Hi Witold, > On Jul 6, 2019, at 19:05, Witold Krecicki <[email protected]> wrote: > > The primary use case I'm thinking about is to give secondaries the > ability to do online NSEC signing to provide white lies. Proposed NSEC5 > also requires a method to transfer the private key to the slave. > And, again - this is just one of the proposed uses of covert RRs, this > document is showing it just as an example.
Interesting, thanks! There's an argument, I suppose, that an out-of-band mechanism to exchange metadata is already required to agree things like DNS NOTIFY targets, master servers andTSIG shared secrets. Those things already need to be exchanged securely, so presumably you're not talking about just setup time, but rather over time to manage automated ZSK rolls, etc? Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
