Edward Lewis made me coment on:
Ironically - in the past year, the DNSOP WG considered a proposal
called "white lies" in which falsified negative answers were to be
used to prevent someone from using DNSSEC records to discover all of
What Ed didn't say but could have to avoid myth spread: the schemes described
in RFC 4471 and RFC 4472 (dnsext's work, btw, but never mind ;-) require the
zone maintainer's consent, so they are applied by the person in technical
control of the relevant part of the name space. At best it's the protocol
that is 'cheated', not the user.
There's a fine line between record synthesis and fraud.[0] We can
talk about the synthesis, but fraud isn't a technical issue.
Authenticated denial _is_ a technical issue. See keyword in the last line
of the first quote.
-Peter
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf