IETF Logo Mail Archive

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

Doug Barton <dougb@dougbarton.us> Tue, 23 February 2010 04:44 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 492B728C22B for <dnsop@core3.amsl.com>; Mon, 22 Feb 2010 20:44:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.316
X-Spam-Level:
X-Spam-Status: No, score=-2.316 tagged_above=-999 required=5 tests=[AWL=0.283, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qMLDZZ8ZSGI4 for <dnsop@core3.amsl.com>; Mon, 22 Feb 2010 20:44:48 -0800 (PST)
Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by core3.amsl.com (Postfix) with ESMTP id 31ABC28C201 for <dnsop@ietf.org>; Mon, 22 Feb 2010 20:44:48 -0800 (PST)
Received: (qmail 29263 invoked by uid 399); 23 Feb 2010 04:46:48 -0000
Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 23 Feb 2010 04:46:48 -0000
X-Originating-IP: 127.0.0.1
X-Sender: dougb@dougbarton.us
Message-ID: <4B835DB6.5050203@dougbarton.us>
Date: Mon, 22 Feb 2010 20:46:46 -0800
From: Doug Barton <dougb@dougbarton.us>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.7) Gecko/20100218 Thunderbird/3.0.1
MIME-Version: 1.0
To: Evan Hunt <each@isc.org>
References: <201002220022.o1M0M3qR048760@drugs.dv.isc.org> <A8EB3AAE-0DA6-4C4E-B2D1-E548884F63D5@dnss.ec> <4B8251E9.70904@nlnetlabs.nl> <699B9362-B927-4148-B79E-2AEB6D713BE8@dnss.ec> <4B82897F.7080000@nlnetlabs.nl> <9C97F5BFBD540A6242622CC7@Ximines.local> <20100222161251.GA99592@isc.org> <FD83B7A9-583C-4E6C-9301-414D043DBB08@dnss.ec> <20100222172325.GC99592@isc.org> <EC6B9B3F-4849-403D-B533-8CE6114575EA@dnss.ec> <20100222195938.GA13437@isc.org>
In-Reply-To: <20100222195938.GA13437@isc.org>
X-Enigmail-Version: 1.0.1
OpenPGP: id=D5B2F0FB
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 04:44:49 -0000

On 02/22/10 11:59, Evan Hunt wrote:
> Note that RFC 5155 takes the time to put the issue to rest not once but
> twice:

I am on the fence regarding the necessity of mentioning the hash
collision issue in 4641bis. While other potential security concerns are
not directly relevant to the topic, this one is (in spite of the fact
that the possibility of a useful collision is unimaginably small).

My thoughts are sort of leaning in the direction that a very brief
mention of the issue combined with a reference to what Evan quoted in
5155 (which seems to handle the issue well) is probably the right
direction to go.


Doug

-- 

	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

v2.23.0 | Report a Bug | By Email