On Fri, 22 Aug 2008, Blacka, David wrote:
If you had actually followed any of the discussions about DNSSEC over
that last 13 years, you would know that this is false. Thinking about
how it could break is what the vast majority of work on this topic has
been about.
I have paid attention to
On Sun, 24 Aug 2008, Dean Anderson wrote:
It is well understood that you are vulnerable to a replay attack while
the old RRSIGs are still valid. Which argues for short signature
durations, not rekeying.
Ok. But when you resign using arbitrary data controlled by the
attacker, the