[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DNSEXT WGLC: DNSSEC Opt-in

To: namedroppers@ops.ietf.org
Subject: RE: DNSEXT WGLC: DNSSEC Opt-in
From: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
Date: Tue, 4 Feb 2003 16:40:55 -0500

I was one of those who had previously objected to Opt-In,
although I was never able to clearly formulate a strong
objection.  At the time I felt it weakened the security
model and made things more complex for administrators.
I still think that it may make things more complex for
administrators--but that additional complexity pales
next to the complexity of DNSSEC zone signing.  I no longer
believe that Opt-In weakens the security model in any way.

To answer the questions posed by the WG chair(s):
> Q: Is the description in the document of Opt-In complete ?
I believe so.

> Q: Does this document satisfy people as being implement able 
> and testable specification ?
I believe that the specification can be implemented and tested.
 
> Q: Are there implementations of opt-in and have there been
> any tests ?
I have no personal experience with either, although I've heard
reports.

I support the advancement of the current Opt-In draft along
the standards track.

--
Rip Loomis                         Senior Systems Security Engineer
SAIC Enterprise Security Solutions Group     www.saic.com/securebiz
Center for Information Security Technology   www.cist-east.saic.com

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: DNSEXT WGLC: DNSSEC Opt-in
Next by Date: Second OPT IN last call results in postponed decision
Previous by thread: RE: DNSEXT WGLC: DNSSEC Opt-in
Next by thread: Re: DNSEXT WGLC: RFC1886bis-01
Index(es):
- Date
- Thread