[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TKEY query delete mode

To: Randy Hall <rhall@quadritek.com>
Subject: Re: TKEY query delete mode
From: Brian Wellington <Brian.Wellington@nominum.com>
Date: Thu, 9 Nov 2000 21:43:50 -0800 (PST)
Cc: namedroppers@ops.ietf.org
Delivery-date: Fri, 10 Nov 2000 04:30:14 -0800
Envelope-to: namedroppers-data@psg.com

On Thu, 9 Nov 2000, Randy Hall wrote:

> Section 4.2 of RFC 2930 (TKEY protocol) describes a query 
> to request the server delete a key.
> 
> It is unclear (to me) whether 
> 
> a) the server must respond to the query after deleting the 
> key, and

I would think so.  The text doesn't give any indication otherwise, and all
normal queries must be responded to.

> b) if so, whether the response must be signed (presumably
> using the deleted key, which seems like a bad idea).

Again, the text doesn't indicate anything out of the ordinary.  If the
request is signed (which it must be, according to section 3), the response
must be signed with the same key (according to RFC 2845).  Nothing says
that it must be the same key as is being deleted, but I don't see anything
saying it can't.

For the record, bind 9 supports signing the response to a deletion with
the deleted key.  The key is no longer usable for any other purpose once
the deletion is processed, and the key is actually deleted after the
response is signed.

> The RFC does not appear to be explicit.  I assume the answer 
> is NO to both questions.  Can anyone clarify this for me?

I would assume the answers would both be YES, seeing no indication of the
contrary.

Brian

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Prev by Date: TKEY query delete mode
Next by Date: Re: draft-ietf-dnsext-apl-rr-01.txt
Prev by thread: TKEY query delete mode
Next by thread: Info about DNS relay
Index(es):
- Date
- Thread