Paul Vixie wrote:

>>>my position hasn't changed. has yours?

>>You should change your posision now.

> that's what you said ten years ago, too. let me caution you now, as then,
> against any attempt at "proof by vigorous reassertion."

The bitter reality for you is that, if you admitted your mistake 10 years
ago, Kaminsky couldn't have used glue-A for his attack.

Kaminsky's originality beyond rfc3833 is to have provided a yet another
proof that your authority model is broken.

> i've demonstrated
> (again) that your proposed solution is more complex than what everybody now
> does

That many people are using a broken authority model means they
are insecure.

> i agree with florian's answer to this, where he said that the additional
> data section is mostly useless. i agree with your proposed policy, as
> stated above. the only A or AAAA RRs that should be sent or accepted in
> the additional data section are those which (a) referenced by an NS RR
> in the authority or answer sections, and (b) having owner names at or below
> the owner name of the NS RRset who references them.

Totally wrong. I never proposed such a broken policy.

Masataka Ohta

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.