IETF Logo Mail Archive

Re: Another NEW technical argument for Opt-In.

"Olaf M. Kolkman" <olaf@ripe.net> Mon, 11 March 2002 11:54 UTC

Received: from psg.com (exim@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA05325 for <dnsext-archive@lists.ietf.org>; Mon, 11 Mar 2002 06:54:50 -0500 (EST)
Received: from lserv by psg.com with local (Exim 3.35 #1) id 16kOFi-000At3-00 for namedroppers-data@psg.com; Mon, 11 Mar 2002 03:46:06 -0800
Received: from birch.ripe.net ([193.0.1.96]) by psg.com with esmtp (Exim 3.35 #1) id 16kOFg-000Asw-00 for namedroppers@ops.ietf.org; Mon, 11 Mar 2002 03:46:05 -0800
Received: from x50 (x50.ripe.net [193.0.1.50]) by birch.ripe.net (8.11.6/8.11.6) with SMTP id g2BBk0021644; Mon, 11 Mar 2002 12:46:00 +0100
Date: Mon, 11 Mar 2002 12:46:00 +0100
From: "Olaf M. Kolkman" <olaf@ripe.net>
To: Roy Arends <Roy.Arends@nominum.com>
Cc: namedroppers@ops.ietf.org
Subject: Re: Another NEW technical argument for Opt-In.
Message-Id: <20020311124600.5dccf8b0.olaf@ripe.net>
In-Reply-To: <20020311105901.N9362-100000@node10c4d.a2000.nl>
References: <20020311104742.77122eee.olaf@ripe.net> <20020311105901.N9362-100000@node10c4d.a2000.nl>
Organization: RIPE NCC
X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.9; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

On Mon, 11 Mar 2002 12:17:40 +0100 (CET)
Roy Arends <Roy.Arends@nominum.com> wrote:


> Can you state the _operational_ arguments for 'restrict opt-in to
> delagations only' ?  That was I was looking for !

http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg00104.html and
other messages.

Abstract: Introducing granularity of security will make troubleshooting
verifiers harder. One moves the burden away from the servers to the
clients.

I am afraid that we will follow a path where end users cannot be
bothered to set up verifying resolvers since only the www.bla.foos in the
world are signed and the costs of maintaining is just to
high.

I realize these are not the strongest argument so I do  not want to be
orthodox about them. However, I still wonder why the original designers
choose to work with the concept of secure zones instead of secure names.


--------------------------------------------| Olaf M. Kolkman
                                            | www.ripe.net/disi


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.39.1 | Report a Bug | By Email | System Status