Tony Finch wrote:
Paul Vixie<p...@redbarn.org> wrote:
i suggest that bind, unbound, powerdns, and so on change their packaging to
put the trust anchor in a different upgradeable package (.deb, .rpm, etc)
than the software itself. until and unless the package manager is secured by
DANE rather than by ssh/pgp/x509/etc, then the solution for being on the
shelf for several months is, do a software update before you try to go
online.
I think that's a good suggestion for the short term. For the longer
term I would like it to be possible to say that DANE is a reasonable
way to authenticate software updates, but at the moment it is not.
i believe that software packaging systems will never put that many
moving parts between their users and their updates. it'll remain some
flavour of non-distributed keying, like pgp and ssh, simply because of
the risk/benefit ratio of adding third parties.
i see a bright future for DANE, because of user-driven web and e-mail
transactions, that are not point-source trust models.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop