Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

[Todd Glassey <tglassey@earthlink.net>]

On 2/22/2010 8:46 PM, Doug Barton wrote:
> On 02/22/10 11:59, Evan Hunt wrote:
>    
>> Note that RFC 5155 takes the time to put the issue to rest not once but
>> twice:
>>      
> I am on the fence regarding the necessity of mentioning the hash
> collision issue in 4641bis. While other potential security concerns are
> not directly relevant to the topic, this one is (in spite of the fact
> that the possibility of a useful collision is unimaginably small).
>
> My thoughts are sort of leaning in the direction that a very brief
> mention of the issue combined with a reference to what Evan quoted in
> 5155 (which seems to handle the issue well) is probably the right
> direction to go.
>
>    
Doug the real issue here is that there is no standard - and any IETF 
initiative may or may not include content like this meaning its up to 
the WG as to whether they produce documents that are uniform or 
documents which make it harder to rely on IETF standards. Why this is 
important is consistency - something the IETF has very little of except 
in its massively uncoordinated number of voices all screaming they dont 
and wont be accountable for the damage their actions cause.

Sorry folks - but disclosure is the rule - so something about the 
potential hash collision needs to be in the document and there are 
liability issues for the people and their sponsor's involved who vote to 
keep these types of key factor's out of the work products because they 
dont want their documents soiled by 'statements that the lifetime of the 
Intellectual Property is limited' which is what putting anything about 
why the thing may not work does IMHO.

Todd Glassey
>
> Doug
>
>    
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.435 / Virus Database: 271.1.1/2704 - Release Date: 02/22/10 19:34:00
>
>