Daniel Migault <[email protected]> wrote: > Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not > provide confidentiality, and we would rather go for user space security. > Are there any recommendation for using TLS or DTLS in that case ?
And TSIG requires the Distribution Master to have a database of private (symmetric) keys, which if disclosed causes havok. (yes, DNSSEC can partially save your bacon as we propose signatures be done on the homenet routers) Can we use RFC7858 to authorize and provide privacy for AXFR? We don't know yet! I believe that SIG(0) can be used for authorization, but I've never configured that myself, or seen it in production. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
