On 2/20/2010 8:48 AM, Paul Wouters wrote:
On Sat, 20 Feb 2010, Alex Bligh wrote:
There are two meachanisms to provide authenticated proof of
exsitance/non-existance in DNSSEC.
I don't believe either provides proof of existence (apart from
existence of the NSECx record).
Yep - agreed.
If you can proof one, you can also proof the other :)
Not so - and its prove. The issue is that technical proofs and legal
proofs are NOT the same thing anywhere but here before the IETF making
them worthless in Courts.
Todd Glassey
I think they both only provide
proof of non-existence (and in the case of NSEC3 opt out, not
even that).
That I agree with. NSEC3 plus OPT-OUT does not give a full
authenticated proof of non-existance.
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.435 / Virus Database: 271.1.1/2698 - Release Date: 02/19/10
19:34:00
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
