Ted Lemon <[email protected]> wrote: >> Can we use TLS for authorization, assuming that we have trusted >> certificates >> at both ends? Perhaps this is more of a: did anyone implement this?
> How is trust established? Sure, doing TSIG over TLS is no problem.
Certificates are exchanged/created at manufacturing time (IDevID), and then
optionally updated to LDevID. The certificate contains the name of the zone
which the HNA is authoritative for (or a control record pins the
certificate).
TSIG requires a shared secret, thus a database of shared secrets available
online. I don't want to do TSIG over TLS, I want to not do TSIG, or
if I have to use TSIG for mechanical reasons, I want to derive the secret
From the TLS.
I need to authorize the following:
1) DNS update of some data (NS, DS, AAAA that NS points to) by
Distribution Master (cloud/public system)
2) SOA query by Distribution Master by HNA.
3) AXFR by Distribution Master by HNA.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
