Re: [homenet] securing zone transfer
Michael Richardson <mcr+ietf@sandelman.ca> Fri, 07 June 2019 20:35 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9617F120140 for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.44
X-Spam-Level:
X-Spam-Status: No, score=-0.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTTVW7bhzWBF for <homenet@ietfa.amsl.com>; Fri, 7 Jun 2019 13:35:07 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [209.87.249.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29493120111 for <homenet@ietf.org>; Fri, 7 Jun 2019 13:35:07 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 8E9D93818D for <homenet@ietf.org>; Fri, 7 Jun 2019 16:33:47 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 73B49F60; Fri, 7 Jun 2019 16:35:04 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 715149B0 for <homenet@ietf.org>; Fri, 7 Jun 2019 16:35:04 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: homenet <homenet@ietf.org>
In-Reply-To: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com>
References: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 07 Jun 2019 16:35:04 -0400
Message-ID: <17047.1559939704@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/s_INiKiwfhfipf52d3M8-dkjyso>
Subject: Re: [homenet] securing zone transfer
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 20:35:09 -0000
Daniel Migault <daniel.migault@ericsson.com> wrote: > Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not > provide confidentiality, and we would rather go for user space security. > Are there any recommendation for using TLS or DTLS in that case ? And TSIG requires the Distribution Master to have a database of private (symmetric) keys, which if disclosed causes havok. (yes, DNSSEC can partially save your bacon as we propose signatures be done on the homenet routers) Can we use RFC7858 to authorize and provide privacy for AXFR? We don't know yet! I believe that SIG(0) can be used for authorization, but I've never configured that myself, or seen it in production. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [homenet] securing zone transfer Daniel Migault
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ray Bellis
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Mark Andrews
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] [EXT] securing zone transfer Jacques Latour
- Re: [homenet] [EXT] securing zone transfer Ted Lemon
- Re: [homenet] [EXT] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] [EXT] securing zone transfer Ted Lemon
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] [EXT] securing zone transfer Daniel Migault
- Re: [homenet] number of devices in homenet Daniel Migault
- Re: [homenet] [EXT] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ted Lemon
- Re: [homenet] webauthn for routers (was: securing… MIchael Thomas
- Re: [homenet] webauthn for routers (was: securing… Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] securing zone transfer Michael Richardson
- Re: [homenet] securing zone transfer Ray Hunter (v6ops)
- Re: [homenet] webauthn for routers Michael Richardson
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] securing zone transfer Juliusz Chroboczek
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] webauthn for routers Ted Lemon
- Re: [homenet] webauthn for routers Michael Thomas
- Re: [homenet] [EXT] securing zone transfer Ray Hunter (v6ops)