Alain;
> >> During yesterday's discussion on DNS discovery
> >> we somehow jumped the gun a bit quickly and moved
> >> to solution space without really understanding the requirements.
> >
> > OK. What's wrong if microsoft run DNS servers at
> >
> > yourdomain.microsoft.com
> >
> > and preconfigure keys in their OS for dynamic update?
>
> Not sure I understand how your comment is related to this discussion....
> could you please clarify?
If the requirement is to be registered under some domain, let
vendors provide it.
> >> 1- finding a recursive name server
> >> 2- finding a search list
> >> 3- updating the forward DNS tree
> >> 4- updating the reverse DNS tree
> >> 5- finding a NTP source for DNSsec signature verification
> >>
> >> From this list, it seems to me that 1- is critical,
> >
> > Well known anycast addresses are more than enough for 1.
>
> I agree it works (I wrote the draft ;-).
And, it needs no new protocol.
> >> 5- is important
> >
> > You should be joking. Where is security?
>
> You need a reasonable clock to verify DNSsec signature.
How can you verify the clock reasonable?
Masataka Ohta
#----------------------------------------------------------------------
# To unsubscribe, send a message to <[EMAIL PROTECTED]>.
