On Feb 22, 2010, at 7:06 PM, Mark Andrews wrote: > > In message <fd83b7a9-583c-4e6c-9301-414d043db...@dnss.ec>, Roy Arends writes:
>> This is absurd. If we're going to do this, I'd like the security consideratio >> ns to reflect all of the non-zero probabilities of errors occuring (those tha >> t have a higher probability). This includes software-bugs, hardware-bugs, pro >> bability of advances in factorization, randomness of PRNG for DNSKEYs, faulty >> calibration/low granularity of equipment measuring the transition between th >> e two hyperfine levels of the ground state of the caesium 133 atom. Gravitati >> onal Sphere of Influence of the 99942 Apophis on the Gravitational orbit of G >> PS satelites (Still having a higher probability than hash-collisions ;-)), Dr >> unk Sysadmins, Rouge Registrar, etc, etc. >> >> I'm sure that it will be a very large section. > > Apart from the slightly higher risk of software bugs because NSEC3 > is more complicated. The other items have no impact of the decision > to choose between NSEC and NSEC3 and as such are irrelevent. A slightly higher risk? Does a software bug probability of 1 count as a slightly higher risk? Note that the security considerations section in 4641-bis has a much wider scope than NSEC vs NSEC3. Roy _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
