Paul Vixie wrote:

>>Kaminsky's originality beyond rfc3833 is to have provided a yet another
>>proof that your authority model is broken.


> that explaination is just not detailed or complete enough. please try again?


The bitter reality for you is that, if you admitted your mistake 10
years ago, Kaminsky couldn't have used glue-A for his attack.

>>That many people are using a broken authority model means they
>>are insecure.


> that explaination is just not detailed or complete enough. please try again?


The bitter reality for people using a broken authority model is that,
if they admitted their mistake 10 years ago, Kaminsky couldn't have
used glue-A for his attack.

> i was agreeing with what you had stated above, and then explaining how i
> related this policy change to my own. i think if you read my words
> carefully you will see that we are not so far apart.


First, you must forget broken concepts such as apex and bailiwick.

Then, you must read my words carefully.

> That is, except for glue-A, an additional record should be accepted only
> if its name exactly matches the query name.


Masastaka Ohta


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: