HI Matthijs, I like this draft but I'm a little bit concerned about the scalability. How will a busy parent provision a unique secret key for each of the child? And how will this key be transported between the parent and the child in a secure way?
Thanks, Stephan ---------------------------------------------------------------------- Stephan Lagerholm Senior DNS Architect, M.Sc. ,CISSP Secure64 Software Corporation, www.secure64.com Cell: 469-834-3940 > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Matthijs Mekking > Sent: Tuesday, June 29, 2010 9:09 AM > To: [email protected] > Subject: Re: [DNSOP] Fwd: New Version Notificationfor draft-mekking-dnsop- > auto-cpsync-00 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > And here's the link: > > http://www.ietf.org/id/draft-mekking-dnsop-auto-cpsync-00.txt > > On 06/29/2010 03:19 PM, Matthijs Mekking wrote: > > FYI, > > > > I have submitted this draft on the topic of automatic update of DS (and > > other records). > > > > Best regards, > > > > Matthijs Mekking > > NLnet Labs > > > > -------- Original Message -------- > > Subject: New Version Notification for draft-mekking-dnsop-auto-cpsync-00 > > Date: Tue, 29 Jun 2010 06:12:35 -0700 (PDT) > > From: IETF I-D Submission Tool <[email protected]> > > To: [email protected] > > > > > > A new version of I-D, draft-mekking-dnsop-auto-cpsync-00.txt has been > > successfully submitted by Matthijs Mekking and posted to the IETF > > repository. > > > > Filename: draft-mekking-dnsop-auto-cpsync > > Revision: 00 > > Title: Automated (DNSSEC) Child Parent Synchronization using > DNS UPDATE > > Creation_date: 2010-06-29 > > WG ID: Independent Submission > > Number_of_pages: 6 > > > > Abstract: > > This document proposes a way to synchronise existing trust anchors > > automatically between a child zone and its parent. The algorithm can > > be used for other Resource Records that are required to delegate from > > a parent to a child such as NS and glue records. > > > > > > > > > > The IETF Secretariat. > > > > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJMKf6PAAoJEA8yVCPsQCW5T+8H/0DtagyXJJ7P1tzPyk/QNBuG > LvQu7VLy7lgwMquu9AnHkugXRVyf4KJ7cWduNTyVSjqmoZ0tZc9tWfJ26QQjDk65 > amjWuXA9YKd21eili10jEOyjn13RIbOAO9c64VJHtmGubO+Ct5l7TUL8JKt+R6FB > pGQT5LjXRGhA7KDKVNDCgtXHBbmMwr6Iwg4A2PrHQ7DxBRfALRlmzrx7PNjABh3q > JTNiC0RYbSljq6Hi9fGOYse+QN4WoyAQS6PHLwMVKhZA2vFWBnz3mrgC1hQw6ysg > x41nqvKqgc8PohiA8ZsERPdfpEBPw11n0zBvI09nttPVEVL+EwttbCLoIzDqXys= > =ovIB > -----END PGP SIGNATURE----- > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
