[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dnsext] Trust Anchors

To: namedroppers@ops.ietf.org
Subject: Re: [dnsext] Trust Anchors
From: Andrew Sullivan <ajs@shinkuro.com>
Date: Tue, 27 Oct 2009 14:19:33 -0400
In-reply-to: <4AE71AC9.8040803@connotech.com>
References: <B23BFD68-D7E4-47AA-932E-87FED98D4892@nominum.com> <20091026145151.GD55437@shinkuro.com> <p06240811c70b7d2ce4ac@[10.20.30.158]> <4AE6B245.1060603@nlnetlabs.nl> <20091027142031.GP55437@shinkuro.com> <4AE716EF.8050302@connotech.com> <20091027155600.GB60267@shinkuro.com> <4AE71AC9.8040803@connotech.com>
User-agent: Mutt/1.5.18 (2008-05-17)

As before, no hat.

On Tue, Oct 27, 2009 at 12:07:37PM -0400, Thierry Moreau wrote:
> If you establish a policy for one concern, should you care about other  
> impact of the policy?

Only if it has such an effect.  I am arguing that there could be no
such effect here, if the policy is designed correctly, because the
point of the policy is to avoid downgrades where there is an insecure
link in the chain.  As there is no such possible downgrade in this
case, we don't have to worry about it.

If what you're saying is, "The language ought to be tailored to avoid
this sort of problem," I agree.  But if you're saying that this has
implications for the root, I strongly disagree.

A

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

References:
- [dnsext] Trust Anchors
  - From: Bob Halley <Bob.Halley@nominum.com>
- Re: [dnsext] Trust Anchors
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: [dnsext] Trust Anchors
  - From: Paul Hoffman <paul.hoffman@vpnc.org>
- Re: [dnsext] Trust Anchors
  - From: "W.C.A. Wijngaards" <wouter@NLnetLabs.nl>
- Re: [dnsext] Trust Anchors
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: [dnsext] Trust Anchors
  - From: Thierry Moreau <thierry.moreau@connotech.com>
- Re: [dnsext] Trust Anchors
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: [dnsext] Trust Anchors
  - From: Thierry Moreau <thierry.moreau@connotech.com>

Prev by Date: [dnsext] new version of draft-ietf-dnsext-dnskey-registry-fixes available
Next by Date: Re: [dnsext] I-D Action:draft-ietf-dnsext-dns-tcp-requirements-01.txt
Previous by thread: Re: [dnsext] Trust Anchors
Next by thread: Re: [dnsext] Trust Anchors
Index(es):
- Date
- Thread