[homenet] securing zone transfer
Daniel Migault <daniel.migault@ericsson.com> Fri, 07 June 2019 20:03 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5B7A120140 for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.114
X-Spam-Level:
X-Spam-Status: No, score=-2.114 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.415, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z03qJNLiV7hi for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:03:32 -0700 (PDT)
Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ED5D1200B2 for <homenet@ietf.org>; Fri, 7 Jun 2019 13:03:32 -0700 (PDT)
Received: by mail-qk1-f170.google.com with SMTP id s22so2028366qkj.12 for <homenet@ietf.org>; Fri, 07 Jun 2019 13:03:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IvAC+lseTIt8pRiDl3fy5S2/VeMR0CIA2PVLgHuLhNc=; b=GweMwmika+k0m9ojmfO6kcdJydT+Mfdw6VzjvY1/zJjOmZJOOJnlNT12r0JYaPGMNP ENB9G4t95UnvIzBsQ5ShdK5TCv6M4xxOXH6rjshUTRoe5//Wnj5Y+noYLT+IgyCexS1E AFB57jfaoPMNraXpvxv+u6+JUXtMqGPlj+wfRA1ZWwkpSymmD3LpUSxcMBR2plYwVCtA Fs4nkJzpOWrw7naT5ZlaXgsm4Hig/XvVR8CQDZP+FHxZDG3agwE23WwBeLmMJayD0utN 0Jlp8xA/Q2iHtmxqzQdj7WXTyEYb5aZgI+QTAyVr9cLH0n7MwRcEB0g1zVFleqBPAPt4 SvNA==
X-Gm-Message-State: APjAAAXFGirVr4fChyy81MUys1CyMzWjhkxkFCgPUtSI7vCzV7EcrxZd mLiGW3ijJYpQ9v4Rs/8F9iNmRbGGslCYwj36bQ5HyxxX
X-Google-Smtp-Source: APXvYqx+fIPevzAGsCGU1Z7jLE7OgFAiMFXV7ihpke3I1ZK+pDq5RNCEJdTKJi0ugrAR3vu0t8vfcgZw3Ort2uum8lo=
X-Received: by 2002:a37:7783:: with SMTP id s125mr44062632qkc.267.1559937811500; Fri, 07 Jun 2019 13:03:31 -0700 (PDT)
MIME-Version: 1.0
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 07 Jun 2019 16:03:20 -0400
Message-ID: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com>
To: homenet <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002054c6058ac15320"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/YVT152prz_T7c2qCVv8u7mAgB18>
Subject: [homenet] securing zone transfer
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 20:03:34 -0000
Hi, The front end naming architecture uses a primary and a secondary dns server to synchronize a zone. The expected exchanges are (SOA, NOTIFY, IXFR, AXFR. We would like to get feed backs from the working group on what are the most appropriated way to secure this channel. Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not provide confidentiality, and we would rather go for user space security. Are there any recommendation for using TLS or DTLS in that case ? Any thoughts would be helpful. Yours, Daniel
- [homenet] securing zone transfer Daniel Migault
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ray Bellis
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Mark Andrews
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] [EXT] securing zone transfer Jacques Latour
- Re: [homenet] [EXT] securing zone transfer Ted Lemon
- Re: [homenet] [EXT] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] [EXT] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] [EXT] securing zone transfer Daniel Migault
- Re: [homenet] number of devices in homenet Daniel Migault
- Re: [homenet] [EXT] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] webauthn for routers (was: securing… MIchael Thomas
- Re: [homenet] webauthn for routers (was: securing… Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] webauthn for routers Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] [EXT] securing zone transfer Ray Hunter (v6ops)