[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS and Opt-in - a proposal

To: namedroppers@ops.ietf.org
Subject: Re: DS and Opt-in - a proposal
From: "Olaf M. Kolkman" <olaf@ripe.net>
Date: Thu, 27 Dec 2001 10:14:46 +0100
In-reply-to: <E16HYtK-000IR8-00@rip.psg.com>
References: <E16HYtK-000IR8-00@rip.psg.com>

On Fri, 21 Dec 2001 15:15:50 -0800
Olafur Gudmundsson <ogud@ogud.com>, Randy Bush <randy@psg.com> wrote:

One detail.

>  o The value of authenticated denial is not clear, for some it is important,
>    for others it is only a nice but sometimes expensive property.

I would like to know if there will be a new version of the OPT-in
draft that allows opt-in only over delegation records? ( I am still
afraid that 'security status' on a level more granular than zone level
will make troubleshooting of verifiers a difficult exercise. Reducing
the usability of OPT-in to delegations only might help to keep
deployment limited to only the largest (g|c)TLDs. I understood
'delegation only' was considdered for a new version of the draft.)

--Olaf

P.S. I love the idea to have DNSSEC in a workable state by summer.

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Follow-Ups:
- Re: DS and Opt-in - a proposal
  - From: Roy Arends <Roy.Arends@nominum.com>
- Re: DS and Opt-in - a proposal
  - From: bert hubert <ahu@ds9a.nl>
- Re: DS and Opt-in - a proposal
  - From: Brian Wellington <bwelling@xbill.org>

References:
- DS and Opt-in - a proposal
  - From: Olafur Gudmundsson <ogud@ogud.com>, Randy Bush <randy@psg.com>

Prev by Date: RE: mdns-08 draft
Next by Date: Re: Protection of unsecured delegations
Previous by thread: Re: DS and Opt-in - a proposal
Next by thread: Re: DS and Opt-in - a proposal
Index(es):
- Date
- Thread