[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-lozano-nsec-random-00

To: Gustavo Lozano Ibarra <glozano@nic.mx>
Subject: Re: draft-lozano-nsec-random-00
From: David Blacka <davidb@verisignlabs.com>
Date: Tue, 14 Dec 2004 12:31:51 -0500
Cc: namedroppers@ops.ietf.org
In-reply-to: <6.2.0.14.2.20041214111013.0a64b7f8@mail.nic.mx>
Organization: VeriSign, Inc.
References: <6.2.0.14.2.20041214111013.0a64b7f8@mail.nic.mx>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Gustavo Lozano Ibarra wrote:

I have been talking with some colleagues at NIC Mexico and others organizations about an idea to address the issue of DNS enumeration in the DNSSECbis protocol.

I wrote a draft describing the idea and I would appreciate receiving comments about it.

The draft : http://www.ietf.org/internet-drafts/draft-lozano-nsec-random-00.txt

Well, for one, you would be enabling a man in the middle to provably deny the existence of anything in the zone, which is contrary to the design goals of DNSSEC.

--
David Blacka    <davidb@verisignlabs.com>
Sr. Engineer    VeriSign Applied Research

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- RE: draft-lozano-nsec-random-00
  - From: "Scott Rose" <scottr@nist.gov>

References:
- draft-lozano-nsec-random-00
  - From: Gustavo Lozano Ibarra <glozano@nic.mx>

Prev by Date: draft-lozano-nsec-random-00
Next by Date: Unexpected DNS responses
Previous by thread: draft-lozano-nsec-random-00
Next by thread: RE: draft-lozano-nsec-random-00
Index(es):
- Date
- Thread