[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: private algorithms and the DS record

To: namedroppers@ops.ietf.org
Subject: Re: private algorithms and the DS record
From: Edward Lewis <Ed.Lewis@neustar.biz>
Date: Wed, 22 Dec 2004 21:10:57 -0500
Cc: Edward Lewis <Ed.Lewis@neustar.biz>
In-reply-to: <41C994B6.4000802@verisignlabs.com>
References: <41C1ED4A.1060606@verisignlabs.com> <a06110402bdecf217c1a3@[10.31.32.75]> <Pine.GSO.4.55.0412211040400.11377@filbert> <a06110404bdedfb585eae@[10.31.32.75]> <41C9862D.1020408@verisignlabs.com> <a06110401bdef40327a4f@[10.31.32.75]> <41C994B6.4000802@verisignlabs.com>

At 10:37 -0500 12/22/04, David Blacka wrote:

I'd have to say that it seems that if an implementer does the right thing, there isn't a security vulnerability. Yes, if an implementer isn't careful, the code produced may be susceptible to this.

This sounds like an issue with the documentation of the specification, not the specification of the protocol. (It's possible that I haven't read all this carefully enough - I apologize.)

Or maybe all implementers of DNSSEC will have
read this thread when it was posted.

Over the years I have been infuriated with being told to "go read the archives" (either directly or indirectly). To me, the mailing list is like a round-the-table or at-the-blackboard conversation. It isn't permanent, it's not reviewed, it's a "hack" with respect to documentation.

(I mean this in the sense that I believe David is being sarcastic with the lead-in statement.)

I think the right thing to do is spin up an Informational RFC on the topic of private algorithms, beginning with what is in this thread. Or perhaps a wider ranging Informational RFC on experiences in implementing the validator.

I'm sure that we will find a lot of rough edges in experience with the RFCs-to-be. Remember that these documents are Proposed Standards, that means that there is probably more work to do before becoming Full Standards. (Hopefully the work to do is fixing text and not fixing code.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar

"A noble spirit embiggens the smallest man." - Jebediah Springfield

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: private algorithms and the DS record
  - From: "Olaf M. Kolkman" <olaf@ripe.net>

References:
- private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: private algorithms and the DS record
  - From: Samuel Weiler <weiler@tislabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>

Prev by Date: Re: private algorithms and the DS record
Next by Date: Re: private algorithms and the DS record
Previous by thread: Re: private algorithms and the DS record
Next by thread: Re: private algorithms and the DS record
Index(es):
- Date
- Thread