CGA-TSIG is a possible solution to the secure-provisioning problem. The IPv6
CGA address contains a hash of a public key used to secure the service. If the
address is provisioned in a secure manner, then the client can authenticate the
resolver, by verifying that the resolver's certificate
Hi Christian,
Thanks for sharing your opinion about current approaches and also CGA-TSIG.
If we do change the client and resolver, a number of alternatives can
be used, such as:
* Use the same trick as CGA but encode the hash of the certificate as a
name part, e.g.
On Mon, Oct 27, 2014 at 08:03:48AM +,
Hosnieh Rafiee hosnieh.raf...@huawei.com wrote
a message of 19 lines which said:
I guess you have heard about CGA-TSIG.
Please do not steal threads: start a new thread (otherwise, your
message will be filed under the thread I started, for some
Hi Stephane,
-Original Message-
From: Stephane Bortzmeyer [mailto:bortzme...@nic.fr]
Sent: Monday, October 27, 2014 9:23 AM
To: Hosnieh Rafiee
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] What about CGA-TSIG as a solution for DNS
privacy?
On Mon, Oct 27, 2014 at 08:03
On Mon, Oct 27, 2014 at 09:55:08AM +,
Hosnieh Rafiee hosnieh.raf...@huawei.com wrote
a message of 28 lines which said:
This is the problem of IETF mailinglist that categorized my message
automatically under your thread here
I strongly doubt it, since *your* message included:
On Mon, Oct 27, 2014 at 09:55:08AM +, Hosnieh Rafiee
hosnieh.raf...@huawei.com wrote a message of 28 lines which said:
This is the problem of IETF mailinglist that categorized my message
automatically under your thread here
I strongly doubt it, since *your* message included:
On Oct 27, 2014, at 1:03 AM, Hosnieh Rafiee hosnieh.raf...@huawei.com wrote:
I guess you have heard about CGA-TSIG. What do you think about the approach
explained there?
Is still has many confusing dependencies that make it hard to understand, and
it vastly oversells the IPv4 capabilities.
Hi Paul,
On Oct 27, 2014, at 1:03 AM, Hosnieh Rafiee hosnieh.raf...@huawei.com
wrote:
I guess you have heard about CGA-TSIG. What do you think about the
approach explained there?
Is still has many confusing dependencies that make it hard to
understand, and it vastly oversells the IPv4
On Oct 27, 2014, at 7:36 AM, Hosnieh Rafiee hosnieh.raf...@huawei.com wrote:
So why do you think it is distraction for the WG that addresses privacy?
I said I thought it was a distraction; discussing it further would be more of a
distraction.
--Paul Hoffman
So why do you think it is distraction for the WG that addresses
privacy?
I said I thought it was a distraction; discussing it further would be
more of a distraction.
Unfortunately, I haven't received any answer to the question that why it is
distraction?. I only received ambiguous answer
On Mon, Oct 27, 2014 at 10:45 AM, Paul Hoffman paul.hoff...@vpnc.org
wrote:
On Oct 27, 2014, at 7:36 AM, Hosnieh Rafiee hosnieh.raf...@huawei.com
wrote:
So why do you think it is distraction for the WG that addresses privacy?
I said I thought it was a distraction; discussing it further
Hi Phillip,
Thanks for your message. I tagged my message with my name since I converted it
to text.
TSIG is only authentication so you have to add encryption. And the original
TSIG assumed keys would be passed out of band so it needs a key exchange.
[Hosnieh] Yes that is true. It is only
12 matches
Mail list logo
