Re: [mif] New Charter Items - NTP in RA for DNSSEC

Alexandre Petrescu <> Tue, 08 March 2016 12:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E24BD12D6B2 for <>; Tue, 8 Mar 2016 04:55:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.353
X-Spam-Status: No, score=-5.353 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id axjbIs4Yx0UT for <>; Tue, 8 Mar 2016 04:55:42 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D371112D69C for <>; Tue, 8 Mar 2016 04:55:41 -0800 (PST)
Received: from ( []) by (8.15.2/8.15.2/CEAnet-Internet-out-2.4) with ESMTP id u28CtdOv026425 for <>; Tue, 8 Mar 2016 13:55:39 +0100
Received: from (localhost []) by localhost (Postfix) with SMTP id C9E3320CC54 for <>; Tue, 8 Mar 2016 13:56:06 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTP id B628220CC31 for <>; Tue, 8 Mar 2016 13:56:06 +0100 (CET)
Received: from [] ([]) by (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id u28CtdpJ004043 for <>; Tue, 8 Mar 2016 13:55:39 +0100
References: <>
From: Alexandre Petrescu <>
Message-ID: <>
Date: Tue, 8 Mar 2016 13:55:37 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [mif] New Charter Items - NTP in RA for DNSSEC
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiple Interface Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Mar 2016 12:55:44 -0000

Le 02/03/2016 13:24, Margaret Cullen a écrit :
> At the last IETF meeting, and later on the mailing list, we reached consensus that we would use a two-step approach for the configuration of explicit PVDs.  RAs would be used to provide the information to do a second-step look up, including the PVD name.  Then a second step would be used to look up further information about the PVD.
> The only proposal we currently have on the table for a second-step look-up is a DNS look-up, and no one seems to proposing any other second step, so I believe there are three things that we need to define in order for this to work:
> - An NTP server option for RAs, so that DNSSEC can be used for the lookup.

Sounds like a good idea.

I guess DNSSEC operation needs the querier to have the right time 
otherwise it's insecure?  Hence the need for NTP?

I could find 2 earlier drafts on this, maybe there are others.

If extending RA then it's good to use the RA "flags option" RFC5075.


> - A PVD Name option for RAs, so that we can tell hosts what PVD to look up.
> - What PVD information can be stored in the DNS and how it will be retrieved.
> Those things would need to be added to our charter, so that we can accept corresponding work items.
> Does anyone have any objection to adding these three things to the MIF charter?  If not, the chairs and the AD will put together a propos
> _______________________________________________
> mif mailing list