Re: Summary: What to do with expired signatures

"Scott Rose" <scottr@antd.nist.gov> Tue, 12 February 2002 13:36 UTC

Message-ID: <008701c1b3c7$8e7cec60$b9370681@antd.nist.gov>
From: Scott Rose <scottr@antd.nist.gov>
To: namedroppers@ops.ietf.org
References: <v03130300b88dcad45da8@[192.35.165.115]><014001c1b33d$bf4dabc0$b9370681@antd.nist.gov> <sjm3d07boao.fsf@kikki.mit.edu>
Subject: Re: Summary: What to do with expired signatures
Date: Tue, 12 Feb 2002 08:16:58 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

Not a "major" problem, but not a wise thing to do if an admin wants their
DNS data to be accepted by other servers.  If there is at least one SIG in a
set that is valid (cryptographically and temoraly) then no problem.

SIGs that are not valid can easily be dropped, since it makes no sense
storing them.  It's an implementation detail.

Still fighting the urge to save clueless admins from themselves I guess.  :)
Scott

----- Original Message -----
From: "Derek Atkins" <warlord@MIT.EDU>
To: "Scott Rose" <scottr@antd.nist.gov>
Cc: <namedroppers@ops.ietf.org>
Sent: Monday, February 11, 2002 6:18 PM
Subject: Re: Summary: What to do with expired signatures

> "Scott Rose" <scottr@antd.nist.gov> writes:
>
> > I think it should be "ever again" - however, there is the problem of
SIGs
> > with inception times in the future.  What if a SIG has an inception time
1
> > day in the future, but the TTL for the SIG and RRSet it covers is only 1
> > hour?  it would be purged from the cache before the signature could be
> > considered valid.
>
> Yea?  So?  What's the problem with that?
>
> > Scott
>
> -derek
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Re: Summary: What to do with expired signatures Scott Rose
Re: Summary: What to do with expired signatures Eric Brunner-Williams in Portland Maine
Re: Summary: What to do with expired signatures Måns Nilsson
Re: Summary: What to do with expired signatures Paul V. Mockapetris
Re: Summary: What to do with expired signatures Josh Littlefield
Re: Summary: What to do with expired signatures Randy Bush
Re: Summary: What to do with expired signatures Eric A. Hall
Re: Summary: What to do with expired signatures Eric A. Hall
RR Text format (was: Re: Summary: What to do ...) Ólafur Guðmundsson
Re: Summary: What to do with expired signatures Olaf M. Kolkman
Re: Summary: What to do with expired signatures Paul Vixie
Re: Summary: What to do with expired signatures Edward Lewis
Re: Summary: What to do with expired signatures Eric Brunner-Williams in Portland Maine
Re: Summary: What to do with expired signatures Paul Vixie
Re: Summary: What to do with expired signatures Paul Vixie
Re: Summary: What to do with expired signatures Paul Vixie
Re: RR Text format (was Re: Summary: What to do w… Randy Bush
Re: RR Text format (was Re: Summary: What to do w… bert hubert
Re: Summary: What to do with expired signatures Robert Elz
Re: Summary: What to do with expired signatures Rob Austein
Re: Summary: What to do with expired signatures Edward Lewis
Re: Summary: What to do with expired signatures Jim Reid
Re: Summary: What to do with expired signatures Eric A. Hall
Re: Summary: What to do with expired signatures Edward Lewis
Re: Summary: What to do with expired signatures Paul Vixie
RR Text format (was Re: Summary: What to do with … Greg Hudson
Compliance tests (Was: Re: Summary: What to do wi… Stefan Arentz