> ``Administrators normally insist on being able to change their records
> with at most a few days notice,'' my web page says, as a starting point
> for analyzing the expiration-date security issues.
Yes, it does indeed say that. It has to say it, because imposing
that ad-hoc restriction is necessary in order to drive to the
conclusion you want. Bu tthat doesn't make it so, especially when
different records record information with clearly different
volatility.
> Matt Crawford writes:
> > then the signatures on the A6 records covering interface identifiers
> > and subnets can be valid for a long time,
>
> No, they cannot, because that would allow an attacker to interfere with
> updates. This is the security issue analyzed on my web page.
No, it is not analyzed. What you assert is true, but you have not
explored the ramifications.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------