On Fri, Nov 19, 2004 at 09:28:53AM -0500, Edward Lewis wrote:
> At 8:18 -0500 11/19/04, [EMAIL PROTECTED] wrote:
>
> >> > 2) parent retrieves the key via the DNS from the child
> >
> > operationaly does this presume that the parent
> > can/MUST beable to do a zone transfer or will there
> > be a mutually agreeable, common location where the
> > parent can retreive the key via standard queries?
>
> Wouldn't (minimally, assuming BIND) this do the trick?
>
> dig registrant.example DNSKEY
>
> That would give the "live" view of the data.
which DNSKEY? presuming a single key here?
> 'Course, if it's cache poisoning you fear, you can direct the dig to
> a server, protect it with a mutually agreed upon message protection
> mechanism (TSIG, etc.) yadda, yadda, yadda.
>
> Why would a zone transfer be needed?
if there was no other way, that is -a- way to get the key from
the child.
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis +1-571-434-5468
> NeuStar
>
> I think my jabber client and SMS phone are talking about me behind my back.
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
