Roy Arends wrote:
> I find it worrying that folks intend to test or practice operational
> procedures by doing it often on a live production system. What if that
> test or practice fails? "Whoops, we were testing it on the live system,
> we failed, good thing we called it a test"
>
> There is also
In message , Chris Thom
pson writes:
> We have had at least one person from ISC in the past saying they won't be
> in any hurry to get rid of dlv.isc.org just because the root is signed.
> [I'll try and find the reference(s) if anyone doubts that.] No doubt
> they will stop importing the IANA ITAR
On 2009-10-07, at 16:25, Paul Hoffman wrote:
At 2:22 PM +0100 10/7/09, Joe Abley wrote:
From this perspective we might roll a ZSK more frequently than a
KSK because the ZSK needs to be stored on-line to facilitate re-
signing when the zone changes. With the KSK we have the option of
keepin
On Wed, Oct 07, 2009 at 05:33:59PM +0200,
Roy Arends wrote
a message of 19 lines which said:
> Full deployment july 1st. That means inclusion of DS records.
That's not what I understood from the talk and from the question and
from the discussion IRL with Joe Abley afterwards.
Was someone els
That was my question. Matt's answer was that he did not remember that
detail of the design. Not remembering the detail that happened to be
omitted from the slide is not really the same as not in the design. I
am sure Matt and Joe know that signing the root means nothing without
the DS re
On 7 Oct 2009, at 16:13, Stephane Bortzmeyer wrote:
As someone in the public (at the RIPE meeting) mentioned, the timeline
presented by ICANN/Verisign said nothing about the inclusion of DS
records in the root (remember that each KSK rollover will require the
prior approbation, in writing, of th
On Wed, Oct 7, 2009 at 6:22 AM, Joe Abley wrote:
> [from a namedroppers thread, re-pointed as per Olaf's suggestion below]
>
> On 2009-10-07, at 09:23, Olaf Kolkman wrote:
>
>> On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
>>
>>> I don't have a general position on ZSKs--perhaps it's a good ide
On Oct 7, 2009, at 5:13 PM, Stephane Bortzmeyer wrote:
On Wed, Oct 07, 2009 at 02:13:53PM +0200,
Roy Arends wrote
a message of 13 lines which said:
Since a date was announced yesterday (July 1st) for a fully deployed
signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
As someon
At 2:22 PM +0100 10/7/09, Joe Abley wrote:
>From this perspective we might roll a ZSK more frequently than a KSK because
>the ZSK needs to be stored on-line to facilitate re-signing when the zone
>changes. With the KSK we have the option of keeping it off-line, and arguably
>the risk of compromi
On Wed, Oct 07, 2009 at 02:13:53PM +0200,
Roy Arends wrote
a message of 13 lines which said:
> Since a date was announced yesterday (July 1st) for a fully deployed
> signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
As someone in the public (at the RIPE meeting) mentioned, the
wasn't talking about DLV
On 7 Oct 2009, at 14:44, Joe Baptista wrote:
On Wed, Oct 7, 2009 at 9:32 AM, joao damas wrote:
Since a date was announced yesterday (July 1st) for a fully deployed
signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
I would hope it stays around. Hav
On Oct 7 2009, joao damas wrote:
On 7 Oct 2009, at 13:35, Jim Reid wrote:
On 7 Oct 2009, at 13:13, Roy Arends wrote:
Since a date was announced yesterday (July 1st) for a fully
deployed signed root, can we expect ITAR to Go Away on Januari 1st
2011 ?
Will DLV go away then too?
DLV doesn'
On 2009-10-07, at 15:21, Roy Arends wrote:
I find it worrying that folks intend to test or practice operational
procedures by doing it often on a live production system. What if
that test or practice fails? "Whoops, we were testing it on the live
system, we failed, good thing we called it
On Oct 7, 2009, at 3:22 PM, Joe Abley wrote:
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a good idea
for
some other reason--but I don't
think that rolling the keys over at high rates pr
Joe Abley wrote:
[from a namedroppers thread, re-pointed as per Olaf's suggestion below]
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a good idea for
some other reason--but I don't
think t
On Wed, Oct 7, 2009 at 9:32 AM, joao damas wrote:
>
> Since a date was announced yesterday (July 1st) for a fully deployed signed
>> root, can we expect ITAR to Go Away on Januari 1st 2011 ?
>>
>
> I would hope it stays around. Having an "out of band" way of contrasting
> the info in the root zon
On 7 Oct 2009, at 13:13, Roy Arends wrote:
I understand that six month after root-signing is fully deployed,
that the ITAR will cease to exist.
Since a date was announced yesterday (July 1st) for a fully deployed
signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
I would ho
DLV doesn't only address the lack of a signed root. In fact I would
argue that the (un)signed root is the smallest of the problems it
addresses.
Joao
On 7 Oct 2009, at 13:35, Jim Reid wrote:
On 7 Oct 2009, at 13:13, Roy Arends wrote:
Since a date was announced yesterday (July 1st) for a
[from a namedroppers thread, re-pointed as per Olaf's suggestion below]
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a good idea for
some other reason--but I don't
think that rolling the ke
On Wed, 7 Oct 2009, Jim Reid wrote:
> On 7 Oct 2009, at 13:13, Roy Arends wrote:
>
> > Since a date was announced yesterday (July 1st) for a fully deployed signed
> > root, can we expect ITAR to Go Away on Januari 1st 2011 ?
>
> Will DLV go away then too?
I doubt it because it's likely to still be
I already have posted a response to the original analysis by EKR,
which has much overlap with the comments sent to this list by Olaf.
Please see the original URL for the thread there, including
my reasoning about operational impact and human factors:
http://www.educatedguesswork.org/2009/10/on_th
On 7 Oct 2009, at 13:13, Roy Arends wrote:
Since a date was announced yesterday (July 1st) for a fully deployed
signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
Will DLV go away then too?
___
DNSOP mailing list
DNSOP@ietf.org
https
I understand that six month after root-signing is fully deployed, that
the ITAR will cease to exist.
Since a date was announced yesterday (July 1st) for a fully deployed
signed root, can we expect ITAR to Go Away on Januari 1st 2011 ?
Thanks,
Roy
___
* Roy Arends:
> On Oct 7, 2009, at 8:57 AM, Florian Weimer wrote:
>
>> * Roy Arends:
>>
>>> At least for Nominet, I want (2) to do cross-checking, be able to
>>> check what things look like before they enter the pipeline,
>>> preferably
>>> using the same channel as (1). Before I push the 'publish
On Oct 7 2009, Olaf Kolkman wrote:
[...]
At 4:09 PM -0400 10/6/09, Nicholas Weaver wrote:
Eric Rescorla has an explanation why the zone signing key rollover
mechanism in DNSSEC for the root is a bad idea: It doesn't
improve security and only makes things more complicated:
http://www.educa
On Oct 7, 2009, at 9:23 AM, Olaf Kolkman wrote:
hope I can address a few of the issues before Yokohama.
s/Yokohama/Hiroshima/
Should I call my travel office? ;-)
--Olaf
Olaf M. KolkmanNLnet Labs
On Oct 7, 2009, at 8:57 AM, Florian Weimer wrote:
* Roy Arends:
At least for Nominet, I want (2) to do cross-checking, be able to
check what things look like before they enter the pipeline,
preferably
using the same channel as (1). Before I push the 'publish' button, I
want to check it in p
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
[ Moderators note: Post was moderated, either because it was posted by
a non-subscriber, or because it was over 20K.
With the massive amount of spam, it is easy to miss and therefore
delete relevant posts by non-subscribers.
Please fix
28 matches
Mail list logo
