On 10 Mar 2017, at 12:38, Dave Lawrence wrote:
Paul Hoffman writes:
Is there a community of zone admins who want this so much that they
won't start signing until it exists?
I think that question is a little extreme and need not go that far to
determine whether something is worthwhile to pursu
Paul Hoffman writes:
> Is there a community of zone admins who want this so much that they
> won't start signing until it exists?
I think that question is a little extreme and need not go that far to
determine whether something is worthwhile to pursue.
My interest in NSEC5 is largely around the
> On 10 Mar 2017, at 18:33, Phillip Hallam-Baker wrote:
>
> Shhh. don't confuse with facts.
Presumably those are Trump-flavoured alternative facts? :-)
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
> On 10 Mar 2017, at 18:30, Frederico A C Neves wrote:
>
> I know others have already stated this but zone enumeration, at least
> at that time, was never the real reason for NSEC3, size of signing
> zones with mostly unsigned delegations was. This was only needed
> because of the wg lack of man
Shhh. don't confuse with facts.
On Fri, Mar 10, 2017 at 1:30 PM, Frederico A C Neves
wrote:
> On Fri, Mar 10, 2017 at 01:15:42PM -0500, Shumon Huque wrote:
> ...
> >
> > Apparently there are many folks in the community who think so, otherwise
> > NSEC3 would not have been developed. I personally
On Fri, Mar 10, 2017 at 01:15:42PM -0500, Shumon Huque wrote:
...
>
> Apparently there are many folks in the community who think so, otherwise
> NSEC3 would not have been developed. I personally don't care for any zones
I know others have already stated this but zone enumeration, at least
at that
Here are some of my arguments in support of NSEC5.
I would like to see us deploy an authenticated denial of existence
mechanism that is not eminently susceptible to offline dictionary
attack. My experience so far is that most people in the crypto
community do not look favorably on NSEC3. Not just
Especially with the prevalence of passive DNS services, I believe that
publishing something in the DNS makes it "public" - sure, you can hide
some things behind split-DNS, but putting `super-skrit-key.exmaple.com
IN 600 TXT "Hunter3"` is guaranteed to end poorly.
NSEC5 has some very cute tricks, b
On Fri, Mar 10, 2017 at 03:16:05PM +, Woodworth, John R wrote:
> > Is there a community of zone admins who want this so much that they
> > won't start signing until it exists?
>
> With the draft's aliasing of algorithms, why couldn't (wouldn't) a zone
> at least experimenting with this be able
A new Request for Comments is now available in online RFC libraries.
RFC 8078
Title: Managing DS Records from the
Parent via CDS/CDNSKEY
Author: O. Gudmundsson, P. Wouters
Status: Standards Track
Stream: IETF
On 3/10/2017 5:07 AM, Warren Kumari wrote:
Once a document becomes a WG document the authors are required to
incorporate WG consensus.
If this does not / is not happening, the chairs have the option /
responsibility to replace the authors with ones that do...
W
On Thu, Mar 9, 2017 at 3:27 PM,
> -Original Message-
> From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Paul Hoffman
>
> On 7 Mar 2017, at 7:29, Shumon Huque wrote:
>
> > We've requested an agenda slot at the DNSOP working group meeting at
> > IETF98 to talk about the NSEC5 protocol. Our chairs have requested
> >
Once a document becomes a WG document the authors are required to
incorporate WG consensus.
If this does not / is not happening, the chairs have the option /
responsibility to replace the authors with ones that do...
W
On Thu, Mar 9, 2017 at 3:27 PM, Paul Wouters wrote:
>
>
>> On Mar 9, 2017, a
13 matches
Mail list logo
