[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

To: Ray.Bellis at nominet.org.uk
Subject: Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
From: bmanning at vacation.karoshi.com
Date: Thu, 22 Oct 2009 20:35:26 +0000
Cc: dnsop at ietf.org
Delivered-to: dnsop at core3.amsl.com
In-reply-to: <OFD7B965B7.53CC1C17-ON80257656.0028D85C-80257656.002974DF at nominet.org.uk>
List-archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <OFA656600E.F5229B3D-ON80257650.005247BF-80257650.00527644 at nominet.org.uk> <82skde36c9.fsf at mid.bfk.de> <DE23E9BF50E437E2D5CA65C8 at Ximines.local> <82ljj61gle.fsf at mid.bfk.de> <200910202329.n9KNT56j048843 at drugs.dv.isc.org> <1F61DD04-14A6-4349-8650-9CF27D27C3BC at hopcount.ca> <200910210145.n9L1j8of033780 at drugs.dv.isc.org> <8263a9xnem.fsf at mid.bfk.de> <OFD7B965B7.53CC1C17-ON80257656.0028D85C-80257656.002974DF at nominet.org.uk>
User-agent: Mutt/1.4.1i

On Wed, Oct 21, 2009 at 08:32:49AM +0100, Ray.Bellis at nominet.org.uk wrote:
> > Mark, I din't think this is true given how the proposed protocol
> > works.  For a start, you often cannot fetch the DNSKEY RR for ARPA
> > before running the protocol.
> 
> Indeed LOCAL.ARPA would need to be unsigned.  That needs to be added to 
> the draft.
> 
> Since (as Bill points out) LOCAL.ARPA would be served much like RFC 1918 
> space there's no way it could be signed and have the DS key present in the 
> parent, because there will be numerous separate instances of LOCAL.ARPA. 

	well...  there are these cases where an island of trust
	gets its DS keys treated as a SEP and folks configure them
	anyway.

	and I'm sure we can get some kind folks to ensure that no one
	-EVER- shares a trusted keys file with others.

	just saying.

--bill

> 
> In any event the seeding query needs to be sent without the DO bit set, 
> since (some) CPE proxies are known to interfere with that.
> 
> Ray

> _______________________________________________
> DNSOP mailing list
> DNSOP at ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

References:
- [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Ray . Bellis
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Alex Bligh
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Mark Andrews
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Joe Abley
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Mark Andrews
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Florian Weimer
- Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
  - From: Ray . Bellis

Prev by Date: [DNSOP] Fw: I-D Action:draft-yao-dnsop-idntld-implementation-01.txt
Next by Date: [DNSOP] Fwd: New Version Notification for draft-ljunggren-dps-framework-01
Previous by thread: Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
Next by thread: [DNSOP] Fw: New Version Notification for draft-morris-dnsop-dnssec-key-timing-01
Index(es):
- Date
- Thread