[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

another's view on zone enum & on-line signing

To: namedroppers@ops.ietf.org
Subject: another's view on zone enum & on-line signing
From: Edward Lewis <edlewis@arin.net>
Date: Wed, 22 Sep 2004 11:25:10 +0100
Cc: edlewis@arin.net

I spoke with a person who used to be a DNS administrator at a well-known content provider (non-ISP, non-registry, etc.). He told be that when he was at that job, he would not have been able to justify the deployment of DNSSEC because of zone enumeration. The rationale for this is "the usual" - nothing other than not wanting to put certain information "so easily" available on the Internet.

As far as on-line signing as an option, he replied that that was not a big deal for him. "What's the difference between managing extra zone keys and managing TSIG keys for XFR's?"

(Just a data point...)

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                            +1-703-227-9854
ARIN Research Engineer

"I can't go to Miami.  I'm expecting calls from telemarketers." -
Grandpa Simpson.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: another's view on zone enum & on-line signing
  - From: Paul Vixie <paul@vix.com>
- Re: another's view on zone enum & on-line signing
  - From: Robert Elz <kre@munnari.OZ.AU>
- Re: another's view on zone enum & on-line signing
  - From: Alex Bligh <alex@alex.org.uk>

Prev by Date: I-D ACTION:draft-ietf-dnsext-dnssec-records-10.txt
Next by Date: Re: dictionary attack on nameservers
Previous by thread: I-D ACTION:draft-ietf-dnsext-dnssec-records-10.txt
Next by thread: Re: another's view on zone enum & on-line signing
Index(es):
- Date
- Thread