> On 11 Jul 2019, at 4:00 am, Paul Vixie wrote:
>
> i like marka's proposed solution below, a lot. and muks' is also clever,
> though requiring wire protocol changes. however, fujiwara-san's proposal
> describes a broader array of fragmentation problems than just integrity, and
> we should
On Jul 9, 2019, at 3:46 AM, tirumal reddy wrote:
> My comments below:
>
> 1) Unless a DNS request for .{in-addr,ip6}.arpa/IN/RESINFO,
>or a subdomain, as described in Section 2 is sent over DNS-over-TLS
>(DoT) [RFC7858] or DNS-over-HTTPS (DoH) [RFC8484], or unless the
>.{in-addr,ip6}.
Hi Scott, some nits below
> On Jul 8, 2019, at 3:00 PM, Hollenbeck, Scott
> wrote:
>
> I've recently been reading draft-ietf-dnsop-rfc7816bis and I'd like to
> propose some additional text for the Security Considerations section in the
> spirit of this sentence from the abstract:
>
> "Futur
On Wed, Jul 10, 2019 at 10:56:26PM +0200, Benno Overeinder wrote:
> >From the feedback on the mailing list, the chairs believe that all
> feedback and comments have been addressed by the authors, either in the
> draft or on the mailing list.
With tremendous apologies for not spending a second on t
is the base64 encoding of 3 zero octet. If named was using a hex encoding
it would be 00.
--
Mark Andrews
> On 11 Jul 2019, at 06:45, Bob Harold wrote:
>
>
>> On Wed, Jul 10, 2019 at 2:21 AM Mark Andrews wrote:
>> I’ve written up a method to defeat UDP fragmentation attacks using
The authors of draft-ietf-dnsop-rfc2845bis recently posted a new version
-05 to the DNSOP WG mailing list.
>From the feedback on the mailing list, the chairs believe that all
feedback and comments have been addressed by the authors, either in the
draft or on the mailing list.
This starts a Workin
And the existing system is not consistently formatted, this would create
a parseable and consistent standard.
And would bypass GDPR concerns by registries.
On 7/10/19 3:14 PM, David Conrad wrote:
> Philip,
>
> On Jul 10, 2019, at 6:24 AM, Philip Homburg
> mailto:pch-dnso...@u-1.phicoh.com>> wrote
On Wed, Jul 10, 2019 at 2:21 AM Mark Andrews wrote:
> I’ve written up a method to defeat UDP fragmentation attacks using TSIG.
>
> https://tools.ietf.org/html/draft-andrews-dnsop-defeat-frag-attack-00
>
> If we are going to discuss methods to defeat such attacks this should be
> considered.
>
> -
Philip,
On Jul 10, 2019, at 6:24 AM, Philip Homburg wrote:
> With that in mind, it seems that this proposal doesn't address any technical
> issues with whois.
Maybe rate limiting by most (all?) whois servers?
Regards,
-drc
signature.asc
Description: Message signed with OpenPGP
__
On Fri, Jul 5, 2019 at 12:27 AM Warren Kumari wrote:
> On Thu, Jul 4, 2019 at 12:12 PM Dave Lawrence wrote:
> >
> > Paul Hoffman writes:
> > >However, implementations MUST NOT send stale data if they have
> received
> > >any answer from an authoritative server.
> >
> > I personally stron
Sorry for the late message, but I support both the intent and the draft.
One question:
Would it be feasible for recommending that full service resolvers check for
EDNS0 bufsize compliance, and treat violations as if they were TC=1?
E.g. Suppose I am a resolver, and send my query to an authority se
i like marka's proposed solution below, a lot. and muks' is also clever,
though requiring wire protocol changes. however, fujiwara-san's proposal
describes a broader array of fragmentation problems than just integrity, and
we should be looking at that broader array when making our plans.
i thin
On 10 Jul 2019, at 10:13, Philip Homburg wrote:
> Support for voluntary information has a cost to implement. It is possible
> that registrars don't want to provide that feature because it would not
> make them any money.
It's also possible that registrants don't want registrars to provide that
> The technical issue with
> whois is that its dark in many places and getting darker with
> minimal to no prospect of coming back (in a usable form).
>
> While GDPR applies only to EU natural persons because there is no
> way to distinguish between natural persons and legal persons and
> no way t
Subdelegation/federation of whois (or rdap) servers could solve the problem.
Whois still would remain effectively unstructured and unparseable but that’s
the status quo. It would require entities to set up another public facing
service.
That’s an approach, I can’t say its wrong. My philosophy
This is my understanding as well as the approach and legal assumption I used in
creating this draft.
—
John Bambenek
On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license
which means commercial use will require a license. Contact
sa...@bambenekconsulting.com for details
The technical issue with whois is that its dark in many places and getting
darker with minimal to no prospect of coming back (in a usable form).
While GDPR applies only to EU natural persons because there is “no way” to
distinguish between natural persons and legal persons and “no way” to
dist
> > As far as I know, there is no issue with whois and the GDRP when it comes
> > to voluntarily publishing information in whois.
>
> Nope. Its OK for you to publish your Personal Data. For anything
> else, you need to get informed consent first. And be able to prove
> that. And give the Data Subj
> On 10 Jul 2019, at 14:24, Philip Homburg wrote:
>
> As far as I know, there is no issue with whois and the GDRP when it comes
> to voluntarily publishing information in whois.
Nope. It’s OK for you to publish your Personal Data. For anything else, you
need to get informed consent first. And
> Im not sure the point
> aside of illustrating if there is no response for the domain records
> by the auth server that there would also be no response for a _whois
> record. Thats true.
>
> 1) Using _whois is completely optional, like SPF or any other
> record. 2) I cant envision much legitimat
I’m not sure the point aside of illustrating if there is no response for the
domain records by the auth server that there would also be no response for a
_whois record. That’s true.
1) Using _whois is completely optional, like SPF or any other record.
2) I can’t envision much legitimate need t
All
First, we want to thank Matthijs on putting together such a straight
forward and complete document.
After discussing this amongst ourselves, and with our AD, and reading the
specifics here:
https://www.ietf.org/blog/iesg-statement-designating-rfcs-historic/
We are going to take the path
The DNSOP WG has placed draft-mekking-dnsop-obsolete-dlv in state
WG Document (entered by Tim Wicinski)
The document is available at
https://datatracker.ietf.org/doc/draft-mekking-dnsop-obsolete-dlv/
Comment:
Will be following Step #2 of
https://www.ietf.org/blog/iesg-statement-designating-rfc
On Wed, Jul 10, 2019 at 04:21:11PM +1000, Mark Andrews wrote:
> I’ve written up a method to defeat UDP fragmentation attacks using TSIG.
>
> https://tools.ietf.org/html/draft-andrews-dnsop-defeat-frag-attack-00
>
> If we are going to discuss methods to defeat such attacks this should be
> conside
24 matches
Mail list logo
