[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[IPSECKEY] Comments on draft-ietf-ipseckey-rr-01.txt
,----
| An IPSECKEY resource record SHOULD be authenticated DNSSEC resource
| record.
`----
Light-weight resolvers may prefer TSIG instead of DNSSEC. Should this
scenario be mentioned? E.g., add "or protected by TSIG".
,----
| The algorithm field does not require any IANA action, as it is
| inherited from DNS KEY algorithm values.
`----
The SIG RR also uses the same algorithm IANA registry. It requires a
standards action to add a new algorithm. An alternative would be to
fork the registry.
What about wildcard examples? E.g.:
An example of a network that has delegated authority to the node with
the identity "corpgw.example.org".
*.0.2.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 5 1
corpgw.example.org.
AQOrXJxB56Q28iOO43Va36elIFFKc/QB2orIeL94BdC5X4idFQZjSpsZ
Th48wKVXUE9xjwUkwR4R4/+1vjNN7KFp9fcqa2OxgjsoGqCn+3OPR8La
9uyvZg0OBuSTj3qkbh/2HacAUJ7vqvjQ3W8Wj6sMXtTueR8NNcdSzJh1
49ch3zqfiXrxxna8+8UEDQaRR9KOPiSvXb2KjnuDan6hDKOT4qTZRRRC
MWwnNQ9zPIMNbLBp0rNcZ+ZGFg2ckWtWh5yhv1iXYLV2vmd9DB6d4Dv8
cW7scc3rPmDXpYR6APqPBRHlcbenfHCt+oCkEWse8OQhMM56KODIVQq3
fejrfi1H )
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.