[EMAIL PROTECTED] writes: > there is no requirement to re-sign every record to achieve > your 1 day expiry. Just change the zone key whenever you change > zone data and have a 1 day expiry on the zone key's signature. No. If you maintain the validity of signatures on old records, you're allowing the attack to succeed. If you don't maintain the validity of those signatures, you have to immediately sign those records again. Please withdraw your claim. ---Dan -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
- Re: NGtrans - DNSext joint meeting, call for participat... D. J. Bernstein
- Re: NGtrans - DNSext joint meeting, call for parti... Matt Crawford
- Re: NGtrans - DNSext joint meeting, call for participat... Matt Crawford
- Re: NGtrans - DNSext joint meeting, call for participat... David Terrell
- Re: NGtrans - DNSext joint meeting, call for parti... D. J. Bernstein
- Re: NGtrans - DNSext joint meeting, call for participat... Andreas Gustafsson
- Re: NGtrans - DNSext joint meeting, call for participat... Robert Elz
- Re: (ngtrans) Re: NGtrans - DNSext joint meeting, ... D. J. Bernstein
- Re: Joint DNSEXT & NGTRANS agenda D. J. Bernstein
- Re: NGtrans - DNSext joint meeting, call for participat... Mark . Andrews
- Re: NGtrans - DNSext joint meeting, call for participat... D. J. Bernstein
- Re: NGtrans - DNSext joint meeting, call for participat... Mark . Andrews
- Re: NGtrans - DNSext joint meeting, call for participat... Mark . Andrews
- Re: NGtrans - DNSext joint meeting, call for parti... Mark . Andrews
- Re: NGtrans - DNSext joint meeting, call for participat... D. J. Bernstein
- Re: NGtrans - DNSext joint meeting, call for parti... Mark . Andrews
