[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-dnsext-ad-is-secure

To: iesg@ietf.org, jis@mit.edu
Subject: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
From: Rob Austein <sra@hactrn.net>
Date: Wed, 09 Jul 2003 13:37:25 -0400
In-reply-to: <5.2.0.9.2.20030709130814.0449ae78@mail.binhost.com>
User-agent: Wanderlust/2.10.0 (Venus) Emacs/20.7 Mule/4.0 (HANANOEN)

At Wed, 09 Jul 2003 13:10:08 -0400, Russ Housley wrote:
> 
>    Further, I suggest that the Security Considerations be expanded to 
> provide a discussion on how a secure transport can be provided.  I would 
> think that DNSSEC and IPsec are obvious alternatives. 

Without expressing an opinion on whether this expansion is necessary:

a) s/DNSSEC/TSIG or SIG(0)/ (already mentioned in section 3);

b) in the IPsec case, beware of circular dependencies (IPSECKEY or the
   older method it replaces).

References:
- Evaluation: draft-ietf-dnsext-ad-is-secure
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: Allowing submission of IDs after the dead-line
Next by Date: Re: Get-together in Vienna?
Previous by thread: Evaluation: draft-ietf-dnsext-ad-is-secure
Next by thread: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Index(es):
- Date
- Thread