Davey,
just because A => B, it doesn’t mean that !B => !A. Your
analysis is flawed.
Mark
> On 27 Jul 2018, at 2:13 pm, Davey Song <[email protected]> wrote:
>
>
>
> On Fri, 27 Jul 2018 at 12:04, Evan Hunt <[email protected]> wrote:
> On Fri, Jul 27, 2018 at 11:24:33AM +0800, Davey Song wrote:
> > The draft says zone digest is not for protecting zone transmition.
>
> Where did it say that? I didn't notice it.
>
> I mean zone digest is not for zone transimition with channel security. On
> page 4, the authors compare zone digest and Channel security.
>
> Unfortunately, the protections provided by these channel security
> techniques are ephemeral and are not retained after the data transfer
> is complete. They can ensure that the client receives the data from
> the expected server, and that the data sent by the server is not
> modified during transmission. However, they do not guarantee that
> the server transmits the data as originally published, and do not
> provide any methods to verify data that is read after transmission is
> complete. For example, a name server loading saved zone data upon
> restart cannot guarantee that the on-disk data has not been modified.
> For these reasons, it is preferable to secure the data itself.
>
> Davey
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
