Re: Protection of unsecured delegations

[Derek Atkins <warlord@MIT.EDU>]

Bill,

Have you looked at the Delegation Signer (DS) record specification
and how that would relate to Opt-In?

-derek

Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us> writes:

> I'd be less concerned about the delegation vs. leaf data issue for
> opt-in as long as folks who haven't yet set up fully secured
> delegations can opt for 2535-style null key..
> 
> I think there needs to be more text on resolver behavior, and, in
> particular, a discussion of resolver search paths.
> 
> I can see resolvers doing any of:
> 
> [a] Do the lookup and only return trusted data.  Not useful to me
> until everyone I care about has opted in..
> 
> [b] If there's trusted data anywhere on the path, return the first
> trusted answer, otherwise return the first non-trusted answer.
> 
> [c] Return the first name along the path for which a query returns
> some data.
> 
> Version [b] provides much better protection of the innocent than [c].
> 
> 					- Bill
> 
> 
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.