[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] I think we may have a solution - DNSCurve

To: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Subject: Re: [DNSOP] I think we may have a solution - DNSCurve
From: Mark Andrews <Mark_Andrews at isc.org>
Date: Wed, 03 Sep 2008 11:33:54 +1000
Cc: dnsop at ietf.org
Delivered-to: ietfarch-dnsop-web-archive at core3.amsl.com
Delivered-to: dnsop at core3.amsl.com
In-reply-to: Your message of "Tue, 02 Sep 2008 22:11:39 +0200." <20080902201139.GA21161 at sources.org>
List-archive: <http://www.ietf.org/pipermail/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
Sender: dnsop-bounces at ietf.org

> On Mon, Sep 01, 2008 at 04:49:12PM -0400,
>  Paul Wouters <paul at xelerance.com> wrote 
>  a message of 18 lines which said:
> 
> > many issues there which are not addressed [...] authenticated denial
> > of existence,
> 
> Although I agree with your criticism that there is no published
> *specification* of DNScurve (wether in Internet-Draft form or else),
> this specific issue seems addressed today: DNScurve signs the packet,
> not the resource records, and therefore a NXDOMAIN response can be
> signed (unlike what happens with DNSSEC).

	A NXDOMAIN response if cyptographically proved with DNSSEC.

	There are other rcodes that DNSSEC does not cover but NXDOMAIN
	is not one of them.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Follow-Ups:
- Re: [DNSOP] I think we may have a solution - DNSCurve
  - From: Stephane Bortzmeyer

References:
- Re: [DNSOP] I think we may have a solution - DNSCurve
  - From: Stephane Bortzmeyer

Prev by Date: Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC
Next by Date: Re: [DNSOP] DNSKEY / multiprecision number format? (fwd)
Previous by thread: Re: [DNSOP] I think we may have a solution - DNSCurve
Next by thread: Re: [DNSOP] I think we may have a solution - DNSCurve
Index(es):
- Date
- Thread