[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEC - Signature Only vs the MX/A issue.

To: bert hubert <bert.hubert@netherlabs.nl>
Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
From: David Blacka <davidb@verisignlabs.com>
Date: Mon, 04 Dec 2006 16:20:50 -0500
Cc: Mike StJohns <Mike.StJohns@nominum.com>, Paul Vixie <paul@vix.com>, namedroppers@ops.ietf.org
Delivery-date: Mon, 04 Dec 2006 21:24:16 +0000
Envelope-to: namedroppers-data@psg.com
User-agent: Thunderbird 1.5.0.8 (Macintosh/20061025)

bert hubert wrote:
> On Mon, Dec 04, 2006 at 12:12:21PM -0500, Mike StJohns wrote:
> 
>> I'm not adding anything to the schedule.... feel free to complete and 
>> deploy NSEC3 on schedule.. what is that schedule by the way?
> 
> Also - if DNSSEC were to be a success, NSEC3 would be the most complex part
> of *any* protocol actually used on the internet. It even beats H.323.

Er, no.

> Not many protocols require mathematical problem solvers embedded in mission
> critical software.

What are you talking about?

I feel compelled to point out that NSEC3 isn't that complicated to
actually *do*.  If it is complex, it is complex to analyze.  That is, it
can be hard to convince yourself that it works without a bit of mental
stretching.

-- 
David Blacka                      <davidb@verisignlabs.com>
Sr. Engineer    VeriSign Infrastructure Product Engineering

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: DNSSEC - Signature Only vs the MX/A issue.
Next by Date: Re: DNSSEC - Signature Only vs the MX/A issue.
Previous by thread: Re: DNSSEC - Signature Only vs the MX/A issue.
Next by thread: Re: DNSSEC - Signature Only vs the MX/A issue.
Index(es):
- Date
- Thread