[dnsop] draft-krishnaswamy-dnsop-dnssec-split-view-03
Suresh Krishnaswamy <suresh@tislabs.com> Wed, 23 August 2006 23:23 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GG24U-0006D9-9I for dnsop-archive@lists.ietf.org; Wed, 23 Aug 2006 19:23:42 -0400
Received: from mailapps.uoregon.edu ([128.223.142.45]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GG24S-00062H-SI for dnsop-archive@lists.ietf.org; Wed, 23 Aug 2006 19:23:42 -0400
Received: from mailapps.uoregon.edu (localhost [127.0.0.1]) by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k7NMOD8a029475; Wed, 23 Aug 2006 15:24:13 -0700
Received: (from majordom@localhost) by mailapps.uoregon.edu (8.13.7/8.13.7/Submit) id k7NMODWf029473; Wed, 23 Aug 2006 15:24:13 -0700
Received: from nutshell.tislabs.com (firewall-user@ns1.tislabs.com [192.94.214.100]) by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k7NMOClS029467 for <dnsop@lists.uoregon.edu>; Wed, 23 Aug 2006 15:24:12 -0700
Received: (from uucp@localhost) by nutshell.tislabs.com (8.12.9/8.12.9) id k7NMN46d021823 for <dnsop@lists.uoregon.edu>; Wed, 23 Aug 2006 18:23:04 -0400 (EDT)
Received: from filbert.tislabs.com(10.66.1.10) by nutshell.tislabs.com via csmap (V6.0) id srcAAAXYaOLQ; Wed, 23 Aug 06 18:22:58 -0400
Received: from [127.0.0.1] (localhost [127.0.0.1]) by tislabs.com (8.12.9/8.12.9) with ESMTP id k7NMM55X019411 for <dnsop@lists.uoregon.edu>; Wed, 23 Aug 2006 18:22:06 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v752.2)
References: <E1GG0qQ-0004OC-5H@megatron.ietf.org>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <684EB56E-5FB6-4C20-8040-1384E7F6F165@tislabs.com>
Content-Transfer-Encoding: 7bit
From: Suresh Krishnaswamy <suresh@tislabs.com>
Subject: [dnsop] draft-krishnaswamy-dnsop-dnssec-split-view-03
Date: Wed, 23 Aug 2006 18:24:03 -0400
To: IETF DNSOP WG <dnsop@lists.uoregon.edu>
X-Mailer: Apple Mail (2.752.2)
X-Virus-Scanned: ClamAV 0.88.4/1720/Wed Aug 23 15:18:27 2006 on mailapps
X-Virus-Status: Clean
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
The latest version of the DNSSEC split-views draft addresses a whole buch of comments that were either sent to the list or directly communicated to me. Major changes in the the draft are that it now actually makes recommendations about which scenario(s) a particular option is best suited to; an improved network architecture figure (with thanks to all those who contributed); reorganization of text with new sections added and portions moved to the appendix. I've also added some text to suggest that this document is more a "DNSSEC" split-views recommendation rather than a "DNS" split-views recommendation. I personally think that there is enough agreement within the working group that this topic, in general, is important. Does the group also feel that we have enough of a start in draft-krishnaswamy-dnsop- dnssec-split-view-03 to form the basis of a Working Group document? Suresh > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Split-View DNSSEC Operational Practices > Author(s) : S. Krishnaswamy > Filename : draft-krishnaswamy-dnsop-dnssec-split-view-03.txt > Pages : 23 > Date : 2006-8-23 > > The security extensions to the Domain Name System (DNSSEC) allow for > integrity protection, whereby it is possible to make a > determination > of the verity of data returned from the Domain Name System in > response to a query. Current operation of the Domain Name System > also allows for the creation of multiple views of data, where the > answer returned in response to a query is dependent on the > origin of > the query. Data integrity and the ability to return possibly > conflicting values as in split-views may be construed to be > mutually > conflicting goals; but this apparent dichotomy is resolvable in > practice through careful configuration. This document provides > recommendations for configuring a manageable split-view DNSSEC > environment in a representative enterprise network. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-krishnaswamy-dnsop-dnssec- > split-view-03.txt > . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] draft-krishnaswamy-dnsop-dnssec-split-vie… Suresh Krishnaswamy
- [dnsop] abstract of split-view-03 Edward Lewis
- Re: [dnsop] draft-krishnaswamy-dnsop-dnssec-split… Andrew Sullivan
- [dnsop] Chapter 1 of split-view-03 Edward Lewis
- Re: [dnsop] Chapter 1 of split-view-03 Suresh Krishnaswamy
- Re: [dnsop] Chapter 1 of split-view-03 Edward Lewis