[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Tue, 5 Dec 2006 18:05:40 +0100
Cc: Alex Bligh <alex@alex.org.uk>, shane_kerr@isc.org, Ralph Droms <rdroms@cisco.com>, namedroppers@ops.ietf.org
Delivery-date: Tue, 05 Dec 2006 17:07:53 +0000
Envelope-to: namedroppers-data@psg.com
User-agent: Mutt/1.5.9i

On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote:

> Absolutely nobody has made the claim that NSEC3 is too complex to be
> deployed. 

Let me then make the claim that DNSSEC-bis + NSEC3 is so complex I have
serious worries over its reliable implementability, especially considering
the number of corner cases.

	Bert
-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
Next by Date: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
Previous by thread: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
Next by thread: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
Index(es):
- Date
- Thread