Ben Laurie
Thu, 27 Mar 2008 11:14:42 -0700
Dave Howe wrote:
James A. Donald wrote:From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is "working fine" except that ....DNSSEC is "working fine" as a technology. However, it is worth remembering that it works based on digitally signing an entire zone - the state of the world being what it is, most people prohibit xfer so any other technology that would allow a zonewalk is not going to be deployed.as far as I can tell, this is a basic design flaw, so isn't going to be rectified anytime soon.
RFC 5155 rectifies this design flaw. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]