In message <Pine.LNX.4.60.0509021204280.13347@xxxxxxxxxxxxxxxxxxxxxx>, Tony Fin ch writes: >On Fri, 2 Sep 2005, Harald Tveit Alvestrand wrote: >> >> Flight of imagination: DNSSEC-Signed records (with the SIG/KEY chain in >> additional data?) would seem to be one possibility to "prove" that the data >> being presented was "legitimate" under DNS delegation rules, even when you >> don't have a present connection to the Internet. > >How can you verify the signature without an Internet connection with which >to fetch the key? If you have the zone key, you can do the verification offline. > >Why does it make sense to strive for globally-unique names when all that >matters is uniqueness on the local link? > Bellovin's Laws of Networking: 1 Networks interconnect. 2 Networks *always* interconnect. 3 Interconnection happens from the edges, not the center What's going to happen to your link-local uniqueness when someone adds a bridge? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf