Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.txt
Roy Arends <Roy.Arends@nominum.com> Sat, 21 July 2001 10:40 UTC
Received: from psg.com (exim@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA16590 for <dnsext-archive@lists.ietf.org>; Sat, 21 Jul 2001 06:40:23 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 3.31 #1) id 15NrNN-00080O-00 for namedroppers-data@psg.com; Sat, 21 Jul 2001 00:40:37 -0700
Received: from roam.psg.com ([147.28.0.10] ident=root) by psg.com with esmtp (Exim 3.31 #1) id 15NrNN-000808-00 for namedroppers@ops.ietf.org; Sat, 21 Jul 2001 00:40:37 -0700
Received: from randy by roam.psg.com with local (Exim 3.30 #1) id 15NrNN-0001qd-00 for namedroppers@ops.ietf.org; Sat, 21 Jul 2001 00:40:37 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: Roy Arends <Roy.Arends@nominum.com>
To: namedroppers@ops.ietf.org
Cc: Brian.Wellington@nominum.com, ogud@ogud.com
Subject: Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.txt
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Message-Id: <E15NrNN-00080O-00@psg.com>
Date: Sat, 21 Jul 2001 00:40:37 -0700
Content-Transfer-Encoding: 7bit
Ha ! , responding to myself :-) Anyway, after an offlist discussion between Brian and myself, I understand and agree with his point of view. It boils down to the following: AD bit indicates data has been authenticated. A cache MUST have authenticated the data when it has the AD bit set on responses. Authoritative and signed data, stored on disk, may have been authenticated already, and therefor authenticating it again is doubling the effort. If an adminstrator authenticated the data on disk according to its policy, it may instruct the server to treat it as such, without having the server actually authenticate the data itself. Ofcourse this could mean that the data served by an authoritative server is not authenticated at all while the AD is set, but that is the responsibility of the administrator/domain holder. So, apart from a few small clarifications, I agree with the draft. Regards, Roy Arends Nominum to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body.
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Roy Arends
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Brian Wellington
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Edward Lewis
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Jakob Schlyter
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Edward Lewis
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Roy Arends
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Brian Wellington
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Edward Lewis
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Roy Arends
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Edward Lewis
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Edward Lewis
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Brian Wellington
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Brian Wellington
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Roy Arends
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Stephan Jager
- Re: I-D ACTION:draft-ietf-dnsext-ad-is-secure-03.… Roy Arends