
- Re: [DNSOP] proposal: Covert in-band zone data Wessels, Duane
- Re: [DNSOP] proposal: Covert in-band zone data jabley
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Tony Finch
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Dan Mahoney
- Re: [DNSOP] proposal: Covert in-band zone data Matthew Pounsett
- Re: [DNSOP] proposal: Covert in-band zone data Samuel Weiler
- Re: [DNSOP] proposal: Covert in-band zone data Ólafur Guðmundsson
- Re: [DNSOP] proposal: Covert in-band zone data Paul Wouters
- Re: [DNSOP] proposal: Covert in-band zone data Evan Hunt
- Re: [DNSOP] proposal: Covert in-band zone data Tim Wattenberg
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Dan Mahoney
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Dan Mahoney
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Bob Harold
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Dan Mahoney
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Paul Ebersman
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Mark Andrews
- Re: [DNSOP] proposal: Covert in-band zone data Witold Krecicki
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data Bob Harold
- Re: [DNSOP] proposal: Covert in-band zone data Joe Abley
- Re: [DNSOP] proposal: Covert in-band zone data JW λ John Woodworth