[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IESG feedback on dnsext-ad-is-secure

To: namedroppers@ops.ietf.org
Subject: Re: IESG feedback on dnsext-ad-is-secure
From: Paul Vixie <paul@vix.com>
Date: Fri, 14 Jun 2002 10:14:23 -0700
In-reply-to: Message from Greg Hudson <ghudson@MIT.EDU> of "14 Jun 2002 11:50:50 EDT."<1024069850.29470.7.camel@error-messages.mit.edu>

> >   | I've been assuming that 'some of the required signatures are invalid'
> >   | would mean that the data wouldn't be returned to the client.
> 
> > Maybe it does, but I would certainly hope that's not the expected
> > interpretation (by default).
> 
> It has to be, or the major benefit of DNSSEC is lost.  [...]

So, six++ years into the experiment, we still don't agree on what problem
DNSSEC is supposed to solve, and what the underlying security model will be?

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: IESG feedback on dnsext-ad-is-secure
  - From: Randy Bush <randy@psg.com>

References:
- Re: IESG feedback on dnsext-ad-is-secure
  - From: Greg Hudson <ghudson@MIT.EDU>

Prev by Date: Re: IESG feedback on dnsext-ad-is-secure
Next by Date: Re: IESG feedback on dnsext-ad-is-secure
Previous by thread: Re: IESG feedback on dnsext-ad-is-secure
Next by thread: Re: IESG feedback on dnsext-ad-is-secure
Index(es):
- Date
- Thread