[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype

To: Jim Reid <jim@rfc1035.com>
Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
From: Chris Thompson <cet1@cam.ac.uk>
Date: 04 Dec 2008 12:00:11 +0000
Cc: Samuel Weiler <weiler@watson.org>, namedroppers@ops.ietf.org
In-reply-to: <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com>
References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <BF116FAE-4FD2-4572-ADD4-CB2646A6462F@rfc1035.com> <alpine.BSF.1.10.0812030143020.2327@fledge.watson.org> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com>
Reply-to: cet1@cam.ac.uk

On Dec 4 2008, Jim Reid wrote:

On Dec 3, 2008, at 07:08, Samuel Weiler wrote:

[... other points snipped ...]

Without more documentation, it's hard to see how choosing thisformat enables rollover.
It's just a key. Rollover is irrelevant. When a new key is needed, theold one is retired and the data gets encrypted with the new one. Ifthis isn't done, the decryption fails. Which is the soleresponsibility of whoever publishes that key and the encrypted NAPTRsassociated with that key.


Unless you are proposing that RKEY records always have a TTL of zero,

you have to deal with the fact that some clients will have old versionsof them in their caches. Some sort of overlap mechanism is needed.


--
Chris Thompson
Email: cet1@cam.ac.uk


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- [dnsext] RRs with 0 TTL
  - From: Jim Reid <jim@rfc1035.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: "Ondřej Surý" <ondrej.sury@nic.cz>

References:
- [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Thierry Moreau <thierry.moreau@connotech.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Jim Reid <jim@rfc1035.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Samuel Weiler <weiler@watson.org>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Jim Reid <jim@rfc1035.com>

Prev by Date: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-08.txt
Next by Date: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt
Previous by thread: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Next by thread: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Index(es):
- Date
- Thread