Hi,
I believe there may of been some take away from Vancouver on direction.
I have a hand written note on this, but it was lost in the discussion on
Key Exchanges.
I will followup with you after tonight's meeting, and apologies for
dropping this.
tim
On 3/6/14, 5:57 PM, fujiw...@jprs.co.jp wrote:
From: Tony Finch <d...@dotat.at>
It is an interesting draft and I can see why the problem concerns you. The
dummy DS is a clever work-around, but it is a pity about the validation bug in
Google public DNS.
Thanks. I'm not sure that the validation error is a bug or not.
I wonder about the possibility of adjusting the rules for caching delegations.
Would it make sense to remember that a referral is insecure for the lifetime of
the NS RRset, instead of the lifetime of the negative DS answer?
This idea requires updating RFC 2308.
I'm afraid that when newly registered DS RR will be used if the
negative DS answer is cached.
--
Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
