On Fri, Aug 07, 2020 at 10:07:04PM -0700, Fred Morris wrote:
> TLDR: Although DNS servers are supposed to support TCP, it is almost never
> utilized in practice unless a UDP response is first received with TC=1,
> and fragmentation exacerbates this.
Correct.
> On Sat, 8 Aug 2020, Viktor Dukhov
TLDR: Although DNS servers are supposed to support TCP, it is almost never
utilized in practice unless a UDP response is first received with TC=1,
and fragmentation exacerbates this.
I've discovered this myself during this recent period of intensive
interaction with SOHO networks. Apparently i
On Wed, Aug 05, 2020 at 12:53:17PM +0200, Petr Špaček wrote:
> It is way easier to test if "TCP works for all auths for a given
> domain" than to test if "IP fragments can traverse all relevant paths
> over the Internet for all relevant answer sizes". The second option is
> just infeasible/madness
In article you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>Folks,
>
>I wanted to draw attention to an Internet-Draft under development that seeks
>to remove the unique interdependency that
>the .arpa zone has with the root zone, by virtue of the zone being served by
>the root servers:
>
>
> ht
On 2020-08-07 at 14:08 -0400, Phillip Hallam-Baker wrote:
> I am of course aware of the cost of PKI ceremonies. I taught the
> VeriSign ceremony course. I am thinking of separating the ceremonies
> as a longer term goal and there is technology developed since we wrote
> the VeriSign ceremonies that
Kim Davies writes:
> Nothing in this proposal prejudices changes to how the KSK for the
> "arpa" zone may evolve in the future. I would suggest any effort
> to define new baseline requirements for the "arpa" KSK be handled
> separately as they are distinct from the objective of this draft. The
> go
Hi Phillip,
Quoting Phillip Hallam-Baker on Friday August 07, 2020:
>
> What has never been fully appreciate is that while the root zone is the
> apex of the naming hierarchy. The .arpa zone is potentially the apex of the
> trust hierarchy.
Any zone has the potential to be the apex of a trust hi
I think it is a very worthwhile and necessary effort. But the security
considerations are woefully insufficient.
What has never been fully appreciate is that while the root zone is the
apex of the naming hierarchy. The .arpa zone is potentially the apex of the
trust hierarchy.
Separating the two
Folks,
I wanted to draw attention to an Internet-Draft under development that seeks to
remove the unique interdependency that the .arpa zone has with the root zone,
by virtue of the zone being served by the root servers:
https://www.ietf.org/id/draft-iana-arpa-authoritative-servers-
