[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt

To: Ben Laurie <ben@algroup.co.uk>, DNSEXT WG <namedroppers@ops.ietf.org>
Subject: Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
From: Alex Bligh <alex@alex.org.uk>
Date: Thu, 10 Jun 2004 20:25:14 +0100
Cc: Alex Bligh <alex@alex.org.uk>
In-reply-to: <40C889C3.5050609@algroup.co.uk>
References: <40C889C3.5050609@algroup.co.uk>
Reply-to: Alex Bligh <alex@alex.org.uk>

--On 10 June 2004 17:18 +0100 Ben Laurie <ben@algroup.co.uk> wrote:

"2.1.1.4 Cons

    Unbalanced cost is a ground for DDoS. Though this protects against
    enumeration, it is not really a path for versioning."

This should also mention the security risk of the requirement for an
online key.


Which you could add are of particular concern where not all secondaries
are under the same administrative control as the primary (whereas
with DNSSEC-bis this is irrelevant)

Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
  - From: Alex Bligh <alex@alex.org.uk>
- Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
  - From: Simon Josefsson <jas@extundo.com>

References:
- issues with draft-ietf-dnsext-dnssec-trans-00.txt
  - From: Ben Laurie <ben@algroup.co.uk>

Prev by Date: synthesis in -ter; HEREIS draft-vixie-dnssec-ter-01.txt
Next by Date: Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
Previous by thread: Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
Next by thread: Re: issues with draft-ietf-dnsext-dnssec-trans-00.txt
Index(es):
- Date
- Thread