Phillip Hallam-Baker wrote:
Past history is a very bad guarantee that problems will not arise in the
future.
So, you mean your statement:
: Trust roots have to be valid for at least a decade to be acceptable to
: the application vendor community.
hardly guarantee anything.
Be liberal in anticipating repeat of past problems,
Indeed.
Unnoticeable cache poisoning by glues is repeated even with
bailiwick and once again with DNSSEC.
be conservative in
your expectation that new problems will not arise.
The protection is to make protocols as simple as possible.
The following paper discusses about it to some extent.
http://ftp.csci.csusb.edu/ykarant/courses/f2007/csci530/papers/counterpane-ipsec.pdf
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf