IETF Logo Mail Archive

[homenet] securing zone transfer

Daniel Migault <daniel.migault@ericsson.com> Fri, 07 June 2019 20:03 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5B7A120140 for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.114
X-Spam-Level:
X-Spam-Status: No, score=-2.114 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.415, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z03qJNLiV7hi for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:03:32 -0700 (PDT)
Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ED5D1200B2 for <homenet@ietf.org>; Fri, 7 Jun 2019 13:03:32 -0700 (PDT)
Received: by mail-qk1-f170.google.com with SMTP id s22so2028366qkj.12 for <homenet@ietf.org>; Fri, 07 Jun 2019 13:03:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IvAC+lseTIt8pRiDl3fy5S2/VeMR0CIA2PVLgHuLhNc=; b=GweMwmika+k0m9ojmfO6kcdJydT+Mfdw6VzjvY1/zJjOmZJOOJnlNT12r0JYaPGMNP ENB9G4t95UnvIzBsQ5ShdK5TCv6M4xxOXH6rjshUTRoe5//Wnj5Y+noYLT+IgyCexS1E AFB57jfaoPMNraXpvxv+u6+JUXtMqGPlj+wfRA1ZWwkpSymmD3LpUSxcMBR2plYwVCtA Fs4nkJzpOWrw7naT5ZlaXgsm4Hig/XvVR8CQDZP+FHxZDG3agwE23WwBeLmMJayD0utN 0Jlp8xA/Q2iHtmxqzQdj7WXTyEYb5aZgI+QTAyVr9cLH0n7MwRcEB0g1zVFleqBPAPt4 SvNA==
X-Gm-Message-State: APjAAAXFGirVr4fChyy81MUys1CyMzWjhkxkFCgPUtSI7vCzV7EcrxZd mLiGW3ijJYpQ9v4Rs/8F9iNmRbGGslCYwj36bQ5HyxxX
X-Google-Smtp-Source: APXvYqx+fIPevzAGsCGU1Z7jLE7OgFAiMFXV7ihpke3I1ZK+pDq5RNCEJdTKJi0ugrAR3vu0t8vfcgZw3Ort2uum8lo=
X-Received: by 2002:a37:7783:: with SMTP id s125mr44062632qkc.267.1559937811500; Fri, 07 Jun 2019 13:03:31 -0700 (PDT)
MIME-Version: 1.0
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 07 Jun 2019 16:03:20 -0400
Message-ID: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com>
To: homenet <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002054c6058ac15320"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/YVT152prz_T7c2qCVv8u7mAgB18>
Subject: [homenet] securing zone transfer
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 20:03:34 -0000

Hi,

The front end naming architecture uses a primary and a secondary dns server
to synchronize a zone. The expected exchanges are (SOA, NOTIFY, IXFR, AXFR.
We would like to get feed backs from the working group on what are the most
appropriated way to secure this channel.

Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not
provide confidentiality, and we would rather go for user space security.
Are there any recommendation for using TLS or DTLS in that case ?

Any thoughts would be helpful.

Yours,
Daniel

v2.23.0 | Report a Bug | By Email