RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

There are two responsible options for the group to take.

The first is to agree with the Europeans who state that these are essential requirements and override Bert on the basis that the interoperability results simply do not support his claim.

The second is to shut down DNSSEC completely and immediately: stop wasting everyone's time and stop preventing other groups from working on this problem.


My vote is for the first approach.


> -----Original Message-----
> From: bert hubert [mailto:bert.hubert@netherlabs.nl] 
> Sent: Tuesday, December 05, 2006 12:06 PM
> To: Hallam-Baker, Phillip
> Cc: Alex Bligh; shane_kerr@isc.org; Ralph Droms; 
> namedroppers@ops.ietf.org
> Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only 
> vs the MX/A issue.)
> 
> On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote:
> 
> > Absolutely nobody has made the claim that NSEC3 is too 
> complex to be 
> > deployed.
> 
> Let me then make the claim that DNSSEC-bis + NSEC3 is so 
> complex I have serious worries over its reliable 
> implementability, especially considering the number of corner cases.
> 
> 	Bert
> -- 
> http://www.PowerDNS.com      Open source, database driven DNS 
> Software 
> http://netherlabs.nl              Open and Closed source services
> 
> 

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>