Re: draft-arends-dnsnr-00
Roy Arends <roy@dnss.ec> Fri, 23 July 2004 23:27 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA03866 for <dnsext-archive@lists.ietf.org>; Fri, 23 Jul 2004 19:27:49 -0400 (EDT)
Received: from majordom by psg.com with local (Exim 4.34 (FreeBSD)) id 1Bo9OH-000Aow-V3 for namedroppers-data@psg.com; Fri, 23 Jul 2004 23:23:49 +0000
Received: from [195.47.254.10] (helo=mail.schlyter.se) by psg.com with esmtp (Exim 4.34 (FreeBSD)) id 1Bo9OG-000AoP-IS for namedroppers@ops.ietf.org; Fri, 23 Jul 2004 23:23:48 +0000
Received: by mail.schlyter.se (Postfix, from userid 2038) id 500C0AC8B; Sat, 24 Jul 2004 01:23:47 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.schlyter.se (Postfix) with ESMTP id 35CD6AC8A; Sat, 24 Jul 2004 01:23:47 +0200 (CEST)
Date: Sat, 24 Jul 2004 01:23:47 +0200
From: Roy Arends <roy@dnss.ec>
X-X-Sender: roy@trinitario.schlyter.se
To: Ben Laurie <ben@algroup.co.uk>
Cc: namedroppers@ops.ietf.org
Subject: Re: draft-arends-dnsnr-00
In-Reply-To: <41014817.4050904@algroup.co.uk>
Message-ID: <Pine.BSO.4.56.0407240109280.8561@trinitario.schlyter.se>
References: <Pine.BSO.4.56.0407121709550.12231@trinitario.schlyter.se> <40F7F935.7050204@algroup.co.uk> <40F813B4.9090004@dnss.ec> <40FBD032.3080504@algroup.co.uk> <007f01c46d9a$a0451690$970fa9c3@mobile666> <40FFD194.6070002@algroup.co.uk> <Pine.BSO.4.56.0407221641490.5980@trinitario.schlyter.se> <41014817.4050904@algroup.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on psg.com
X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
On Fri, 23 Jul 2004, Ben Laurie wrote: > Roy Arends wrote: > > > On Thu, 22 Jul 2004, Ben Laurie wrote: > > > > > >>Roy Arends wrote: > >> > >> > >>>If you would have signed a record set, the DNSNR prevents you denying > >>>having signed that record set. > >> > >>I don't see how - I could sign a DNSNR that denied the very record set I > >>had actually signed. > > > > There are many ways of shooting yourself in the foot. The point is that > > someone can't shoot you in the foot. > > Well, that's not what you said: "the DNSNR prevents you denying having > signed that record set." Ben. It is very simple: If _you_ state that _you_ signed record type AAAA and record type MX for a given name, while not actually signing record type AAAA and record type MX, that would be violating the spec. Just as you can write an implementation that publishes a CNAME and an A record type for a give name. Sure you can do it. But that would be violating the spec. > If you want it to mean it prevents someone else denying it, Not 'someone else', but anyone. > I would argue even more strongly against the use of "non-repudiation" to > describe this, since almost no-one would expect it to mean what you want > it to mean! That is arrogant. Let me ask you this, if you see a record type for Non Repudiation of existence of DNS data, what do you expect it to mean ? How is that different from what I actually wrote ? Roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Greg Hudson
- Re: draft-arends-dnsnr-00 Paul Vixie