Tony Finch wrote:
On Sun, 10 Aug 2008, Ted Lemon wrote:
Paul's comment (the first of the three articles you quoted) implies that
secure NXDOMAIN is not a feature of Ohta-san's proposal. That seems like a
bit of a problem, because fake domains are definitely a useful phishing tool.
As far as I can tell from the draft linked below, it does support secure
NXDOMAIN and could be made to do so without allowing zone enumeration.
http://www.watersprings.org/pub/id/draft-ohta-simple-dns-02.txt
ZL is effectively NSEC, so suffers from the same problem. A ZL3 would be
required. With all its attendant problems.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
