wrt joao damas' DLV talk on wednesday
Randy Bush
randy at psg.com
Tue Jun 13 21:49:40 UTC 2006
please reconcile
> no bank in its right mind, for example, would allow its identity
> to be held or represented by a middleman whose security policies
> weren't auditable.
with
> this is why we're trying to sign up some registrars, starting
> with alice's, who can send us blocks of keys based on their
> pre-existing trust relationships.
i think you might see why i am confused. do you propose to audit
alice? as rick says, this is unfortunately trivial, as the signed
registrations are zero <sigh>.
btw, i fully admit that i have not thought through a detailed
policy and process for a dlv registry. then again, i am not
proposing to deploy one. yep, criticism is cheap. but then, i
have not charged much :-).
like some other technologies i'll not mention in this message,
dnssec has been a typical non-deployable ivtf mis-design by
committee for half the lifetime of the internet itself. [ i left a
long trail of "this is badly broken. someone should have listened
to masataka." but have no idea if his 1/3 baked scheme would have
flown. ] and i sympathize with your desire to get any useful
flight milage out of the disaster. but, as this is a security
service, please register your flight plan.
randy
More information about the NANOG
mailing list