ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-11 12:26:46
from [Randy Presuhn] [Permanent Link] 
Hi -


From: Olafur Gudmundsson <ogud(_at_)ogud(_dot_)com>
Sent: Sep 11, 2013 7:19 AM
To: Evan Hunt <each(_at_)isc(_dot_)org>
Cc: "dnsop(_at_)ietf(_dot_)org WG" <dnsop(_at_)ietf(_dot_)org>, 
"ietf(_at_)ietf(_dot_)org TF" <ietf(_at_)ietf(_dot_)org>
Subject: Re: [DNSOP] Practical issues deploying DNSSEC into the home.

...

RRSIG on the SOA or NS or DNSKEY also is fine timestamp except when it is a 
replay attack or a forgery, 

...

RFC 3414 separates the notion of timeliness (replay detection)
from authentication without requiring NTP or overly elaborate
clock acquisition dances.  Some of the ideas from that protocol's
design might be useful in addressing this problem.

Randy
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [DNSOP] Practical issues deploying DNSSEC into the home., Randy Presuhn <=
Previous by Date:  was: not really pgp signing in van, SM
Next by Date:  Re: was: not really pgp signing in van, Phillip Hallam-Baker
Previous by Thread:  Practical issues deploying DNSSEC into the home., Jim Gettys
Next by Thread:  Gen-Art LC review for draft-cotton-rfc4020bis-01, Robert Sparks
Indexes:  [Date] [Thread] [Top] [All Lists]