[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[IPSECKEY] the -01 draft
-----BEGIN PGP SIGNED MESSAGE-----
I'm going to repeat the Security Considerations section here:
4. Security Considerations
| This entire memo pertains to the provision of public keying material
| for use by key management protocols such as ISAKMP/IKE (RFC2407) [7].
| Implementations of DNS servers and resolvers SHOULD take care to make
| sure that the keying material is delivered intact to the end
| application. The use of DNSSEC to provide end-to-end integrity
| protection is strongly encouraged.
| The semantics of this record is outside of the scope of this
| document, so no advice for users of this information is provided.
| Any user of this resource record MUST carefully document their trust
| model, and why the trust model of DNSSEC is appropriate.
===
Secondly, is there agreement that "DNSSEC" generally includes use of
TSIG, or should this be explicitely stated? It seems like overspecification
to me.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPrlqWoqHRg3pndX9AQFsFAP7BqElI9Nw4kzJOGRIl+nGkP9aZTHwQrI0
yu8q7BUZ95nhKGxTO0E592yvZbQ5aYkXmqMDyqu7bSqbZjXNlfdv9QFUyHyX8J6U
N7IYIQ0MUtDZOVisGRTBsTfLibjxR8Rj5gH/vuKuKKrqeVXOxe/4mqZCDv1FNvt8
SfCg1s0PaN4=
=87dZ
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.