In message <20161221200104.gk13...@mournblade.imrryr.org>, Viktor Dukhovni writes: > On Wed, Dec 21, 2016 at 12:39:55PM -0500, Matthew Pounsett wrote: > > > RPZ is not the ideal, but it works, and goes beyond being deployableit > is > > deployed. > > I am curious to understand how RPZ zone transfers are (intended to > be) secured. It sounds like the reason for standardizing RPZ is > to allow interoperable sharing of policies via replication of zone > data, and so an appropriate security mechanism would seem to be > desirable here to authenticate the transfer of data from the RPZ > master zone. Is there a related specification for that?
The are just zones. You secure them the way you secure any other zone transfer. Just because they contain RPZ data doesn't make them any different. You setup a account with a provider and use TSIG. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
