Re: DS and Opt-in - a proposal

Roy Arends <Roy.Arends@nominum.com> Wed, 09 January 2002 00:59 UTC

In-Reply-To: <20020104040226.0E1AB7B7D@berkshire.research.att.com>
Message-ID: <20020108153521.M28305-100000@node10c4d.a2000.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Date: Tue, 08 Jan 2002 16:35:11 +0100
From: Roy Arends <Roy.Arends@nominum.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: Roy Arends <Roy.Arends@nominum.com>, namedroppers@ops.ietf.org
Subject: Re: DS and Opt-in - a proposal
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk

On Thu, 3 Jan 2002, Steven M. Bellovin wrote:

> In message <20011228111431.V13525-100000@node10c4d.a2000.nl>, Roy Arends writes
> :
>
> >We are not talking about authenticated [denial of] existence in general,
> >only about authenticated [denial of] existence of unsecured names.
> >
> >Imagine going into a tourist office (.city), the only authoritative
> >place in town to get the authenticatable, verifiable information from.
>
> Let me point folks at draft-bellovin-dnsext-bloomfilt-00.txt, which is
> designed to address that issue.
>
> (a) Is the issue important enough to be worth introducing a brand-new
> mechanism at this time?
>
> (b) Is the false positive rate acceptable?
>
> (c) If so, is the protocol complexity of this suggestion acceptable?
>
> (d) Is it operationally real?

The idea of using bloom-filters is interesting, but I've
some small concerns about the following:

wrt loops:

In the paper there is an example of using an url in a resource record:

     https://bloomfilter.ns.example.com?324+3248+23980+89732+...

1) this triggers another lookup, which uses the DNS. What if
   "bloomfilter.ns.example.com" does not exist ? How is that denied ?

2) How is the existence of the bloom resource record containing the url
   denied ?

My 0.02 Euro

Roy Arends
Nominum

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

RE: DS and Opt-in - a proposal Hallam-Baker, Phillip
Re: DS and Opt-in - a proposal Greg Hudson
RE: DS and Opt-in - a proposal Ted Lindgreen
RE: DS and Opt-in - a proposal Roy Arends
Re: DS and Opt-in - a proposal Ted Lindgreen
RE: DS and Opt-in - a proposal Jakob Schlyter
Re: DS and Opt-in - a proposal Derek Atkins
RE: DS and Opt-in - a proposal Hallam-Baker, Phillip
Re: DS and Opt-in - a proposal Paul Vixie
RE: DS and Opt-in - a proposal Hallam-Baker, Phillip
RE: DS and Opt-in - a proposal Loomis, Rip
Re: DS and Opt-in - a proposal Derek Atkins
Re: DS and Opt-in - a proposal Ted Lindgreen
RE: DS and Opt-in - a proposal Ted Lindgreen
Re: DS and Opt-in - a proposal Steven M. Bellovin
Re: DS and Opt-in - a proposal bert hubert
RE: DS and Opt-in - a proposal Randy Bush
RE: DS and Opt-in - a proposal Hallam-Baker, Phillip
RE: DS and Opt-in - a proposal Brian Wellington
Re: DS and Opt-in - a proposal Paul Vixie
Re: DS and Opt-in - a proposal Roy Arends
Opt-in generates implementation pull bert hubert
Re: DS and Opt-in - a proposal bert hubert
RE: DS and Opt-in - a proposal Greg Hudson
Re: DS and Opt-in - a proposal Roy Arends
Re: DS and Opt-in - a proposal Paul Vixie
Re: DS and Opt-in - a proposal Ted Lindgreen
Re: DS and Opt-in - a proposal Roy Arends
Re: DS and Opt-in - a proposal Roy Arends
Re: DS and Opt-in - a proposal Mark Kosters
RE: DS and Opt-in - a proposal Roy Arends
Re: DS and Opt-in - a proposal Stefan Arentz
Re: DS and Opt-in - a proposal Derek Atkins