Re: Proposed DNSSEC Plenary Experiment for IETF 74

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Russ" == Russ Housley <housley@xxxxxxxxxxxx> writes:
    Russ> I have been approached about a plenary experiment regarding
    Russ> DNSSEC.  The idea is for everyone to try using DNSSEC-enabled
    Russ> clients during the plenary session.  I like the idea.  What do
    Russ> others think?

  In this case, it's really not about the clients, I think.

  It's about making the IETF DNS servers (the recursive ones), have
DNSSEC processing on. They would authenticate the answers, and discard
responses which should have been signed, but were not.
  An appropriate set of trust anchors would need to be agreed upon, and
a decision whether or not to enable DLV or not would need to be made.

  I will point out that (unless we close port-53 outgoing), that anyone 
who wants to run their own recursive name server (a requirement if you
run windows and the room is IPv6 only...), or who points their
/etc/resolv.conf to their own name server, will not really be affected.
  I do not suggest we close port 53 :-)

  I am in favour (and hope to be there).
  I would also volunteer to help set it up.

-- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



  
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]