To:
RJ Atkinson <rja@inet.org>
Cc:
dnssec@cafax.se
From:
"David R. Conrad" <david.conrad@nominum.com>
Date:
Thu, 01 Nov 2001 12:29:15 -0800
In-Reply-To:
<5.1.0.14.2.20011031134231.01ed6c40@10.30.15.3>
Sender:
owner-dnssec@cafax.se
Subject:
Re: persistent domain names
[I'm assuming secure dynamic update discussions are appropriate for this list -- if not, point me in the right direction please] Ran, OK, I'll bite. Other than the requirement for online signing, how is secure dynamic update problematic? Tnx, -drc At 01:51 PM 10/31/2001 -0500, you wrote: >At 22:14 30/10/01, Michael Richardson wrote: > >The major obstucle is the "IPtelcos"/CableCos > >who aren't being very retinscent to actually let people being peers rather > >than just client-consumers. There is, with dynamic DNS update no reason why > >they should not permit people with "always-on" IPs to populate the reverse > >DNS. > > Secure Dynamic DNS Update does not actually work >operationally in most deployed DNS systems, so I don't >think that such an approach is operationally feasible >today. > > Details of how/why Secure Dynamic DNS Update is >problematic are best discussed on a mailing list devoted >to DNSsec, IMHO. > >Ran >rja@inet.org > >- >This message was passed through ietf_censored@carmen.ipv6.cselt.it, which >is a sublist of ietf@ietf.org. Not all messages are passed. >Decisions on what to pass are made solely by Raffaele D'Albenzio.