In message <[EMAIL PROTECTED]>, Tony Fin
ch writes:
>On Fri, 2 Sep 2005, Harald Tveit Alvestrand wrote:
>>
>> Flight of imagination: DNSSEC-Signed records (with the SIG/KEY chain in
>> additional data?) would seem to be one possibility to "prove" that the data
>> being presented was "legitimate" under DNS delegation rules, even when you
>> don't have a present connection to the Internet.
>
>How can you verify the signature without an Internet connection with which
>to fetch the key?
If you have the zone key, you can do the verification offline.
>
>Why does it make sense to strive for globally-unique names when all that
>matters is uniqueness on the local link?
>
Bellovin's Laws of Networking:
1 Networks interconnect.
2 Networks *always* interconnect.
3 Interconnection happens from the edges, not the center
What's going to happen to your link-local uniqueness when someone adds
a bridge?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
