[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSECbis Q-2: degradation attack

To: namedroppers@ops.ietf.org
Subject: Re: DNSSECbis Q-2: degradation attack
From: Paul Vixie <paul@vix.com>
Date: Mon, 18 Aug 2003 18:00:00 +0000
In-reply-to: Message from "Olaf M. Kolkman" <olaf@ripe.net> of "Mon, 18 Aug 2003 12:22:48 +0200."<20030818122248.429096f6.olaf@ripe.net>

>     I am not yet convinced this needs fixing now; pointing to this
>     issue in the protocol doc security section may be sufficient. What
>     do others think?

i think that if we're not going to specify an alg rollover process, or
the interaction when parents/children/resolvers only share a subset of
algs, then we should remove the algid field and just laminate RSA for
all time and assume that we will change port numbers if RSA is cracked.

to that end, i would be an objector during WGLC if this isn't resolved.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: DNSSECbis Q-2: degradation attack
  - From: Mike StJohns <Mike.StJohns@nominum.com>

References:
- Re: DNSSECbis Q-2: degradation attack
  - From: "Olaf M. Kolkman" <olaf@ripe.net>

Prev by Date: Re: DNSSECbis Q-2: degradation attack
Next by Date: DNSEXT WGLC Summary: DNS Threats
Previous by thread: Re: DNSSECbis Q-2: degradation attack
Next by thread: Re: DNSSECbis Q-2: degradation attack
Index(es):
- Date
- Thread