I'd like to see something similar to what was done with HTTP (cf.
https://tools.ietf.org/html/rfc7230#section-1 ), in which one or two
foundational documents lay out the core concepts and data structures and
then cross-link with others that flesh out more specialized aspects with
an intent to p
On 31 March 2018 at 17:34, bert hubert wrote:
> First, I agree it is necessary. I don't think anyone would really disagree.
> The issue is the stupendous amount of work it would be and if we are going
> to do it.
>
> A secondary question is how hard we are going to make this on ourselves if
> we
On 31 March 2018 at 22:02, Paul Vixie wrote:
>
> furthermore, the IETF would have to update some STD document every time a
> new DNS-related RFC was published, just to enumerate the full set of things
> a new implementer should study and consider. that STD could be just a list
> of RFC's, or coul
>>
>> The current text in -09 reads:
>>
>> The DNS response is DNSSEC validated, regardless of whether
>> DNSSSEC validation was requested, and result of validation is
>> “Secure”
>>
After discussing this with Warren and Joao I’d like to propose a slightly
different wording to the
On Sun, Apr 01, 2018 at 01:33:17PM -0400, Warren Kumari wrote:
> I'm also somewhat confused what the caching the wildcard answer
> *means* - if I have *.example.com cached and then get a query for
> foo.example.com I still need to query for it (note that this is all
> before DNSSEC / Aggressive NSE
On Sun, Apr 1, 2018 at 1:59 PM, Paul Vixie wrote:
>
>
> Tony Finch wrote:
>
>> Paul Vixie wrote:
>>
>>> i suggest that bind, unbound, powerdns, and so on change their packaging
>>> to
>>> put the trust anchor in a different upgradeable package (.deb, .rpm, etc)
>>> than the software itself. unti
On Sun, Apr 01, 2018 at 01:33:17PM -0400, Warren Kumari wrote:
> Can folk help me understand what should happen with this errata?
> W
To elaborate further:
IMO there's no argument against caching if the cached record set (with
wildcard owner name) was not used in synthesis of RRs. I suspect RFC
1
Tony Finch wrote:
Paul Vixie wrote:
i suggest that bind, unbound, powerdns, and so on change their packaging to
put the trust anchor in a different upgradeable package (.deb, .rpm, etc)
than the software itself. until and unless the package manager is secured by
DANE rather than by ssh/pgp/x5
Hi all,
We have this errata:
https://www.rfc-editor.org/verify_errata_select.php?eid=5316
The document as published says:
"A * label appearing in a query name has no special effect, but can be
used to test for wildcards in an authoritative zone; such a query is the
only way to get a response con
In article <5abd22aa.7080...@redbarn.org> you write:
>> While I think I see a computer science basis for saying that an RR type
>> has a namespace, I'm continuing to find the point more confusing than
>> helpful, and fear that other readers will, too.
>>
>> At the least, can you point me to officia
Paul Vixie wrote:
>
> i suggest that bind, unbound, powerdns, and so on change their packaging to
> put the trust anchor in a different upgradeable package (.deb, .rpm, etc)
> than the software itself. until and unless the package manager is secured by
> DANE rather than by ssh/pgp/x509/etc, then
11 matches
Mail list logo
