Hi Evan! On Jul 6, 2019, at 17:30, Evan Hunt <e...@isc.org> wrote:
> More recently, Witold Krecicki had a very similar idea for a mechanism to > disseminate private key data between primary and secondary servers. We > talked it over and decided to expand the NOTE record semantics into a > generic method for storing and transferring covert in-band zone data. What's the use-case for using the DNS to transfer private key data? At first glance it seems to me that there are a lot of alternative mechanisms, many of which seem less likely to leak confidential data than using a protocol that has only really ever been deployed to make information public. If there's a good reason to use the DNS for this your proposal seems like a plausible way to do it (I haven't read it in detail, but you know what you're doing and I'm sure it's good stuff). It's that first if that gives me pause. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop