NIC-SE statement regarding NSEC zone walking

[Jakob Schlyter <jakob@rfc.se>]

FYI,

	jakob

-- cut --
Date: Wed, 26 May 2004 16:17:59 +0200
From: Per-Olof Josefsson <Per-Olof.Josefsson@nic.se>

NIC-SE does not consider NXT zone-walking a problem for DNSSEC deployment 
within the .se-zone.  We consider all data in the DNS to be public 
information, both as single records and as a collection.  The data we 
actually need to protect is served by WHOIS and protecting this data 
should be done by the protocol serving it, not by DNS itself.

Misuse of DNS data is a problem as it is already, but it will not be 
solved by stopping deployment of DNSSEC which by other means will make the 
DNS more secure.

We believe that DNSSEC can be deployed in its current form, and are 
planning to do so. The changes proposed by NSEC2 will, if accepted by the 
DNSEXT working group, delay the standards process (again) for another 
12-18 months time we rather spend on real world deployment.

NIC-SE will give an presentation of our current DNSSEC pilot including 
various aspects such as the zone walking issue at the CENTR meeting in 
Stockholm at Tuesday 22 june at 09:00. The presentation will be given by 
either or both Johan Ihren member of the ICANN security group and Jakob 
Schlyter one of the DNSSEC RFC writers

Regards
P-O Josefsson
NIC-SE

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>