Hi George,
On Wed, Mar 1, 2023 at 17:40, George Michaelson <g...@algebras.org> wrote:
> My opposition is philosophical and practical.
>
> the philosophical part, is that this is a SIGNED ASSERTION by the zone
> authority. I don't think anything the zone authority says under a
> signature should be called a lie, because the basis of verification is
> that its exactly what was intended to be said about the state of the
> zone.
I agree with this.
We are talking about an assertion by those responsible for the zone contents
about things that do not exist. There are many different truthful assertions of
that kind that can be made. The interesting thing about this particular choice
is that it's a minimal assertion.
We are not talking about lies. Referring to these kinds of negative responses
as lies is confusing and unhelpful. They are signed responses, and the point of
signing them is that they are verifiably true.
I think "lies" refers to an assumption that a single NSEC makes a maximal
assertion about what does not exist and that either side of that expanse of
empty sand lies a soothing oasis of existence. However the protocol doesn't
require that to be the case. A single NSEC can cover a single grain of sand,
and the mystery of the desert can remain substantially intact.
Joe
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
