[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Dan Massey <masseyd@isi.edu>
Cc: Edward Lewis <lewis@tislabs.com>, Olaf Kolkman <OKolkman@ripe.net>, <dnssec@cafax.se>
From: Jakob Schlyter <jakob@crt.se>
Date: Wed, 18 Apr 2001 14:32:00 +0200 (CEST)
In-Reply-To: <20010417182257.A1236@snarl.east.isi.edu>
Sender: owner-dnssec@cafax.se
Subject: Re: lwresd, tsig, and caching

On Tue, 17 Apr 2001, Dan Massey wrote:

> Ted's Option A:
>   Having all 2k laptops do their own key chaining and verfication would
>   be a bad thing in terms of delay, caching, etc...  this doesn't seem
>   like something that should be encouraged.

why is this such a bad thing? I would say that local verification is
better and gives you more control who to trust. in this case, using the
on-site nameservers at forwarders helps caching and decreases delay.

in addition to this, I see a problem delegating the verification to some
nameserver(s) that someone tells me to use (i.e. using dhcp or whatever).
I might be able to query the server(s) securly, but I have no idea on what
they trust and why.

/Jakob

--
Jakob Schlyter <jakob@crt.se>                Network Analyst
Phone:  +46 31 701 42 13, +46 70 595 07 94   Carlstedt Research & Technology


Home | Date list | Subject list