On 07/05/2018 06:15 PM, Tony Finch wrote:
Tim Wicinski wrote:
The chairs have decided to set aside some time in Montreal and see if we
can work through this problem. We've asked Ondřej from ISC and Willem
from NLnetLabs to help guide the talk.
I was hoping that there would be another revi
-- Forwarded message --
From: william manning
Date: Thu, Jul 5, 2018 at 9:55 PM
Subject: Re: [DNSOP] Working Group Last Call on
draft-ietf-dnsop-terminology-bis
To: George Michaelson
true enough, there is a single, canonical dnssec signed zone which can
only be generated with e
On Jul 5, 2018, at 19:38, George Michaelson wrote:
> Only the zone authority can publish a DNSSEC signed zone.
I don't know what this means exactly, but I think it's wrong. I will
illustrate my thinking by using some of these words (like "publish")
in the way that I understand them, to see if t
> On 6 Jul 2018, at 10:28 am, Ted Lemon wrote:
>
> If special handling is required for ipv4only.arpa, isn't it also required for
> home.arpa? I tested this a bit and it doesn't appear to be necessary. I
> suppose a stub resolver could in principle walk down from the root and notice
> the
If special handling is required for ipv4only.arpa, isn't it also required
for home.arpa? I tested this a bit and it doesn't appear to be necessary.
I suppose a stub resolver could in principle walk down from the root and
notice the discrepancy in the NS records in the delegation, but in practic
Only the zone authority can publish a DNSSEC signed zone.
Anyone can claim to publish a view of a non-DNSSEC signed zone.
On Thu, Jul 5, 2018 at 7:11 PM, Dick Franks wrote:
>
> On 3 July 2018 at 16:40, Joe Abley wrote:
>>
>> On 3 Jul 2018, at 09:11, Matthew Pounsett wrote:
>>
>> > This is not
I will try to elaborate on the problems below.
Joel
On 7/5/18 6:28 PM, Ted Lemon wrote:
The text also says that it's fine to blindly forward DSO messages if the
middlebox isn't modifying the stream, e.g. in a NAT. It really is
quite clear on that point. The case where it's bad to blindly fo
Most of the special handling could be avoided if IANA was instructed to run the
servers for ipv4only.arpa on dedicated addresses. Hosts routes could then be
installed for those address that redirect traffic for ipv4only.arpa to the
ISP’s DNS64/ipv4only.arpa server.
Perhaps 2 address blocks cou
The text also says that it's fine to blindly forward DSO messages if the
middlebox isn't modifying the stream, e.g. in a NAT. It really is quite
clear on that point. The case where it's bad to blindly forward DSO
messages is when there is no stream that's the same stream on both sides of
the mi
In line. The general point is that the document should be clear to
readers who understand the space but do not live it at the detail of
those who authored it.
Joel
On 7/5/18 6:13 PM, Ted Lemon wrote:
Joel, it's immaterial whether the DSO engine responds in time or not.
If it responds in ti
Joel, it's immaterial whether the DSO engine responds in time or not. If
it responds in time, the ack and the response will be combined; if it does
not, then Nagle's algorithm will ensure that the ack goes out, and the
response will go out in a later packet. Either outcome is fine. There
is n
Reviewer: Joel Halpern
Review result: Ready with Nits
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a ne
Tim Wicinski wrote:
...
What we do know is:
- We're not going to do SRV records (sorry Mark).
- We're not going to ask the IAB to give a waiver on DNSSEC.
- We still bang into each other over this.
i think you will find that there is no dnssec-compatible way to solve
this problem wit
Thank you.
These were clearly nits (not substantive changes), and so I just went
ahead and incorporated / addressed them in the GitHub repo:
https://github.com/APNIC-Labs/draft-kskroll-sentinel
Thank you!
W
On Thu, Jul 5, 2018 at 1:49 PM Bob Harold wrote:
>
>
> On Mon, Jul 2, 2018 at 4:17 PM wro
On Mon, Jul 2, 2018 at 4:17 PM wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Domain Name System Operations WG of the
> IETF.
>
> Title : A Root Key Trust Anchor Sentinel for DNSSEC
> Author
Paul Vixie wrote:
> Tony Finch wrote:
>
> Paul Wouters wrote:
>
> I understand, I just disagree this is the right way. I don't see why
> this entire problem shouldn't be resolved at the well, resolver level.
>
> I don't see how that can be deployed in a way that is compatible with
> existing soft
Tim Wicinski wrote:
>
> The chairs have decided to set aside some time in Montreal and see if we
> can work through this problem. We've asked Ondřej from ISC and Willem
> from NLnetLabs to help guide the talk.
I was hoping that there would be another revision of the draft following
IETF 101, ba
[ + Terry ]
On Wed, Jul 4, 2018 at 11:46 AM Benno Overeinder wrote:
>
> And with this, the WG Last Call for draft-ietf-dnsop-kskroll-sentinel is
> closed (actually last Friday already).
>
> We will continue with the next step with the AD for this document, Terry
> Manderson.
I'd like to thank the
On 5 Jul 2018, at 8:28, Tim Wicinski wrote:
I admit I look at this
problem too much through the lens of someone who thinks about
operational
issues.
E, that's not a bad thing. This is DNSOP, not DNSEXT, after all.
The chairs have decided to set aside some time in Montreal and see if
we
All
Thanks for this highly entertaining and also information conversation. I
apologize for kicking up the dust but I feel this is one of those
conversations where the end-users/operators and protocol people are
disconnected.I do know when we talked with several DNS providers about
a standard
>draft-cheshire-sudn-ipv4only-dot-arpa document
Section 7.1:
"Name resolution APIs and libraries MUST recognize 'ipv4only.arpa' as
"special and MUST give it special treatment.
It seems to me that it is going way to far to require all DNS software to
implement support for a hack that abuses DNS f
On 3 July 2018 at 16:40, Joe Abley wrote:
> On 3 Jul 2018, at 09:11, Matthew Pounsett wrote:
>
> > This is not a complete review of the latest revision.. I'm hoping to get
> to that in a day or two. But I've got a question about whether something
> should be added to the document..
> >
> > A q
22 matches
Mail list logo
