[dns-operations] removal schedule for old tlsa rrs?

cert reloads. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] dnssec ecc

Are enough current verifiers capable of verifying ecdsa to make is reasonable to deploy ECDSAP256SHA256 or ECDSAP384SHA384 keys? -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net

Re: [dns-operations] Should medium-sized companies run their own recursive resolver?

en available which less technical sites can plop on their lan to do a basic task like dns. Perhaps a run-from-ram box with a line of write-locked SD cards each with a mostly-preconfigured single-purpose distribution. -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 ___

Re: [dns-operations] Should medium-sized companies run their own recursive resolver?

>>>>> "PH" == Paul Hoffman writes: PH> Should that company run its own recursive resolver for its PH> employees, or should it continue to rely on its ISP? *Every* site should run its own (preferably verifying) resolver. -JimC -- James Cloos

Re: [dns-operations] TLSA records on MX

records. As for tlsa w/o dnssec, that were some discussions early on here re- questing that dane support what we now call tlsa type 0 w/o dnssec, on the grounds that it still could be useful. My recollection is that the final consensus rejected that. But I don't have time to re-read things now,

Re: [dns-operations] DNSSEC DANE testing

s://developer.mozilla.org/en-US/docs/Extension_Packaging has the details for the tags w/in the tag for Thunderbird, Andriod, Mobile and SeaMonkey. -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 ___ dns-operations mailing list dns-operations@lists.dns