Greg:
> > Also, note that none of this is ever going to be any protection
> > against someone deliberately setting out to maliciously alter data -
> > only dnssec type techniques can achieve that. In the non-signed
> > cases, all we're really interested in is inadvertent data errors
> > (mistakes).
>
> I think you're in the margin on this one. Without poison protection
> similar to the djb variety,
As Dan finally understood just recently, poison protection
is easy, if one understand the problem correctly.
His approach is overkill and broken.
> parties have done so. With bailiwick-related poison protection,
Could you stop saying "bailiwick"?
> maliciously altering data requires (a) forging DNS responses (by
> sniffing the network path between sender and receiver, or by spamming
It is called weak security.
> it becomes trivial to mass-produce cache
> poison,
Yes. But, Paul ignored it when I said so about 10 years ago
and later added wrong fixes.
Masataka Ohta
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------