[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] the -01 draft
On Wed, 7 May 2003, Michael Richardson wrote:
> Secondly, is there agreement that "DNSSEC" generally includes use of
> TSIG, or should this be explicitely stated? It seems like overspecification
> to me.
I think the resolution process should be stated.
in draft-ietf-secsh-dns we wrote:
"Clients that do not validate the DNSSEC signatures themselves MUST
use a secure transport, e.g. TSIG [8], SIG(0) [9] or IPsec [7],
between themselves and the entity performing the signature
validation."
jakob
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.