On Sun, Feb 21, 2010 at 4:22 PM, Mark Andrews wrote:
>
> In message <315ad36e-879a-4512-a6a8-b64372e3d...@sinodun.com>, John Dickinson
> w
> rites:
>> Hi,
>>
>> It might also be worth adding a line at the start reminding of the need for N
>> SEC and NSEC3 - namely that the signing and serving of
On Feb 21, 2010, at 7:22 PM, Mark Andrews wrote:
> NSEC3
> has a non zero false positive rate due to the fact that the names
> are hashed.
Are you going on again about the possibility of hash collisions is SHA-1?
Roy
___
DNSOP mailing list
DNSOP@ietf
In message <315ad36e-879a-4512-a6a8-b64372e3d...@sinodun.com>, John Dickinson w
rites:
> Hi,
>
> It might also be worth adding a line at the start reminding of the need for N
> SEC and NSEC3 - namely that the signing and serving of the zone are separate
> operations and that it is therefore nece
Hi,
It might also be worth adding a line at the start reminding of the need for
NSEC and NSEC3 - namely that the signing and serving of the zone are separate
operations and that it is therefore necessry to create records that cover the
very large number of non-existent names that lie between th
On 2/20/2010 8:48 AM, Paul Wouters wrote:
On Sat, 20 Feb 2010, Alex Bligh wrote:
There are two meachanisms to provide authenticated proof of
exsitance/non-existance in DNSSEC.
I don't believe either provides proof of existence (apart from
existence of the NSECx record).
Yep - agreed.
If yo
