Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt

["Jeffrey A. Williams" <jwkckid1@ix.netcom.com>]

Jelte and all,

  Sorry for being silent so long.  Good point Jelte!  if nsec3 is
not used as a validator, the DNSSEC implemented in such a manner,
is nearly worthless for very useful purposes.

Jelte Jansen wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mark Andrews wrote:
> >
> >       The only reason to have different numbers is if the wg
> >       believes that there will be DNSSEC implementations in the
> >       future that will not support NSEC3.
>
> >       Given that a number
> >       of TLD's intend to deploy NSEC3 I can't see any new
> >       implementation not including NSEC3 support.
> >
>
> me neither, but tell it to the chairs, they made me ;)
>
> Apparently it has already been decided that there will be validators
> that do not do nsec3, even if they cannot validate much of the internet...
>
> But actually, there was a better reason to use algorithm number
> signaling imho. I think Sam pointed me to that. That is that there are
> no other nsec-type-signaling mechanisms, so until you actualy get NSEC
> or NSEC3 records as a validator, you don't know what you are supposed to
> get, opening you up for downgrade attacks if either NSEC or NSEC3 turns
> out to contain an attackable problem.
>
> Jelte
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkk3nZMACgkQ4nZCKsdOncVzzQCfSrOOXZlXEpUUlLrkFcHkTzr/
> JT0AoLG9qmCrv5/bpRFtVGN267gjjPcb
> =5PjV
> -----END PGP SIGNATURE-----
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>