This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] DNSSEC - DS RR provisioning
- Previous message (by thread): [dns-wg] DNSSEC - DS RR provisioning
- Next message (by thread): [dns-wg] DNSSEC - DS RR provisioning
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Antoin Verschuren
Antoin.Verschuren at sidn.nl
Tue Oct 6 15:54:38 CEST 2009
> -----Original Message----- > From: Patrik Fältström [mailto:paf at cisco.com] > Subject: Re: [dns-wg] DNSSEC - DS RR provisioning > > * PGP Signed by an unknown key > > On 6 okt 2009, at 12.30, Antoin Verschuren wrote: > > > So I would like the update to use the DNS protocol, and I would > > accept updates directly from the child zone if it has a secure > > delegation. > > I would accept DS, NS and glue updates. > > Can you expand on this? Using SIG(0) where the public key is signed > and in the child zone (for example)? When there is an existing chain of trust between the parent and child zone, that chain can be used to authenticate changes in the child zone to the parent. So the child signals the parent to query the child zone for changes to the DNSKEY, NS or glue records. Since these records are signed, and the parent can trust the signed content in the child zone, it can update the parent zone with any record that needs to be in there. Syncing the content in the child zone with the content in the parent zone. Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:antoin.verschuren at sidn.nl xmpp:antoin at jabber.sidn.nl http://www.sidn.nl/
- Previous message (by thread): [dns-wg] DNSSEC - DS RR provisioning
- Next message (by thread): [dns-wg] DNSSEC - DS RR provisioning
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]