[dnssec-deployment] aug2004 CAM of interest?
Paul Vixie
paul at vix.com
Tue Aug 17 18:27:54 EDT 2004
> ...
> > Multiple algorithms and mixing mandatory-to-implement with
> > experimental algorithms is a box owned by Pandora.
>
> amen. but we'd better open it anyway. (or am I the lone
> wolf on this?)
not this time.
the exhaustive analysis of how to change the alg-id field was never done.
just like the exhaustive analysis of how to change the root signing key
was never done. as a community, we know barely enough to get dnssec to
work outside a test lab, and we know far less than that about how it could
ever evolve beyond its day-1 DNA. this is frustrating and frightening,
and owes primarily to lack of incentive. the missing analyses wouldn't
create any equity for anybody the way being "first to market" could. in
fact, it's unlikely that the missing analyses would even get payrolled.
it's a long dark icky problem... which will be felt by someone in the
future... thus making it hard to budget current funding for.
More information about the Dnssec-deployment
mailing list