To:
itojun@iijlab.net
Cc:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Matt Crawford <crawdad@fnal.gov>
Date:
Fri, 20 Jul 2001 15:05:00 -0500
In-reply-to:
"20 Jul 2001 11:31:35 PDT." <E15Nf3n-000GPJ-00@psg.com>
Sender:
crawdad@gungnir.fnal.gov
Subject:
Re: NGtrans - DNSext joint meeting, call for participation
> >Your reasoning is markedly incorrect if applied to A6. If we take > >site renumbering to be the dominant factor controlling > >signature-validity times, then the signatures on the A6 records > > from what I got from reading djb's webpage, djb's point is that > the dominant factor controlling signature-validity time is security, > and for that reason he claims it needs to be very short (so there's The reason is security, in that you can't make the record go away until the signature becomes invalid. So if it's all right for your interface ID and/or subnet information to persist for a month, but you want to be able to change your global prefix(es) on a day's notice, you get a 30-to-1 work savings on almost all of your RRsets. (Yes, a day is awfully short for a non-mobile site, but awfully long for a mobile one.)