To:
Alain Durand <Alain.Durand@Sun.COM>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Tue, 15 Jul 2003 22:39:24 +0859 ()
In-Reply-To:
<31313175-B6BE-11D7-83E1-00039358A080@sun.com> from Alain Durandat "Jul 15, 2003 05:16:41 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: Stepping back on the DNS discovery discussion
Alain; > >> During yesterday's discussion on DNS discovery > >> we somehow jumped the gun a bit quickly and moved > >> to solution space without really understanding the requirements. > > > > OK. What's wrong if microsoft run DNS servers at > > > > yourdomain.microsoft.com > > > > and preconfigure keys in their OS for dynamic update? > > Not sure I understand how your comment is related to this discussion.... > could you please clarify? If the requirement is to be registered under some domain, let vendors provide it. > >> 1- finding a recursive name server > >> 2- finding a search list > >> 3- updating the forward DNS tree > >> 4- updating the reverse DNS tree > >> 5- finding a NTP source for DNSsec signature verification > >> > >> From this list, it seems to me that 1- is critical, > > > > Well known anycast addresses are more than enough for 1. > > I agree it works (I wrote the draft ;-). And, it needs no new protocol. > >> 5- is important > > > > You should be joking. Where is security? > > You need a reasonable clock to verify DNSsec signature. How can you verify the clock reasonable? Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.