[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] I think we may have a solution - DNSCurve

To: Mark Andrews <Mark_Andrews at isc.org>
Subject: Re: [DNSOP] I think we may have a solution - DNSCurve
From: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Date: Wed, 3 Sep 2008 09:13:00 +0200
Cc: dnsop at ietf.org
Delivered-to: ietfarch-dnsop-web-archive at core3.amsl.com
Delivered-to: dnsop at core3.amsl.com
In-reply-to: <200809030133.m831XsfV024528 at drugs.dv.isc.org>
List-archive: <http://www.ietf.org/pipermail/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
Organization: NIC France
References: <20080902201139.GA21161 at sources.org> <200809030133.m831XsfV024528 at drugs.dv.isc.org>
Sender: dnsop-bounces at ietf.org
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Sep 03, 2008 at 11:33:54AM +1000,
 Mark Andrews <Mark_Andrews at isc.org> wrote 
 a message of 24 lines which said:

> 	A NXDOMAIN response if cyptographically proved with DNSSEC.

There are two possibilities:

1) I understand nothing to DNSSEC (this is quite possible, giving my
experience with it and the complexity of the protocol).

2) You are playing with words.

"The domain example.org does not exist" can be cyptographically proved
with DNSSEC, that's correct. But you need NSEC* records to do so, you
cannot directly sign a NXDOMAIN response.
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Follow-Ups:
- Re: [DNSOP] I think we may have a solution - DNSCurve
  - From: Roy Arends

References:
- Re: [DNSOP] I think we may have a solution - DNSCurve
  - From: Stephane Bortzmeyer
- Re: [DNSOP] I think we may have a solution - DNSCurve
  - From: Mark Andrews

Prev by Date: Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC
Next by Date: Re: [DNSOP] I think we may have a solution - DNSCurve
Previous by thread: Re: [DNSOP] I think we may have a solution - DNSCurve
Next by thread: Re: [DNSOP] I think we may have a solution - DNSCurve
Index(es):
- Date
- Thread