On Thu, 4 Mar 2010, Stephan Lagerholm wrote: > Some folks did some work during IETF in Stockholm around the Auto-DS > question and there is an early document available here: > http://docs.google.com/Doc?docid=0AW-P61yxNNIAZHZjNXhzeF8xZjdwZzk2Y3g&hl > =en
A small question about the QNAME in the NOTIFY message. The draft says it should be the server's host name, but that doesn't make sense to me: the server already knows its name, but it doesn't know which domain's delegation is to be updated. Should the QNAME be the latter? Regarding timing and security considerations. The draft has some discussion about timing requirements for the sender of the NOTIFY, but it also envisages that anyone is able to send these NOTIFY requests. That implies that if there are timing constraints they MUST be enforced by the parent domain, otherwise attackers would be able to screw up a delegation by forcing a change too soon. So I think a better approach to specifying this functionality would be to minimise the requirements that are imposed on the sender, and explain carefully the validity and timing checks that the recipient must perform. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
