In message <14076.1234917...@turing-police.cc.vt.edu>, valdis.kletni...@vt.edu
writes:
> --==_Exmh_1234917735_3892P
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
> > I solve it by give the machine a name. Adding a KEY record
> > at that name to the DNS, the private part the machine knows.
>
> I think the issue is that the machine in question may not know its own hostna
> me
> to start, much less that dnssec is in use, or that a private key is supposed
> to
> be remembered on the machine. So there's a bit of a bootstrapping problem
> there.
There are lots of bootstrap issues.
> Of course, you can skip over that issue by letting the DHCP server do
> the DNS updates as a proxy for the just-DHCP'ed machine, but that has
> other issues...
Indeeded.
> (or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com and be
> done with it like many places do for IPv4)
Which still leaves the problem of how does the machine get its
name in a trusted manner.
> --==_Exmh_1234917735_3892P
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Exmh version 2.5 07/13/2001
>
> iD8DBQFJm1lncC3lWbTT17ARAm8iAKCbx6hoYDgRqHMk5JyG0uKIt0Ki1ACgz7ij
> z3amg/2yC8HtcnFbg03Bmw4=
> =TqDw
> -----END PGP SIGNATURE-----
>
> --==_Exmh_1234917735_3892P--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
