wrt joao damas' DLV talk on wednesday

Gregory Hicks ghicks at cadence.com
Tue Jun 13 22:21:23 UTC 2006



> From: Randy Bush <randy at psg.com>
> Date: Tue, 13 Jun 2006 15:16:50 -0700
> To: Paul Vixie <paul at vix.com>
> Cc: nanog at merit.edu
> Subject: Re: wrt joao damas' DLV talk on wednesday 
> 
> 
> > therefore registrars (like alice's... remember alice? this is a song about
> > alice) have no place to go with registrant KSK data at this time.  this in
> > turn keeps most registrars from bothering to collect or store this "useless"
> > data.  ISC proposes to accept this KSK data (in the form of DLV RRs) via
> > authenticated automated processes whereby "lots of keys" can be sent to us
> > by interested/participating registrars.  we do not have a good way of 
knowing
> > whether somebody is or isn't the registrant for bankofamerica.com, but we
> > think that bank of america's registrar does have a way of authenticating the
> > registrant.  and we know how to authenticate bankofamerica.com's registrar.
> > so there IS a more scalable, untouched-by-human-hands, trust path available.
> 
> thanks for actual technalia.
> 
> ( first, i suspect much of the confusion could come from your
> thinking that the place up on skyline is *the* alice's restaurant.
> it isn't.  the real one was in stockbridge, mass, and rather
> short-lived.  so you can see why one might wonder about isc's
> validation methods.  :-)

Actually, Paul might have been talking about Alice, Bob, and Mike.
Well knows personages in cryptography circles.  Alice and Bob want to
exchange keys Mike is in the middle trying to figure out what alice and
Bob are up to and also trying to thwart the exchange if possible.  Or
at the very least, gain knowledge of the keys so that Mike can read
Alice's and Bob's message traffic.

> 
> i think if you amplified on and detailed the above, and went into
> how re-delegation and key changes would handled, it would go a long
> way to clarifying the isc dlv registry's security process.
> 
> you're also welcome to use some of the cctlds and other zones i
> manage as outlying/strange examples.  e.g. NG, which i could sign,
> but neither ng nor i have an established relationship to isc.  and
> then i hope to get rid of it soon (been working with the in-country
> folk for five years on this, and the illumination at the end of the
> tunnel might be a light as opposed to a train!), and how it would
> be rolled would be of interest.  and say psg.com, registered
> through retsiger, who we might assume, for sake of example, will
> not play.
> 
> randy
> 

-------------------------------------------------------------------
Gregory Hicks                        | Principal Systems Engineer
Cadence Design Systems               | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1          | Fax:      408.894.3400
San Jose, CA 95134                   | Internet: ghicks at cadence.com

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton





More information about the NANOG mailing list