Re: draft-arends-dnsnr-00
Roy Badami <roy@gnomon.org.uk> Sat, 24 July 2004 00:29 UTC
From: Roy Badami <roy@gnomon.org.uk>
Subject: Re: draft-arends-dnsnr-00
Date: Sat, 24 Jul 2004 01:29:32 +0100
Lines: 53
Sender: owner-namedroppers@ops.ietf.org
References: <Pine.BSO.4.56.0407121709550.12231@trinitario.schlyter.se> <40F7F935.7050204@algroup.co.uk> <40F813B4.9090004@dnss.ec> <40FBD032.3080504@algroup.co.uk> <007f01c46d9a$a0451690$970fa9c3@mobile666> <40FFD194.6070002@algroup.co.uk> <Pine.BSO.4.56.0407221641490.5980@trinitario.schlyter.se> <41014817.4050904@algroup.co.uk> <Pine.BSO.4.56.0407240109280.8561@trinitario.schlyter.se>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: Ben Laurie <ben@algroup.co.uk>, namedroppers@ops.ietf.org
X-From: owner-namedroppers@ops.ietf.org Sat Jul 24 02:35:15 2004
Return-path: <owner-namedroppers@ops.ietf.org>
To: Roy Arends <roy@dnss.ec>
In-Reply-To: <Pine.BSO.4.56.0407240109280.8561@trinitario.schlyter.se>
X-Mailer: VM 7.18 under Emacs 21.3.1
X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes)
X-Primary-Address: roy@gnomon.org.uk
Received-SPF: pass (spike.gnomon.org.uk: 81.100.86.162 is authenticated by a trusted mechanism)
X-Virus-Scanned: clamd / ClamAV version 0.73, clamav-milter version 0.73a on spike.gnomon.org.uk
X-Virus-Status: Clean
Precedence: bulk
X-Message-ID:
Message-ID: <20140418071904.2560.58743.ARCHIVE@ietfa.amsl.com>
>>>>> "Roy" == Roy Arends <roy@dnss.ec> writes: Roy> Ben. It is very simple: Roy> If _you_ state that _you_ signed record type AAAA and record Roy> type MX for a given name, while not actually signing record Roy> type AAAA and record type MX, that would be violating the Roy> spec. I'm going to have to agree with Ben here. For it to consitute non-repudiation as commonly understood, then doing as you describe would have to be provable by a third party by means of the cryptographic protocol, not merely a violation of the specification. Non-repudiation of signing would mean that if you signed something you can't later deny that you've signed it. Or rather, that if you try, a third party can prove that you're lying. But that's a defining property of signing and noone would explicitly state it; anyone can check the signature and prove that you did indeed sign the data. (Here "you" actually means someone who has access to your private key, but that's an implicit assumption in these things.) But that's not what we're taling about, I think. What we're talking about is signing some statement (some kind of NSEC++ record) that asserts that a record doesn't exist. It's just signing a negative statement; it's not asserting that you didn't sign something; and it has nothing to do with either non-repudiation or repudiability. Indeed (not that it's relevant to the argument) but you *might* have signed such a record in the past, that doesn't mean you can't now sign a statement to the effect that the record no longer exists. I am not a cyptologist, but AIUI, non-repudiation means that some other party (either the other party in the transaction, or some third party) is able to prove that the transaction did take place. FWIW, the converse, repudiability, means that if you and I engage in a cryptographic transaction, no third party observer (and perhaps even neither of us) has evidence that would prove that the transaction actually took place. I really don't see either non-repudiation or repudiablity as being relevent to the protocols we're discussing here. We're simply talking about making a signed statement that a particular record does not exist. -roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- comments on draft-arends-dnsnr-00 Scott Rose
- comments on draft-arends-dnsnr-00 Loomis, Rip
- Re: comments on draft-arends-dnsnr-00 Roy Arends
- Re: comments on draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Badami
- Re: draft-arends-dnsnr-00 David Blacka
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Paul Vixie
- Re: draft-arends-dnsnr-00 Olaf M. Kolkman
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Samuel Weiler
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Samuel Weiler
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Edward Lewis
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Arends