IETF Logo Mail Archive

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

Paul Wouters <paul@xelerance.com> Tue, 23 February 2010 17:52 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 219AC3A8182 for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 09:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SafBGZYAPgTH for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 09:52:14 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id 355203A7B02 for <dnsop@ietf.org>; Tue, 23 Feb 2010 09:52:14 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) by newtla.xelerance.com (Postfix) with ESMTP id 96E14BC07; Tue, 23 Feb 2010 12:54:16 -0500 (EST)
Date: Tue, 23 Feb 2010 12:54:16 -0500
From: Paul Wouters <paul@xelerance.com>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <57593737-1BD8-4021-BCA4-CFA2E738C4B8@icsi.berkeley.edu>
Message-ID: <alpine.LFD.1.10.1002231249400.9909@newtla.xelerance.com>
References: <201002220022.o1M0M3qR048760@drugs.dv.isc.org> <A8EB3AAE-0DA6-4C4E-B2D1-E548884F63D5@dnss.ec> <4B8251E9.70904@nlnetlabs.nl> <699B9362-B927-4148-B79E-2AEB6D713BE8@dnss.ec> <4B82897F.7080000@nlnetlabs.nl> <9C97F5BFBD540A6242622CC7@Ximines.local> <20100222161251.GA99592@isc.org> <FD83B7A9-583C-4E6C-9301-414D043DBB08@dnss.ec> <20100222172325.GC99592@isc.org> <EC6B9B3F-4849-403D-B533-8CE6114575EA@dnss.ec> <20100222195938.GA13437@isc.org> <4B835DB6.5050203@dougbarton.us> <4B83E582.7080807@earthlink.net> <57593737-1BD8-4021-BCA4-CFA2E738C4B8@icsi.berkeley.edu>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 17:52:15 -0000

On Tue, 23 Feb 2010, Nicholas Weaver wrote:

> On Feb 23, 2010, at 6:26 AM, Todd Glassey wrote:
>> Sorry folks - but disclosure is the rule - so something about the potential hash collision needs to be in the document and there are liability issues for the people and their sponsor's involved who vote to keep these types of key factor's out of the work products because they dont want their documents soiled by 'statements that the lifetime of the Intellectual Property is limited' which is what putting anything about why the thing may not work does IMHO.
>
> SHA1 is 160B output size.
>
> Do you really expect zones with 2^80 entries in them (the point when the birthday paradox limit start mattering)?
>
> One in a septillion probabilities on human-scale items is zero for any reasonable value of zero.  There is no liability here.

The point here is that this is discussed on RFC5155 (or even
3174). 4641bis is not meant to incorporate everything. It's goal is to
provide a synopsis from our lengthy email discussions and previous RFCs,
and provide a pointer to 5155 for a full discussion.

4641bis provides a summary of recommendations with the main considerations,
not the ultimate list of theoretical end of the world possibilities.

Throwing 'Intellectual Property' in this discussion is troll fodder.

Paul

v2.23.0 | Report a Bug | By Email