To:
<dnssec@cafax.se>
From:
Roy Arends <Roy.Arends@nominum.com>
Date:
Tue, 7 Aug 2001 12:27:12 +0200 (CEST)
Delivery-Date:
Tue Aug 7 11:42:06 2001
In-Reply-To:
<200108070808.f7788DgT017814@catv8013.bij.ons>
Sender:
owner-dnssec@cafax.se
Subject:
Re: IETF: Goal & resolving discussion for this evening.
> Integrity is about finding out if data might be wrong. False data must be > detected. There are two different views for integrity at this moment: > > - Secured zones are common case, bad zones can be detected > - Unsecured zones are the common case, some are secured. > > The first one is as DNSSEC is right now, and conforms to the goal as > mentioned by Massey and Scott. > > It seems that with opt-in and nosig we are drifting towards the second view. No, not at all. Right now the second view already exists: DNS with occasional DNSSEC: "- Unsecured zones are the common case, some are secured." This will in my PoV allways be the case, though "some" would drift to "more and more", and maybe eventually lead to the view: "- Secured zones are common case, some are not secured." Optin/nosig provides a way to transition from DNS to DNSSEC without the current unnecessary burdon on a secured parent for their unsecured delegations. The optin/nosig relieves that burdon significantly. Regards, Roy Arends Nominum ------------- 0-14-023750-X 43.0D.01 01.05.0C 84.18.03 8A.13.04 2D.0B.0A