Re: [mif] New Charter Items - NTP in RA for DNSSEC

Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 08 March 2016 12:55 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24BD12D6B2 for <mif@ietfa.amsl.com>; Tue, 8 Mar 2016 04:55:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.353
X-Spam-Level:
X-Spam-Status: No, score=-5.353 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axjbIs4Yx0UT for <mif@ietfa.amsl.com>; Tue, 8 Mar 2016 04:55:42 -0800 (PST)
Received: from cirse-out.extra.cea.fr (cirse-out.extra.cea.fr [132.167.192.142]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D371112D69C for <mif@ietf.org>; Tue, 8 Mar 2016 04:55:41 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse.extra.cea.fr (8.15.2/8.15.2/CEAnet-Internet-out-2.4) with ESMTP id u28CtdOv026425 for <mif@ietf.org>; Tue, 8 Mar 2016 13:55:39 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id C9E3320CC54 for <mif@ietf.org>; Tue, 8 Mar 2016 13:56:06 +0100 (CET)
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (Postfix) with ESMTP id B628220CC31 for <mif@ietf.org>; Tue, 8 Mar 2016 13:56:06 +0100 (CET)
Received: from [132.166.84.81] ([132.166.84.81]) by muguet1.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id u28CtdpJ004043 for <mif@ietf.org>; Tue, 8 Mar 2016 13:55:39 +0100
To: mif@ietf.org
References: <39E5345B-04C4-4149-A1A6-F0F5F4988C16@gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <56DECBC9.7060800@gmail.com>
Date: Tue, 8 Mar 2016 13:55:37 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <39E5345B-04C4-4149-A1A6-F0F5F4988C16@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mif/ri9ClDKxJHKVUGhmq5--ibtG1f0>
Subject: Re: [mif] New Charter Items - NTP in RA for DNSSEC
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mif/>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 12:55:44 -0000


Le 02/03/2016 13:24, Margaret Cullen a écrit :
>
> At the last IETF meeting, and later on the mailing list, we reached consensus that we would use a two-step approach for the configuration of explicit PVDs.  RAs would be used to provide the information to do a second-step look up, including the PVD name.  Then a second step would be used to look up further information about the PVD.
>
> The only proposal we currently have on the table for a second-step look-up is a DNS look-up, and no one seems to proposing any other second step, so I believe there are three things that we need to define in order for this to work:
>
> - An NTP server option for RAs, so that DNSSEC can be used for the lookup.

Sounds like a good idea.

I guess DNSSEC operation needs the querier to have the right time 
otherwise it's insecure?  Hence the need for NTP?

I could find 2 earlier drafts on this, maybe there are others.
draft-chen-ntps-ra-opt-00
draft-bcd-6man-ntp-server-ra-opt-00

If extending RA then it's good to use the RA "flags option" RFC5075.

Alex


> - A PVD Name option for RAs, so that we can tell hosts what PVD to look up.
> - What PVD information can be stored in the DNS and how it will be retrieved.
>
> Those things would need to be added to our charter, so that we can accept corresponding work items.
>
> Does anyone have any objection to adding these three things to the MIF charter?  If not, the chairs and the AD will put together a propos
>
> _______________________________________________
> mif mailing list
> mif@ietf.org
> https://www.ietf.org/mailman/listinfo/mif
>