On Jan 21, 2013, at 2:55 PM, Paul Wouters wrote:
> On Mon, 21 Jan 2013, Warren Kumari wrote:
>
>> 1: Everyone does strict implementations.
>>
>> 2: When the signature expires everyone does the following:
>> A: You calculate by how much the zone has expired, normalize it, then
>> multiply by 2
On Mon, 21 Jan 2013, Warren Kumari wrote:
1: Everyone does strict implementations.
2: When the signature expires everyone does the following:
A: You calculate by how much the zone has expired, normalize it, then multiply
by 255 and call this EXPIRED-AMNT.
B: You take the primary IP of your rec
On Jan 21, 2013, at 5:26 AM, Jaroslav Benkovský
wrote:
> On 01/19/2013 09:28 PM, Matthäus Wander wrote:
>> I think it's more like "I'll tolerate an expired signature for 10% of
>> the original validity period and use that extra time to let other people
>> notice and fix it".
>> Assuming that 1)
On 01/19/2013 09:28 PM, Matthäus Wander wrote:
> I think it's more like "I'll tolerate an expired signature for 10% of
> the original validity period and use that extra time to let other people
> notice and fix it".
> Assuming that 1) the majority of validators do *not* tolerate expired
> signature
* Joe Abley [2013-01-19 03:31]:
> I'll assume (since I didn't see the original mail) that the proposal is to
> make validators tolerant by 10%, rather than to change anything on the
> authority server or on the signers. (If you want to extend the validity of a
> signature by 10% when you sign th
On 2013-01-19, at 06:05, Edward Lewis wrote:
> The posed question is whether expanding the lifetime of a signature by "10%"
> is a good idea.
I'll assume (since I didn't see the original mail) that the proposal is to make
validators tolerant by 10%, rather than to change anything on the autho
On Jan 18, 2013, at 12:18, Dobbins, Roland wrote:
>
> On Jan 18, 2013, at 11:05 AM, Edward Lewis wrote:
>
>> Adding security to an existing system will, inherently, make it more
>> brittle.
>
> I strongly disagree with this statement. Increasing resilience under duress
> should be a key go
On Jan 18, 2013, at 11:05 AM, Edward Lewis wrote:
> Adding security to an existing system will, inherently, make it more brittle.
I strongly disagree with this statement. Increasing resilience under duress
should be a key goal of any security enhancement; if it doesn't do this, then
it hasn'
It's an acceptable idea - certainly not a bad one.
Adding security to an existing system will, inherently, make it more brittle.
What ever can be done to soften the brittleness while retaining the basic need
for security should be done for the sake of resilience and availability of the
system
