Re: [dnsext] RFC 4035 and "caching" of "expired RRSIG's"
Florian Weimer <fweimer@bfk.de> Tue, 04 January 2011 10:50 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69B903A6B5A for <dnsext@core3.amsl.com>; Tue, 4 Jan 2011 02:50:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.124
X-Spam-Level:
X-Spam-Status: No, score=-2.124 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KUQeJo8AB8Yi for <dnsext@core3.amsl.com>; Tue, 4 Jan 2011 02:50:05 -0800 (PST)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by core3.amsl.com (Postfix) with ESMTP id 6D5A73A698E for <dnsext@ietf.org>; Tue, 4 Jan 2011 02:50:00 -0800 (PST)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1Pa4Up-0006Xw-1c; Tue, 04 Jan 2011 10:52:07 +0000
Received: by bfk.de with local id 1Pa4Uo-0004kV-VC; Tue, 04 Jan 2011 10:52:06 +0000
To: Marc Lampo <marc.lampo@eurid.eu>
References: <000201cbabf5$0533d010$0f9b7030$@eurid.eu> <82sjx9kmqf.fsf@mid.bfk.de> <000c01cbabfc$b527e4f0$1f77aed0$@eurid.eu>
From: Florian Weimer <fweimer@bfk.de>
Date: Tue, 04 Jan 2011 10:52:06 +0000
In-Reply-To: <000c01cbabfc$b527e4f0$1f77aed0$@eurid.eu> (Marc Lampo's message of "Tue\, 4 Jan 2011 11\:46\:51 +0100 \(CET\)")
Message-ID: <82lj31uejt.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] RFC 4035 and "caching" of "expired RRSIG's"
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2011 10:50:06 -0000
* Marc Lampo: > You indicate that this portion of the RFC handles TTL only, > but the last paragraph of that section 4.5 states : > "until the TTL or signatures ... expire" > --> this leads to believe that it is not exclusively TTL only > That possible, dual, interpretation indicates the need for clarifation, I > would say. The paragraph containing this statement sketches NODATA/NXDOMAIN/wildcard synthesis and recommends against it. For that type of synthesis, you likely want to obey cryptographic constraints because you only want to synthesize an answer which can be proven cryptographically valid. This is about pulling records from thin air, and it is fundamentally different from regular caching behavior. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- Re: [dnsext] RFC 4035 and "caching" of "expired R… Marc Lampo
- [dnsext] RFC 4035 and "caching" of "expired RRSIG… Marc Lampo
- Re: [dnsext] RFC 4035 and "caching" of "expired R… Florian Weimer
- Re: [dnsext] RFC 4035 and "caching" of "expired R… Florian Weimer