RE: What are the opt-in issues

[Erik Nordmark <Erik.Nordmark@sun.com>]

> Are there issues beyond what Roy posted on Monday in "Please state the 
> 'attacks' in public"?

Disclaimer: I'm far from an expert in the technical issues here.

As far as I can tell Roy's note summarizes the known technical issues
that were discussed in Holland.

I (and I think others) have meta-concerns which are a lot harder to deal with.
They relate to handling the unknown; folks seem to be discovering
new techncial corner cases at some rate. Is this rate increasing or
decreasing over time? If it isn't quickly decreasing then there is
a significant risk that folks might discover a corner case which is
a lot tricker to handle than the ones discovered so far.

My personal feeling (see disclaimer above) is that the opt-in document
describes the behavior of the server and what goes over the wire.
But there isn't a detailed description of what a resolver (whether caching
or not) needs to do to verify, cache, and correlate things that I can
look at it and feel comfortable that folks have been looking for holes
in such a description and found none.

I don't know how hard it would be to produce such a description, and how
useful it would be to the folks that understand this better.

  Erik


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>