[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ike and secure DNS

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: ike and secure DNS
From: Derek Atkins <warlord@mit.edu>
Date: 11 Oct 2000 11:05:07 -0400
Cc: Bill Manning <bmanning@ISI.EDU>, hugo@ee.technion.ac.il (Hugo Krawczyk), henry@spsystems.net (Henry Spencer), ipsec@lists.tislabs.com (ipsec)
In-Reply-To: "Steven M. Bellovin"'s message of "Wed, 11 Oct 2000 10:28:46 -0400"
References: <20001011142847.2866435DC2@smb.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

"Steven M. Bellovin" <smb@research.att.com> writes:

> I'd love to see any sort of secure address-to-entity map.  But there 
> seems to be considerable uncertainty about who actually owns various 
> chunks of address space.  Is the database clean enough that it's worth 
> signing?  I sure don't get that impression from, say, the NANOG list.

Perhaps a small change to what it means to "sign" a zone?  If the "root"
could sign my NS records (which "they" own), and my key record (which "I"
own, but supply to them the same way I supply my NS records), then this
works.

But I doubt NSI is willing to accept a KEY record or sign it.  Let alone
sign my NS records.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups:

Re: ike and secure DNS

From: Bill Manning <bmanning@ISI.EDU>

References:

Re: ike and secure DNS

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: charter question re IKE changes
Next by Date: Re: charter question re IKE changes
Prev by thread: Re: ike and secure DNS
Next by thread: Re: ike and secure DNS
Index(es):
- Main
- Thread