Re: Confirming the Nominet position

[bmanning@vacation.karoshi.com]

> >	Beating this dead mule...  Digitally signing the data provides an
> >	un-ambigious, hard to forge, proof that the zone and each RR in the
> >	zone was signed by a unique source.
> 
> I don't see how that helps Nominet, since, by definition, if it ends .uk 
> it'll be on their servers and the signatures would surely not be 
> preserved in a list of .uk domains.

	er... not at all.  the server @ 198.32.2.10 has had 100,000s
	of RRs that end in uk. locally stored.  - I could slurp them into 
	zone file format and publish it as uk. for the server users.  Not 
	a Nominet server(s) and not Nominet data.  QED.

> >This "watermark" technique is being 
> >	considered by some to dis-abmbigious potential conflicts.
> 
> I don't understand what this means?

	How does one distinguish the Nominet collection of data that
	ends in uk. and the Msrs Bill, Ben & Geoffs collection of data 
	that ends in uk.?

	The simple way is to "watermark" the dataset and it elements
	with digital signatures.  ergo the database entry  "co.uk."
	with a Nominet signature is clearly signed by Nominet and 
	presumably they acknowledge that the data so signed is 
	authentic to Nominet.

	One might presume that a careful application might be able
	to distinguish a "co.uk." signed by Msrs Bill, Ben & Geoff and 
	a "co.uk." signed by Nominet.  

	And it might even be reasonable to consider the possiblity of
	Nominet being grumpy about finding the unauthorized republication
	of signed Nominet data by Msrs Bill, Ben & Geoff... don't you think?

	One should be careful to mind the huge gaps in thinking here, but
	it is a plausable argument to digitally sign your zones & data.

> Cheers,
> Ben.

--bill	

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>