Re: [mif] Comments on draft-ietf-mif-dns-server-selection-01
Andrew Sullivan <ajs@shinkuro.com> Tue, 29 March 2011 12:48 UTC
Return-Path: <ajs@shinkuro.com>
X-Original-To: mif@core3.amsl.com
Delivered-To: mif@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 172AC3A681B for <mif@core3.amsl.com>; Tue, 29 Mar 2011 05:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.577
X-Spam-Level:
X-Spam-Status: No, score=-102.577 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obF4wa8NcM1f for <mif@core3.amsl.com>; Tue, 29 Mar 2011 05:48:56 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 36FCF3A67F0 for <mif@ietf.org>; Tue, 29 Mar 2011 05:48:56 -0700 (PDT)
Received: from shinkuro.com (unknown [130.129.99.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 21F3A1ECB41D; Tue, 29 Mar 2011 12:50:32 +0000 (UTC)
Date: Tue, 29 Mar 2011 08:50:26 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
Message-ID: <20110329125026.GH88058@crankycanuck.ca>
References: <20110328114453.GD85777@crankycanuck.ca> <916CE6CF87173740BC8A2CE44309696201647D@008-AM1MPN1-036.mgdnok.nokia.com> <EA8E2993-CEB7-45E9-B573-4140F5560A55@nominum.com> <916CE6CF87173740BC8A2CE443096962016624@008-AM1MPN1-036.mgdnok.nokia.com> <B66B2C01-A514-4731-B3AB-B03EAB5B00DB@nominum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B66B2C01-A514-4731-B3AB-B03EAB5B00DB@nominum.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "mif@ietf.org" <mif@ietf.org>
Subject: Re: [mif] Comments on draft-ietf-mif-dns-server-selection-01
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 12:48:59 -0000
On Tue, Mar 29, 2011 at 07:58:42AM +0000, Ted Lemon wrote: > On Mar 29, 2011, at 9:47 AM, "teemu.savolainen@nokia.com" <teemu.savolainen@nokia.com> wrote: > > Where the case 4 could happen? When the trusted DNS server address is configured via some secure channel (e.g. administratively)? > > Yes, that's the case I had in mind. It's probably worth defining the terms more clearly if there is agreement on the set of four requirements that I suggested, but I'm curious to know if Andrew and Peter think they make sense. This was more or less what I had in mind with the many trust anchor thing as well. Essentially, the idea is that you use the DNSSEC trust anchor as something similar to a VPN config: you need some prior configuration. By having this extra Trust Anchor, you can have something that proves your claims cryptographically. But I'm still not sure whether that's a use case we care about (it sounds like "no", to me). A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
- [mif] Comments on draft-ietf-mif-dns-server-selec… Andrew Sullivan
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… teemu.savolainen
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Ted Lemon
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… teemu.savolainen
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Ted Lemon
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Andrew Sullivan