[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)

To: Roy Badami <roy@gnomon.org.uk>
Subject: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
From: Edward Lewis <edlewis@arin.net>
Date: Fri, 28 May 2004 15:28:41 -0400
Cc: Edward Lewis <edlewis@arin.net>, roy@dnss.ec, Paul Vixie <paul@vix.com>, namedroppers@ops.ietf.org
In-reply-to: <16567.35803.237199.333100@giles.gnomon.org.uk>
References: <roy@gnomon.org.uk> <16565.45956.205803.87821@giles.gnomon.org.uk> <20040527181920.660CE13DED@sa.vix.com> <16566.14967.104462.921988@giles.gnomon.org.uk> <a06020412bcdbf721e5e8@[192.168.1.100]> <Pine.LNX.4.58.0405281026550.15786@elektron.atoom.net> <16567.20826.302378.846966@giles.gnomon.org.uk> <a0602042cbcdd2cd7f2ba@[192.168.1.100]> <16567.35803.237199.333100@giles.gnomon.org.uk>

At 19:58 +0100 5/28/04, Roy Badami wrote:

existence of a DS record -- that the v1-era resolver can't verify), I
think it is desirably that a v1-verifier *always* regards a delegation
from a v2-zone as insecure.  This avoids a false expectation of

If when you are confused you fail "open" you are very vulnerable. Ever try to just confuse a security guard to gain access to a building? When it works, it's usually bad for the building (owner).

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                            +1-703-227-9854
ARIN Research Engineer

Even the voices inside my head are refusing to talk to me anymore.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Paul Vixie <paul@vix.com>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Edward Lewis <edlewis@arin.net>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: roy@dnss.ec
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Edward Lewis <edlewis@arin.net>
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>

Prev by Date: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
Next by Date: RE: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
Previous by thread: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
Next by thread: Re: NSEC2- and an Authenticated Denial Mechanism Flag (was: NSEC+ and NO)
Index(es):
- Date
- Thread