From owner-dns-security  Fri Apr 30 09:37:08 1999
Received: by lists.tislabs.com (8.9.1/8.9.1) id JAA10876
	Fri, 30 Apr 1999 09:30:46 -0400 (EDT)
Message-Id: <4.1.19990430091428.00af88d0@localhost>
X-Sender: ogud@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Fri, 30 Apr 1999 09:39:31 -0400
To: dns-security@lists.tislabs.com
From: Olafur Gudmundsson <ogud@tislabs.com>
Subject: Terminology question
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-dns-security@lists.tislabs.com
Precedence: bulk


The following question has come up in the creation of documentation for
BIND and presentations about security enhancements in BIND. 

Q: What is DNSSEC ? 

The DNSSEC core documents RFC2335-7 cover the use of KEY, SIG, NXT records,
using DSS and RSA. 

My coworkers and I use the DNSSEC to cover the use of KEY, SIG, NXT and
TSIG records.

In our mind TSIG is a complementary and necessary security enhancement for DNS.

Does anyone have a problem of considering TSIG as a subset of DNSSEC ? 

CERT record is also considered as part of DNSSEC even if it is not used by
DNSSEC. 

	Olafur

ps: Silence will be taken as an acceptance

----------------------------------------------------
Olafur Gudmundsson 	    		ogud@tislabs.com  (work)
443-259-2389 (NEW PHONE NUMBER)	ogud@acm.org   (private)
301-854-6889  x2389 (if you can not dial 443 area code)

From owner-dns-security  Fri Apr 30 13:30:07 1999
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA11652
	Fri, 30 Apr 1999 13:27:34 -0400 (EDT)
Message-Id: <199904301735.KAA25364@toad.com>
X-Authentication-Warning: toad.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: Olafur Gudmundsson <ogud@tislabs.com>
cc: dns-security@lists.tislabs.com, gnu@toad.com
Subject: Re: Terminology question 
In-reply-to: <4.1.19990430091428.00af88d0@localhost> 
Date: Fri, 30 Apr 1999 10:35:34 -0700
From: John Gilmore <gnu@toad.com>
Sender: owner-dns-security@lists.tislabs.com
Precedence: bulk

> Q: What is DNSSEC ? 
> 
> The DNSSEC core documents RFC2335-7 cover the use of KEY, SIG, NXT records,
> using DSS and RSA. 
> My coworkers and I use the DNSSEC to cover the use of KEY, SIG, NXT and
> TSIG records.
> 
> In our mind TSIG is a complementary and necessary security enhancement for DNS.
> 
> Does anyone have a problem of considering TSIG as a subset of DNSSEC ? 

I do have a problem considering TSIG as a part of DNSSEC.

> CERT record is also considered as part of DNSSEC even if it is not used by
> DNSSEC. 

I also have a problem with gluing the useless CERT record into DNSSEC.
It's an individual proposal by the prolific Don Eastlake.

	John