North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: wrt joao damas' DLV talk on wednesday
please reconcile > no bank in its right mind, for example, would allow its identity > to be held or represented by a middleman whose security policies > weren't auditable. with > this is why we're trying to sign up some registrars, starting > with alice's, who can send us blocks of keys based on their > pre-existing trust relationships. i think you might see why i am confused. do you propose to audit alice? as rick says, this is unfortunately trivial, as the signed registrations are zero <sigh>. btw, i fully admit that i have not thought through a detailed policy and process for a dlv registry. then again, i am not proposing to deploy one. yep, criticism is cheap. but then, i have not charged much :-). like some other technologies i'll not mention in this message, dnssec has been a typical non-deployable ivtf mis-design by committee for half the lifetime of the internet itself. [ i left a long trail of "this is badly broken. someone should have listened to masataka." but have no idea if his 1/3 baked scheme would have flown. ] and i sympathize with your desire to get any useful flight milage out of the disaster. but, as this is a security service, please register your flight plan. randy
|