On Tue, Jun 30, 2015 at 04:27:10PM +, Edward Lewis wrote:
>
> So this is about words - what you call a negative registration is a
> registration nonetheless, with an responsible party.
Well, it's about conceptual clarity. If we want to call that
"negative registration" instead "skippy the wo
On Tue, Jun 30, 2015 at 10:53 AM, Edward Lewis wrote:
> On 6/30/15, 9:57, "Tony Finch" wrote:
>
>>John Dickinson wrote:
>>>
>>> I have been planning to write a draft to address 1 by having validators
>>>send
>>> the DS of known TA's in an edns0 option code. This info, could then be
>>>logged
>>>
On Tue, Jun 30, 2015 at 9:34 AM, John Dickinson wrote:
>
>
> On 29/06/2015 21:48, Warren Kumari wrote:
>>
>> I'd appreciate any feedback, the draft announcment is here:
>> Name: draft-wkumari-dnsop-trust-management
>> Revision: 00
>> Title: Simplified Updates of DNS Securi
On 6/30/15, 11:18, "DNSOP on behalf of Andrew Sullivan"
wrote:
>This is a different use of "positively|negatively registered" than I
>outlined. The case that I was talking about I think _does_ have an RP
>for the negaitve registration. But that registration is there to
>prevent delegation. A
Dear colleagues,
Just a reminder:
* The draft cutoff for IETF 93 is next Monday, July 6.
* WG meeting agendas are due the same day.
Please send agenda requests ASAP.
When you do, please note that we have quite a number of documents in flight and
were unable to get two meeting slots for Prag
On Tue, Jun 30, 2015 at 11:43:42AM +, Edward Lewis wrote:
> You can then divide the list into names that have a responsible party and
> those that don't - and call that (positively registered) and not (or
> negatively) registered.
This is a different use of "positively|negatively registered"
On 6/30/15, 9:57, "Tony Finch" wrote:
>John Dickinson wrote:
>>
>> I have been planning to write a draft to address 1 by having validators
>>send
>> the DS of known TA's in an edns0 option code. This info, could then be
>>logged
>> by the authoritative nameservers.
>
>Good idea, though just the k
unless, of course, DNSSEC allowed for signing individual records instead of
zones.
manning
bmann...@karoshi.com
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
On 30June2015Tuesday, at 6:57, Tony Finch wrote:
> John Dickinson wrote:
>>
>> I have been planning to write a draft to address
John Dickinson wrote:
>
> I have been planning to write a draft to address 1 by having validators send
> the DS of known TA's in an edns0 option code. This info, could then be logged
> by the authoritative nameservers.
Good idea, though just the key tags should be enough. (I think key
management
Olafur Gudmundsson wrote:
>
> I do not yet propose what name or record is used for this experiment but
> having it an “address of an object” would be good as that enables
> testing from browsers. (CNAME is just as good as an address)
But my point is you can't find out a validator's RFC 5011 state
On 29/06/2015 21:48, Warren Kumari wrote:
I'd appreciate any feedback, the draft announcment is here:
Name: draft-wkumari-dnsop-trust-management
Revision: 00
Title: Simplified Updates of DNS Security (DNSSEC) Trust Anchors
Document date: 2015-06-29
Group: Indi
> On Jun 30, 2015, at 8:53 AM, Tony Finch wrote:
>
> Olafur Gudmundsson wrote:
>
>> There is much simpler way.
>> Just add record to the rootzone that is only signed by the new key.
>> If resolver returns AD bit it has the new key.
>
> I don't think this works.
>
> If the new key is publis
Olafur Gudmundsson wrote:
> There is much simpler way.
> Just add record to the rootzone that is only signed by the new key.
> If resolver returns AD bit it has the new key.
I don't think this works.
If the new key is published in the root zone's DNSKEY RRset then it will
be signed by the old k
On 6/30/15, 7:48, "DNSOP on behalf of Ray Bellis" wrote:
>So can I, but that's because my computer's name service stub used mDNS
>to find it, not DNS.
Would the same code handle .onion? (Perhaps a new version via RPM push.)
Is relying on software updates scaleable?
This is the flip side of wh
On 30/06/2015 12:43, Edward Lewis wrote:
> Is being an entry a barrier to being used in the DNS? This is
> not clear - I can ssh to a .local machine.
So can I, but that's because my computer's name service stub used mDNS
to find it, not DNS.
Ray
___
On 6/29/15, 13:43, "DNSOP on behalf of Andrew Sullivan"
wrote:
>In my view, the namespace is the logical space of all possible domain
>names.
That certainly narrows the discussion for me.
>In those registries are two kinds of registrations: ones
>that are there to enable further delegation (a "
On 12/27/2014 01:24 PM, Mark Nottingham wrote:
> Hi Christian and Jake,
>
> We’ve still been discussing this in IETF-land. To reiterate - putting
> all six TLDs into one draft is killing your chances of succeeding.
>
> I’m starting to hear people talking about creating a separate draft
> to do just
17 matches
Mail list logo
