[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype

To: "Jim Reid" <jim@rfc1035.com>
Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
From: "Ondřej Surý" <ondrej.sury@nic.cz>
Date: Thu, 4 Dec 2008 14:51:21 +0100
Cc: namedroppers@ops.ietf.org
In-reply-to: <28B615B2-E8D3-4020-815D-48AD29F8281A@rfc1035.com>
References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <BF116FAE-4FD2-4572-ADD4-CB2646A6462F@rfc1035.com> <alpine.BSF.1.10.0812030143020.2327@fledge.watson.org> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> <Prayer.1.3.1.0812041200110.24890@hermes-1.csi.cam.ac.uk> <e90946380812040423r2328c801qf430810ec5652b53@mail.gmail.com> <28B615B2-E8D3-4020-815D-48AD29F8281A@rfc1035.com>

2008/12/4 Jim Reid <jim@rfc1035.com>:
> On Dec 4, 2008, at 12:23, Ondřej Surý wrote:
>
>> Or owner can publish two RKEYs and start encrypting with second key
>> after all caches are clear.  (similar to pre-publish method of rotating
>> DNSKEYs).  Or am I missing something?
>
> Yes. Implementation details that are not germane to what should be getting
> discussed here: namely the template and type code assignment.

I agree here.

> I have already stated key rollover is not necessary. An RKEY is bound to a
> bunch of encrypted NAPTRs. Both get generated and managed as a single
> entity. [This is from an implementation perspective, not from a DNS protocol
> perspective.] If they are not co-ordinated in that way, bad things will
> happen to whoever broke that linkage. Their problem. Not this WG's. From a
> DNS protocol point of view this is no different from having an MX record
> point at a non-existent hostname.

I also agree here.

And I support this proposal for RR Type assignment.

Ondrej
-- 
 Ondrej Sury
 technicky reditel/Chief Technical Officer
 -----------------------------------------
 CZ.NIC, z.s.p.o.  --  .cz domain registry
 Americka 23,120 00 Praha 2,Czech Republic
 mailto:ondrej.sury@nic.cz  http://nic.cz/
 sip:ondrej.sury@nic.cz tel:+420.222745110
 mob:+420.739013699     fax:+420.222745112
 -----------------------------------------

References:
- [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Thierry Moreau <thierry.moreau@connotech.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Jim Reid <jim@rfc1035.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Samuel Weiler <weiler@watson.org>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Jim Reid <jim@rfc1035.com>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Chris Thompson <cet1@cam.ac.uk>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: "Ondřej Surý" <ondrej.sury@nic.cz>
- Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
  - From: Jim Reid <jim@rfc1035.com>

Prev by Date: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Next by Date: Re: [dnsext] errata 4034 - 5011
Previous by thread: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Next by thread: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Index(es):
- Date
- Thread