[renum] Key management [draft-liu-6renum-gap-analysis-03]
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 13 December 2011 20:11 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F19F721F8ADE for <renum@ietfa.amsl.com>; Tue, 13 Dec 2011 12:11:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.587
X-Spam-Level:
X-Spam-Status: No, score=-103.587 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xv+8Gm9PJJ8Y for <renum@ietfa.amsl.com>; Tue, 13 Dec 2011 12:11:44 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4A67421F8ACA for <renum@ietf.org>; Tue, 13 Dec 2011 12:11:44 -0800 (PST)
Received: by iaek3 with SMTP id k3so53112iae.31 for <renum@ietf.org>; Tue, 13 Dec 2011 12:11:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=hKS3l+yXwHxYQnAGv6K7gM5qTks5FAz2+zwVjhOSpsE=; b=rUtp8QBc2M728njaoK0PHKkMrWjdkL+qGNWT3dC5IrQGMu2rSTatdJ54IajtWBGi9w drwmlqfxP4LVyOUcdJuw2UxfhhQOLvi37wuYy4a/ResViSim+1pR/5gd42nEjPtYZeHp DR8NZt5oRrWpXsFClYRrh//xYw7rv5N6H/VNU=
Received: by 10.50.17.165 with SMTP id p5mr20715497igd.84.1323807100592; Tue, 13 Dec 2011 12:11:40 -0800 (PST)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz. [130.216.38.124]) by mx.google.com with ESMTPS id zs7sm203076igb.0.2011.12.13.12.11.38 (version=SSLv3 cipher=OTHER); Tue, 13 Dec 2011 12:11:39 -0800 (PST)
Message-ID: <4EE7B177.6020309@gmail.com>
Date: Wed, 14 Dec 2011 09:11:35 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "renum@ietf.org" <renum@ietf.org>
References: <5C46AA96-3CDA-41AD-8197-E7989DEC2609@gmail.com> <5D36713D8A4E7348A7E10DF7437A4B9218580CF0@SZXEML506-MBX.china.huawei.com> <7D6F6DAB-D8B3-46AA-8339-D9B92E6356F1@gmail.com> <20111209224530.322F11968819@drugs.dv.isc.org>
In-Reply-To: <20111209224530.322F11968819@drugs.dv.isc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [renum] Key management [draft-liu-6renum-gap-analysis-03]
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 20:11:45 -0000
On 2011-12-10 11:45, Mark Andrews wrote: > In message <7D6F6DAB-D8B3-46AA-8339-D9B92E6356F1@gmail.com>, Ran Atkinson write > s: ... >>>> I think the problems with key management deserve their >>>> own subsection in Section 10 -- as a category of "gap" >>>> that ought to be addressed. That new subsection ought >>>> to note the operational issues with key provisioning >>>> and key management for Secure Dynamic DNS Update >>>> (at least for non-MS nodes) and equally or more so >>>> for Secure DHCPv6 and SEND. One would hope these >>>> would not fall into the "unsolvable gap" category, >>>> but in any event these gaps do need to be clearly >>>> documented. >>> The key management is a complicated issue. It is worth >>> a separated draft. It is relevant. However, we don't >>> think it is a renumbering specific issue. We will add >>> some new text for it. But we would like to leave it out of scope. >> I do not think that ignoring the issue or declaring it >> out-of-scope is a legitimate position to take for this >> document. >> >> IETF rules require that ALL documents must fully address >> Security Considerations *within their own document*. >> >> Ignoring that topic -- or shunting it off to other >> documents -- will result in a Last Call objection from me >> and possibly others on the very solid technical grounds >> that the Security Considerations are known to be deficient. Right, but the question is what can we say about key management that is specific to enterprise renumbering? We can explain the problem, but this is presumably not the WG where a solution should be developed. > With Windows you add the machine to the domain. This is a > one off procedure and the last time I did it this it needed > a domain administrators password if my memory is correct. > > Initial registration doesn't necessarially need to be standardised. > It can be ad-hoc. Log into a web page and it can return a TSIG > which is configured into the nameserver and the client machine. > > That's done all the time to secure zone transfers. > > What need to be standardised is what goes on the wire and that > was done years ago. The rest really is implementation detail. Really? It seems to me that the Windows solution will only work for a Microsoft shop, not for a heterogeneous enterprise network. Brian
- Re: [renum] draft-liu-6renum-gap-analysis-03 Sheng Jiang
- Re: [renum] draft-liu-6renum-gap-analysis-03 Ran Atkinson
- Re: [renum] draft-liu-6renum-gap-analysis-03 Mark Andrews
- [renum] Key management [draft-liu-6renum-gap-anal… Brian E Carpenter
- Re: [renum] Key management [draft-liu-6renum-gap-… Mark Andrews
- Re: [renum] draft-liu-6renum-gap-analysis-03 Leo Liu(bing)