[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC2- and an Authenticated Denial Mechanism Flag

To: namedroppers@ops.ietf.org
Subject: Re: NSEC2- and an Authenticated Denial Mechanism Flag
From: geoff@nominet.org.uk (Geoffrey Sisson)
Date: Thu, 27 May 2004 10:52:01 +0100 (BST)

Paul Vixie <paul@vix.com> writes:

> but i guess every generation wants to learn that security through obscurity
> is an illusion, the hard way.

NSEC2 RRs are intended to prevent the zone from being _trivially_
elaborated.

It's one thing to park a car unlocked with the keys in the ignition;
it's another to park it in a garage, lock the doors, and remove the
key.

Also, NSEC2 uses strong encryption, so it isn't entirely justifiable to
charactarise it as security through obscurity.

Regards

Geoff

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: NSEC2- and an Authenticated Denial Mechanism Flag
  - From: bmanning@vacation.karoshi.com

Prev by Date: Re: NSEC2- and an Authenticated Denial Mechanism Flag
Next by Date: Re: NIC-SE statement regarding NSEC zone walking
Previous by thread: Re: NSEC2- and an Authenticated Denial Mechanism Flag
Next by thread: Re: NSEC2- and an Authenticated Denial Mechanism Flag
Index(es):
- Date
- Thread