On Tue, Aug 26, 2008 at 02:44:08PM -0400, Dean Anderson wrote: > I don't think I can give the exact correct mathematics without using a > book--and I don't have my crypto library right now--so I'll try to > armwave a bit:
If you're claiming that, after 10 years and review unto death, people with significant profile in the crypto community got the math wrong, I don't think you're going to get a warm reception. I think you need to demonstrate that there is an actual problem. Certainly, we'll need an argument somewhat stronger than, "The math could be wrong somewhere." I seem to remember you were going to spend this week producing a demonstration of an actual attack. It's early days yet; DNSSEC is not widely deployed. If you have such an attack, it would be a really significant service to all DNS operators to demonstrate it. To be clear, I'm not being even a little bit sarcastic: if you have such an attack, and it's not something that is already well-understood about the protocol, I believe that everyone wants to see it as soon as possible. I encourage you to perform your demonstration. A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
