Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
Todd Glassey <tglassey@earthlink.net> Tue, 23 February 2010 14:24 UTC
Return-Path: <tglassey@earthlink.net>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5327228C1E7 for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 06:24:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Level:
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7nkwdajCoU2a for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 06:24:09 -0800 (PST)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by core3.amsl.com (Postfix) with ESMTP id E7F2D28C1D0 for <dnsop@ietf.org>; Tue, 23 Feb 2010 06:24:08 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=tjqJpqMtWpyJ+JMJhhxlWz6IlNqk09tfVurzB2chferjVhcbyhH7q93EwSTyQURE; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.66] (helo=[192.168.1.100]) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1NjviF-0005M0-Gv for dnsop@ietf.org; Tue, 23 Feb 2010 09:26:11 -0500
Message-ID: <4B83E582.7080807@earthlink.net>
Date: Tue, 23 Feb 2010 06:26:10 -0800
From: Todd Glassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: dnsop@ietf.org
References: <201002220022.o1M0M3qR048760@drugs.dv.isc.org> <A8EB3AAE-0DA6-4C4E-B2D1-E548884F63D5@dnss.ec> <4B8251E9.70904@nlnetlabs.nl> <699B9362-B927-4148-B79E-2AEB6D713BE8@dnss.ec> <4B82897F.7080000@nlnetlabs.nl> <9C97F5BFBD540A6242622CC7@Ximines.local> <20100222161251.GA99592@isc.org> <FD83B7A9-583C-4E6C-9301-414D043DBB08@dnss.ec> <20100222172325.GC99592@isc.org> <EC6B9B3F-4849-403D-B533-8CE6114575EA@dnss.ec> <20100222195938.GA13437@isc.org> <4B835DB6.5050203@dougbarton.us>
In-Reply-To: <4B835DB6.5050203@dougbarton.us>
Content-Type: multipart/alternative; boundary="------------030704090207040902090809"
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec7972bf1f36009082005d60579e65adfe5e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.66
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 14:24:10 -0000
On 2/22/2010 8:46 PM, Doug Barton wrote: > On 02/22/10 11:59, Evan Hunt wrote: > >> Note that RFC 5155 takes the time to put the issue to rest not once but >> twice: >> > I am on the fence regarding the necessity of mentioning the hash > collision issue in 4641bis. While other potential security concerns are > not directly relevant to the topic, this one is (in spite of the fact > that the possibility of a useful collision is unimaginably small). > > My thoughts are sort of leaning in the direction that a very brief > mention of the issue combined with a reference to what Evan quoted in > 5155 (which seems to handle the issue well) is probably the right > direction to go. > > Doug the real issue here is that there is no standard - and any IETF initiative may or may not include content like this meaning its up to the WG as to whether they produce documents that are uniform or documents which make it harder to rely on IETF standards. Why this is important is consistency - something the IETF has very little of except in its massively uncoordinated number of voices all screaming they dont and wont be accountable for the damage their actions cause. Sorry folks - but disclosure is the rule - so something about the potential hash collision needs to be in the document and there are liability issues for the people and their sponsor's involved who vote to keep these types of key factor's out of the work products because they dont want their documents soiled by 'statements that the lifetime of the Intellectual Property is limited' which is what putting anything about why the thing may not work does IMHO. Todd Glassey > > Doug > > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.435 / Virus Database: 271.1.1/2704 - Release Date: 02/22/10 19:34:00 > >
- [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bis-01… Internet-Drafts
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Shane Kerr
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Edward Lewis
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Florian Weimer
- [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- [DNSOP] Key sizes was Re: I-D Action:draft-ietf-d… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Chris Thompson
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Jelte Jansen
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Evan Hunt
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes bmanning
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Ted Lemon
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Peter Koch
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Francis Dupont
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Olaf Kolkman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Richard Lamb
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. bmanning
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. John Dickinson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- [DNSOP] threads having "jumped the shark" was Re:… Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Jakob Schlyter
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Nicholas Weaver
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton