[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN

To: namedroppers@ops.ietf.org
Subject: Re: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 30 Apr 2003 06:44:03 -0000
References: <CE541259607DE94CA2A23816FB49F4A301AE23C7@vhqpostal6.verisign.com>

Hallam-Baker, Phillip writes:
> the security considerations of an unsecured delegation and a secured
> delegation to an unsecured zone are exactly the same

The same argument cuts both ways. To fix the existing security disaster,
we have to secure all the zones _and_ we have to secure the delegations.
If the .com people were prepared for this, they wouldn't need opt-in.

Opt-in allows the .com people to claim full DNSSEC support when the
reality is that they can't handle a DNSSEC universe. It takes a failed
security system and tries to pretend that it's a working system.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- RE: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Appeal against decision of DNSEXT working group chairs to prevent progess of OPT-IN
Next by Date: RE: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN
Previous by thread: RE: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN
Next by thread: RE: Summary: DNSEXT WGLC: To OPT-IN or not to OPT_IN
Index(es):
- Date
- Thread