On 1/8/2020 4:22 PM, Wessels, Duane wrote:
On Jan 8, 2020, at 12:20 PM, Paul Vixie wrote:
can we please not put the ZONEMD RR at the apex, or else, can we please add an
ALG-ID to its rdata. because some day we're going to ship different kinds of
MD's, one of which is today's full-zone travers
> On Jan 8, 2020, at 12:20 PM, Paul Vixie wrote:
>
> can we please not put the ZONEMD RR at the apex, or else, can we please add
> an
> ALG-ID to its rdata. because some day we're going to ship different kinds of
> MD's, one of which is today's full-zone traversal-required version that
> op
On Wed, Jan 8, 2020 at 12:20 PM Paul Vixie wrote:
> [thread fork; subject changed]
>
> i've brought this up several times including in response to the very first
> draft version. i'd like to be sure it's been considered and rejected by
> the
> dns technical community, rather than merely forgotten
[thread fork; subject changed]
i've brought this up several times including in response to the very first
draft version. i'd like to be sure it's been considered and rejected by the
dns technical community, rather than merely forgotten.
ZONEMD as drafted is not incremental. so to compute it, th
On Wed, 8 Jan 2020, Michael StJohns wrote:
I'm running a private copy of the root zone for my organization. I
(automated) check the SOA every so often, and arrange for a download of the
zone when it changes. I (automated) get a copy of the zone data, including
an ZONEMD RR, everything valida
On 1/8/2020 2:07 PM, John R Levine wrote:
Could you give me a b) for each of these please? E.g. How does
ZONEMD make your life better in each of these and what would happen
if you - in a future world - were getting ZONEMD data and validation
failed?
Unless someone else says they find this l
On 1/7/2020 10:05 PM, Brian Dickson wrote:
My $0.02 on the size issue:
I think the onus should be on whoever is publishing a zone with a
ZONEMD to provide guidance on what to do if a failure occurs.
Similarly, publishers should be sensible on whether to include a
ZONEMD based on total size and
On 1/7/2020 6:38 PM, Wessels, Duane wrote:
On Jan 6, 2020, at 6:15 PM, Michael StJohns wrote:
This specification utilizes ZONEMD RRs located at the zone apex.
Non-apex ZONEMD RRs are not forbidden, but have no meaning in this
specification.
Instead - "non-apex ZONEMD RRs MUST b
On 1/7/2020 6:01 PM, Wessels, Duane wrote:
On Jan 6, 2020, at 6:15 PM, Michael StJohns wrote:
5) 3.1.2 - This is I believe different than how DNSSEC does it? If it's the
same, then this is fine, otherwise this protocol should be calculating the
RRSet wire representation the same as DNSS
On 1/7/2020 5:33 PM, Wessels, Duane wrote:
On Jan 6, 2020, at 6:15 PM, Michael StJohns wrote:
As I suggested in one of my messages, giving an idea of how long it takes to
digest various sizes of zones given commodity hardware would be a good start.
Going on and talking about the ratio of
Could you give me a b) for each of these please? E.g. How does ZONEMD make
your life better in each of these and what would happen if you - in a future
world - were getting ZONEMD data and validation failed?
Unless someone else says they find this level of anecdotal detail useful,
I'll pass.
On 1/6/2020 9:36 PM, John Levine wrote:
In article <7f298591-09b5-dd7c-0dab-afc60def8...@nthpermutation.com> you write:
OK.� The point is not to self-approve, but to get a few other
non-authors to actually see if they can figure out what you're talking
about here and whether they're ever going t
On Wed, Jan 08, 2020 at 08:50:05AM -0800, Ólafur Guðmundsson wrote:
> Due to the structure of DNS records this is hard to pull off,
Yes, at present.
> The only RR types that are suspect are the ones that can have 1440 of
> "garbage" at the end
Yes, at present, but the attacks may continue to im
On Tue, Jan 07, 2020 at 11:18:08AM -0500, Viktor Dukhovni wrote:
> This does not mean that staying with algorithm 7 (RSASHA1) is a good
> idea, but may buy more time to migrate in an orderly manner.
A thread today on dns-operations seems to suggest there's some confusion
about which uses of SHA-1
On Tue, Jan 7, 2020, 8:18 AM Viktor Dukhovni wrote:
> On Tue, Jan 07, 2020 at 02:54:43PM +, Tony Finch wrote:
>
> > The third paragraph of the abstract suggests this is relevant to DNSSEC
> RSASHA1:
> >
> > https://eprint.iacr.org/2020/014
>
> [ I've Bcc'd the authors, perhaps they'll follow
On Tue, Jan 7, 2020 at 10:06 PM Brian Dickson
wrote:
>
>
> On Tue, Jan 7, 2020 at 6:18 PM Paul Hoffman
> wrote:
>
>> On Jan 7, 2020, at 6:03 PM, Joe Abley > > wrote:
>> > I don't object to the intended status (standards track). There are
>> reports of multiple independent implementations include
[ Quoting in "Re: [DNSOP] SVCB wire format (draft..." ]
There are 0 or more sub TLV fields.
so, there equal when not specified and then diverge? I think the draft can be
more clear
in this regard. And maybe some text on why the TXT encoding wasn't choosen as
that seemed
to worked for SPF.
_
17 matches
Mail list logo
