Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
Paul Wouters <paul@xelerance.com> Tue, 23 February 2010 17:52 UTC
Return-Path: <paul@xelerance.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 219AC3A8182 for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 09:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SafBGZYAPgTH for <dnsop@core3.amsl.com>; Tue, 23 Feb 2010 09:52:14 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id 355203A7B02 for <dnsop@ietf.org>; Tue, 23 Feb 2010 09:52:14 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) by newtla.xelerance.com (Postfix) with ESMTP id 96E14BC07; Tue, 23 Feb 2010 12:54:16 -0500 (EST)
Date: Tue, 23 Feb 2010 12:54:16 -0500
From: Paul Wouters <paul@xelerance.com>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <57593737-1BD8-4021-BCA4-CFA2E738C4B8@icsi.berkeley.edu>
Message-ID: <alpine.LFD.1.10.1002231249400.9909@newtla.xelerance.com>
References: <201002220022.o1M0M3qR048760@drugs.dv.isc.org> <A8EB3AAE-0DA6-4C4E-B2D1-E548884F63D5@dnss.ec> <4B8251E9.70904@nlnetlabs.nl> <699B9362-B927-4148-B79E-2AEB6D713BE8@dnss.ec> <4B82897F.7080000@nlnetlabs.nl> <9C97F5BFBD540A6242622CC7@Ximines.local> <20100222161251.GA99592@isc.org> <FD83B7A9-583C-4E6C-9301-414D043DBB08@dnss.ec> <20100222172325.GC99592@isc.org> <EC6B9B3F-4849-403D-B533-8CE6114575EA@dnss.ec> <20100222195938.GA13437@isc.org> <4B835DB6.5050203@dougbarton.us> <4B83E582.7080807@earthlink.net> <57593737-1BD8-4021-BCA4-CFA2E738C4B8@icsi.berkeley.edu>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 17:52:15 -0000
On Tue, 23 Feb 2010, Nicholas Weaver wrote: > On Feb 23, 2010, at 6:26 AM, Todd Glassey wrote: >> Sorry folks - but disclosure is the rule - so something about the potential hash collision needs to be in the document and there are liability issues for the people and their sponsor's involved who vote to keep these types of key factor's out of the work products because they dont want their documents soiled by 'statements that the lifetime of the Intellectual Property is limited' which is what putting anything about why the thing may not work does IMHO. > > SHA1 is 160B output size. > > Do you really expect zones with 2^80 entries in them (the point when the birthday paradox limit start mattering)? > > One in a septillion probabilities on human-scale items is zero for any reasonable value of zero. There is no liability here. The point here is that this is discussed on RFC5155 (or even 3174). 4641bis is not meant to incorporate everything. It's goal is to provide a synopsis from our lengthy email discussions and previous RFCs, and provide a pointer to 5155 for a full discussion. 4641bis provides a summary of recommendations with the main considerations, not the ultimate list of theoretical end of the world possibilities. Throwing 'Intellectual Property' in this discussion is troll fodder. Paul
- [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bis-01… Internet-Drafts
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Shane Kerr
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Edward Lewis
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Florian Weimer
- [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- [DNSOP] Key sizes was Re: I-D Action:draft-ietf-d… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Chris Thompson
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Jelte Jansen
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Evan Hunt
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes bmanning
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Ted Lemon
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Peter Koch
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Francis Dupont
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Olaf Kolkman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Richard Lamb
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. bmanning
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. John Dickinson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- [DNSOP] threads having "jumped the shark" was Re:… Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Jakob Schlyter
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Nicholas Weaver
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton