[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] the -01 draft



On Wed, 7 May 2003, Michael Richardson wrote:

> Secondly, is there agreement that "DNSSEC" generally includes use of
> TSIG, or should this be explicitely stated? It seems like overspecification
> to me.

I think the resolution process should be stated.

in draft-ietf-secsh-dns we wrote:

  "Clients that do not validate the DNSSEC signatures themselves MUST
   use a secure transport, e.g. TSIG [8], SIG(0) [9] or IPsec [7],
   between themselves and the entity performing the signature
   validation."


	jakob
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.