To:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Cc:
dnsop@cafax.se
From:
George Michaelson <ggm@apnic.net>
Date:
Thu, 20 Mar 2003 04:18:37 +1000
In-Reply-To:
<200303191808.h2JI7r2i004991@marajade.sandelman.ottawa.on.ca>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
Let me get this right. You are saying that inherently, because its a top-down
hierarchical model, various security models are using it to find the KEY to
perform subsequent validation on the end-to-end trust.
So, for well behaved delegations, you assert it has real value for real work.
And this work (HIP, HIP6) is likely to have wider adoption in other WG as
well (ie multihoming)
Is that it? Because if so, that needs much bigger prominence in the DNS
activity, so we don't go on assuming nobody cares about this stuff. And, it is
going to need to be put into other ops forums, that lack of reverse management
is impeding other work.
-George
On Wed, 19 Mar 2003 10:07:52 -0800 Michael Richardson
<mcr@sandelman.ottawa.on.ca> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "George" == George Michaelson <ggm@apnic.net> writes:
> George> Radical Surgery proposal: stop doing reverse for IPv6.
>
> George> straw poll of ADs and WG chairs are mutedly neutral.
>
> George> nobody is strongly in favour of continuing.
>
> I am strongly in favour of continuing.
>
> The reverse map provides an authority model which closely matches the
> real authority for IP addresses. Is is therefore *VERY* useful for locating
> keying information for a node.
> HIP and IPsec is using this *NOW* in IPv4.
> HIPv6 is very likely to use this.
> Some people have suggested HIP as a base for multihoming.
>
> Yes, there are issues with how to get information into the reverse map
> given IPv6 auto-configuration.
> I have ideas on this, but they are not appropriate for this WG.
>
> ] ON HUMILITY: to err is human. To moo, bovine. | firewalls
> [
> ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net
> architect[] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/
> |device driver[] panic("Just another Debian GNU/Linux using, kernel hacking,
> security guy"); [
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Finger me for keys
>
> iQCVAwUBPnix9oqHRg3pndX9AQF+BQQAuL2u2hKTIuNqTCTJ1ccqQ08237HCqf+I
> T/zgiW9aHmw0ijLrCFzq2kHd1AnoMbQQf156H4dtM/2lW8NWy/UZ6XlqPnRy/HeW
> Wx9whfPV75z7J3aXXOYVRO9LY6CHo4bBumm8N11Mw/J3jET5qxsOodBkZIUalzcy
> fANGBCc8OwE=
> =qsfW
> -----END PGP SIGNATURE-----
> #----------------------------------------------------------------------
> # To unsubscribe, send a message to <dnsop-request@cafax.se>.
--
George Michaelson | APNIC
Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064
Phone: +61 7 3367 0490 | Australia
Fax: +61 7 3367 0482 | http://www.apnic.net
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.