[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ymbk-6to4-arpa-delegation-00.txt

To: Alain Durand <Alain.Durand@sun.com>
Subject: Re: draft-ymbk-6to4-arpa-delegation-00.txt
From: Harald Tveit Alvestrand <harald@alvestrand.no>
Date: Wed, 20 Nov 2002 09:47:06 -0500
Cc: v6ops@ops.ietf.org
Delivery-date: Wed, 20 Nov 2002 10:31:15 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <21615962.1037366190@localhost>
References: <20021111190712.294FD7AF@starfruit.itojun.org><3DD021DC.70400@sun.com> <21615962.1037366190@localhost>
Sender: owner-v6ops@ops.ietf.org

--On 15. november 2002 13:16 -0500 Harald Tveit Alvestrand <harald@alvestrand.no> wrote:


--On 11. november 2002 13:32 -0800 Alain Durand <Alain.Durand@sun.com>
wrote:

I would like not to change it too, but the alternative to create records
on the fly in the DNS servers is an invitation for DOS attack on
DNSsec...

why?

the synthesized records are "like" glue records, aren't they?
so they shouldn't be signed anyway....?

I was corrected by Rob Austein.
If we want to be able to use DNSSEC at the 6to4 leaf nodes, the synthesized record set has to include a (signed) DS record.

And then it gets ugly.....

Harald

References:
- Re: draft-ymbk-6to4-arpa-delegation-00.txt
  - From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
- Re: draft-ymbk-6to4-arpa-delegation-00.txt
  - From: Alain Durand <Alain.Durand@Sun.COM>
- Re: draft-ymbk-6to4-arpa-delegation-00.txt
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: 6to4 security questions
Next by Date: Re: 6to4 security questions
Previous by thread: Re: draft-ymbk-6to4-arpa-delegation-00.txt
Next by thread: Re: draft-ymbk-6to4-arpa-delegation-00.txt
Index(es):
- Date
- Thread