To:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Cc:
dnsop@cafax.se
From:
Shane Kerr <shane@ripe.net>
Date:
Thu, 20 Mar 2003 10:16:07 +0100
Content-Disposition:
inline
In-Reply-To:
<200303191926.h2JJQvP0007617@marajade.sandelman.ottawa.on.ca>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.4i
Subject:
Re: Radical Surgery proposal: stop doing reverse for IPv6.
On 2003-03-19 11:26:57 -0800, Michael Richardson wrote: > > >>>>> "Shane" == Shane Kerr <shane@ripe.net> writes: > Shane> Not strictly true. A pretty good presentation on this was given at > Shane> the IPv6-SIG at APNIC 15: > > Shane> http://www.apnic.net/meetings/15/sigs/ipv6/docs/ipv6-fujisaki-reverse-dns.pdf > > Shane> This doesn't even cover the tricky issue of how you update > Shane> the reverse securely for home users (the problem here is that > Shane> the ISP and the home have to share a secret somehow, not > Shane> unsolvable but tricky). > > Use SIG(0). As I understand SIG(0), the home user would have to generate a public/private key pair and securely transmit the public key to their ISP. Frankly, it would be easier to use TSIG and use something based on the user name and password - which home users have for checking their e-mail if nothing else - as the secret key. But the important implication is that each host will have to implement DDNS, and that the home user will have to know enough to configure their equipment with the secret somehow. I don't necessarily think this is bad, but AFAIK nobody has even proposed the IETF make such a suggestion. -- Shane Kerr RIPE NCC #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.