On Thu, 8 Nov 2007, Mark Andrews wrote:
> > RFC 3833 Section 1:
> >
> > - While some participants in the meeting were interested in
> > protecting against disclosure of DNS data to unauthorized parties,
> > the design team made an explicit decision that "DNS data is
> > `public'", and ruled all threats of data disclosure explicitly out
> > of scope for DNSSEC.
>
> This is a "don't allow the data to be encrypted" clause.
> The data is still sent in the plain.
The RFC3833 text above is plain. There are three elements:
1) Protecting against disclosure of DNS data was discussed.
2) Explicit decision: "DNS data is `public'"
3) Threats of data disclosure explicitly out of scope.
NSEC3 is meant to protect against disclosure of DNS data (a topic
discussed). The NSEC3 draft was designed with the purpose of altering
the public nature of DNS data in order to enforce an improper database
copyright, contrary to the explicit decision cited. And NSEC3 addresses
a problem (data disclosure) that is explicitly out of scope for DNSSEC.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
