[dns-operations] cool idea regarding root zone inviolability
warren at kumari.net
Thu Nov 27 21:48:35 UTC 2014
On Thursday, November 27, 2014, Mark Andrews <marka at isc.org> wrote:
> In message <
> CAHw9_iLdGnkmErvoVHhj41fswM6+5yj0tdxrSj17KdhzqTyGrw at mail.gmail.com
> , Warren Kumari writes:
> > ... and Mark Andrews, Paul Hofmann, Paul Wouters, myself and a few others
> > (who I embarrassing enough have forgotten) are planning on writing a
> > signature" draft (I have an initial version in an edit buffet). The
> > meter view is:
> > Sort all the records in canonical order (including glue)
> > Cryptographicly sign this
> > Stuff the signature in a record
> > This allows you to verify that you have the full and complete zone
> > and that it didn't get corrupted in transfer.
> > This solves a different, but related issue.
> > Hope to finally get off my butt and post -00 soon.
> > W
> Which is similar to RFC 2065, 4.1.3 Zone Transfer (AXFR) SIG except
> dynamic updates would update the record and it would be in the zone.
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations