In message <[email protected]>, Ted Lemon writes: > On Mar 4, 2014, at 4:59 PM, Michael Richardson <[email protected]> wrote: > > As Mark said, if it's an ISP provided zone, then pushing the new DS is done > > under the TSIG key that the DHCP established. (So, ted-lemon-house.isp.exam > ple.net, > > and the reverse map). > > Oh, so the TSIG key sent in the clear over DHCP is the attack surface. Got > it. Actually during the DHC working group presentation, we asked Daniel to > take the TSIG key out because it's not secure. The right way to do it is wi > th SIG(0). But that doesn't provide a way to repudiate a lost key, because > it relies on a leap of faith to begin trusting the initial key. > > If the connection between the DHCP server and DHCP client is secure, then a n > once sent over DHCP could be used along with SIG(0) to assist, but this is no > t the only potential configuration. Trusting the wire works pretty well in > these scenarios in practice, but only if there _is_ a wire.
Please go read draft-andrews-dnsop-pd-reverse. This technique will work with any zone to be delegated by the ISP. For most cases the wire is the authenticator by for things like WiMax you will be putting credentials into the box to authenticticate your DHCP request to the ISP as the medium is not secure anyway. > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
