blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
2.3.3 Special Considerations With Time-to-Live Connected: An Internet Encyclopedia
2.3.3 Special Considerations With Time-to-Live

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 2. Overview of the DNS Extensions
Up: 2.3 Data Origin Authentication and Integrity
Prev: 2.3.2 Authenticating Name and Type Non-existence
Next: 2.3.4 Special Considerations at Delegation Points

2.3.3 Special Considerations With Time-to-Live

2.3.3 Special Considerations With Time-to-Live

A digital signature will fail to verify if any change has occurred to the data between the time it was originally signed and the time the signature is verified. This conflicts with our desire to have the time-to-live field tick down when resource records are cached.

This could be avoided by leaving the time-to-live out of the digital signature, but that would allow unscrupulous servers to set arbitrarily long time to live values undetected. Instead, we include the "original" time-to-live in the signature and communicate that data in addition to the current time-to-live. Unscrupulous servers under this scheme can manipulate the time to live but a security aware resolver will bound the TTL value it uses at the original signed value. Separately, signatures include a time signed and an expiration time. A resolver that knows the absolute time can determine securely whether a signature has expired. It is not possible to rely solely on the signature expiration as a substitute for the TTL, however, since the TTL is primarily a database consistency mechanism and, in any case, non-security aware servers that depend on TTL must still be supported.


Next: 2.3.4 Special Considerations at Delegation Points

Connected: An Internet Encyclopedia
2.3.3 Special Considerations With Time-to-Live

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609