Hello,
I read draft-dickson-dnsop-ds-hack-00 and it proposes that
- it assign three new DNSKEY algorithms (alg_ns, alg_A, alg_)
- it generate 3 new DS RRs for all parent side NS RR and glue (A/)
It will increase DS reponse 48bytes * 3 = 144 bytes. (in case of digest type 2)
owner I
This is the work I will be submitting in DNSOP.
This is what has been described as a “hack”, but provides a needed validation
link for authoritative servers where the latter are in signed zones, but where
the served zones may not be signed.
NB: It overlaps with the recent DPRIVE draft that Ben
My 2 cents as co-author of [1,2]:
We find more or less similar percentages of parent-child glue
inconsistencies (5-12% of SLDs, Table 12) compared to NS inconsistencies.
Therefore, I think that glue revalidation should be included in the process.
Best,
Raffaele
[1]
https://www.caida.org/catalog/
On Tue, Aug 10, 2021 at 3:48 PM Shumon Huque wrote:
> On Tue, Aug 10, 2021 at 1:55 PM Paul Hoffman
> wrote:
>
>> Greetings again. In the DPRIVE WG, we are discussing a proposal that
>> would make encrypting transport on a first lookup more likely using a DS
>> hack. Whether or not that becomes a
Sorry, I meant I support the draft
On Wed, Aug 11, 2021 at 3:45 PM Dmitry Belyavsky wrote:
> I support the adoption
>
> On Wed, Aug 4, 2021 at 5:29 PM Tim Wicinski wrote:
>
>>
>> All
>>
>> This starts a Working Group Last Call for
>> draft-ietf-dnsop-dnssec-iana-cons
>>
>> Current versions of t
I support the adoption
On Wed, Aug 4, 2021 at 5:29 PM Tim Wicinski wrote:
>
> All
>
> This starts a Working Group Last Call for draft-ietf-dnsop-dnssec-iana-cons
>
> Current versions of the draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-iana-cons/
>
> The Cur
Hello,
I support the draft. (as I wrote in November) I re-read the current
text, though I admit I could miss details relatively easily in process
matters.
--Vladimir | knot-resolver.cz
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/ma
