Re: [mif] New Charter Items - NTP in RA for DNSSEC

Margaret Cullen <mrcullen42@gmail.com> Sun, 13 March 2016 00:06 UTC

Return-Path: <mrcullen42@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA8712D8E1 for <mif@ietfa.amsl.com>; Sat, 12 Mar 2016 16:06:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ROGDaf-Px7ZQ for <mif@ietfa.amsl.com>; Sat, 12 Mar 2016 16:06:17 -0800 (PST)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1F5912D8B1 for <mif@ietf.org>; Sat, 12 Mar 2016 16:06:17 -0800 (PST)
Received: by mail-yw0-x22a.google.com with SMTP id d65so130322699ywb.0 for <mif@ietf.org>; Sat, 12 Mar 2016 16:06:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=WYY46lN+rCgXPv2zGdmbw3cK18siUo1ddSmLoG4Czrw=; b=WVw1Au+u66H74XGrI+rUHxd3sBlaF+NDpA+0QQy58YLz8ZhGUgMGiHCSrN2GZMMIfB UAeGgfV0HzQhVUuq9UX3nsBnK0W0KPDj5QUkL4avqjrsGNuOqq4sNOJTaEBtfWwkWZcp 0hf+9fcMfApJqNSCUWHIMPNOdx/cCIIp5+39kcqoiWtyU4JF5df1IH/IbjS86IqNwhG5 4jLTA0sKvxbxRtF36GZ+XuIrjiTCXR1ynq3BMe9FZgmXXiUzoOmrvgw6GSz/6DEdCFYY TuWQ5l5MOh7MGnlhnLwtGPG9rBAcfXwvHt5YDRf/ZtmvaRqlK3xryK9jxf8wlPZhsc5U 0smw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=WYY46lN+rCgXPv2zGdmbw3cK18siUo1ddSmLoG4Czrw=; b=C3B9NuS/O7MqjUsP1ymofJheFvFtWf0IDAvFygP7KC9N22AQh2M9kij0gA1o6ZqBSw 70n3IBZ38CYCLulCkWp67yI1dI+9i8kgPKgCTco989MSX7yzAPOCKk1mmYo3Mgnjv2Bz /4JBdK+FrRtHofc4zRJKQFhCz9Eq4PUdZq9fu7yr9KoAL42t47dYK+9sWA+AS+JBCn4Q W25rNwC8GGksw71TYVNv6Rr74ZJPiOAuAAj9TJkAqNHI0nkN4rLOh5ocAEKxg4ijznEa XchTWZ+p1k/3qFA5oK2t79RHkGH6gYg5zb+XXlYaFT/LSJAsoM2g7neeMk2WqFCUXyFk 4veQ==
X-Gm-Message-State: AD7BkJLrOZcznFlAXbuGESn0LbPCpNrgLdv+3DKQG2YXCvzb2QJXs70muY7n0uKVH4GeRA==
X-Received: by 10.129.83.196 with SMTP id h187mr8504017ywb.319.1457827577093; Sat, 12 Mar 2016 16:06:17 -0800 (PST)
Received: from new-host.home (pool-72-74-19-153.bstnma.fios.verizon.net. [72.74.19.153]) by smtp.gmail.com with ESMTPSA id p189sm9451109ywc.44.2016.03.12.16.06.15 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Mar 2016 16:06:16 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_7DF7E4D7-795D-4A2D-B42B-0FACEC221318"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Margaret Cullen <mrcullen42@gmail.com>
In-Reply-To: <56DECBC9.7060800@gmail.com>
Date: Sat, 12 Mar 2016 19:06:15 -0500
Message-Id: <9B436C85-C05B-430A-915E-C332604DAA7E@gmail.com>
References: <39E5345B-04C4-4149-A1A6-F0F5F4988C16@gmail.com> <56DECBC9.7060800@gmail.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: <http://mailarchive.ietf.org/arch/msg/mif/HhHqMwFS9aC7JeVFvD0ueb98WGc>
Cc: mif@ietf.org
Subject: Re: [mif] New Charter Items - NTP in RA for DNSSEC
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mif/>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 00:06:19 -0000

On Mar 8, 2016, at 7:55 AM, Alexandre Petrescu <alexandre.petrescu@gmail.com> wrote:
>> - An NTP server option for RAs, so that DNSSEC can be used for the lookup.
> 
> Sounds like a good idea.
> 
> I guess DNSSEC operation needs the querier to have the right time otherwise it's insecure?  Hence the need for NTP?

As I understand it, DNSSEC needs the right time, otherwise it doesn't work.

> 
> I could find 2 earlier drafts on this, maybe there are others.
> draft-chen-ntps-ra-opt-00
> draft-bcd-6man-ntp-server-ra-opt-00
> 
> If extending RA then it's good to use the RA "flags option" RFC5075.

I don't think we'd probably do an NTP RA option in the MIF WG.  I suspect it would make more sense to do it in 6man -- we'd have to discuss it with them and see if they agree.

Margaret