[[ Of likely interest to this WG, for the people who unsubscribed from DPRIVE ]]
A new Request for Comments is now available in online RFC libraries.
RFC 9539
Title: Unilateral Opportunistic Deployment of Encrypted
Recursive-to-Authoritative DNS
> On 29 Feb 2024, at 09:23, John R Levine wrote:
>
> On Wed, 28 Feb 2024, Shumon Huque wrote:
>> Banning keytag collisions outright today would not be a good idea - we risk
>> rendering some sights unresolvable through no fault of their own. DNSSEC
>> already has plenty of detractors, and we do
On Wed, 28 Feb 2024, Shumon Huque wrote:
Banning keytag collisions outright today would not be a good idea - we risk
rendering some sights unresolvable through no fault of their own. DNSSEC
already has plenty of detractors, and we don't want to give them more
ammunition by creating problems in th
> On 29 Feb 2024, at 08:44, John R Levine wrote:
>
> On Thu, 29 Feb 2024, Mark Andrews wrote:
>>> If it is forbidden in the protocol, it might still happen.
>>
>> Ed, your reasoning is off. The point of forbidding is to allow the
>> validator to safely stop as soon as possible when it is un
> On 29 Feb 2024, at 08:22, Shumon Huque wrote:
>
> On Wed, Feb 28, 2024 at 3:59 PM Edward Lewis wrote:
> On 2/27/24, 17:09, "DNSOP on behalf of John Levine" on behalf of jo...@taugh.com> wrote:
>
> >The kind of load is different but in each case the client needs to
> >limit the amou
On Thu, 29 Feb 2024, Mark Andrews wrote:
If it is forbidden in the protocol, it might still happen.
Ed, your reasoning is off. The point of forbidding is to allow the validator
to safely stop as soon as possible when it is under attack.
We're going in circles here. You want to stop at 2 so
On Feb 28, 2024, at 13:25, Mark Andrews wrote:
> The point of forbidding is to allow the validator to safely stop as soon as
> possible when it is under attack.
If that is the point, why not just document that a validator is allowed to do
that, such as if it sees three matching keytags? That se
> On 29 Feb 2024, at 07:59, Edward Lewis wrote:
>
> On 2/27/24, 17:09, "DNSOP on behalf of John Levine" on behalf of jo...@taugh.com> wrote:
>
>> The kind of load is different but in each case the client needs to
>> limit the amount of work it's willing to do. We can forbid it in the
>>
On Wed, Feb 28, 2024 at 3:59 PM Edward Lewis wrote:
> On 2/27/24, 17:09, "DNSOP on behalf of John Levine" <
> dnsop-boun...@ietf.org on behalf of jo...@taugh.com> wrote:
>
> >The kind of load is different but in each case the client needs to
> >limit the amount of work it's willing to do.
On 2/27/24, 17:09, "DNSOP on behalf of John Levine" wrote:
>The kind of load is different but in each case the client needs to
>limit the amount of work it's willing to do. We can forbid it in the
>protocol but unless you have better contacts at the Protocol Police
>than I do, peo
On Wed, 28 Feb 2024, libor.peltan wrote:
Dne 27. 02. 24 v 21:24 John Levine napsal(a):
The total number of domains where I found duplicate tags was 105.
As I said earlier, is while I appreciate such research, I warn against
misinterpreting it. The main point isn't about the zones that are curr
Internet-Draft draft-ietf-dnsop-compact-denial-of-existence-02.txt is now
available. It is a work item of the Domain Name System Operations (DNSOP) WG
of the IETF.
Title: Compact Denial of Existence in DNSSEC
Authors: Shumon Huque
Christian Elmerot
Olafur Gudmundsso
Thanks for your comments David. I hope it will progress too, and good to
hear that that grease worked well for TLS and QUIC.
On random vs reserved values, we do intend to propose some reserved ranges
(there is a placeholder section in the draft for this already). And then
try to have a debate abou
On Feb 28, 2024, at 03:52, libor.peltan
wrote:
>
> Hi John,
> Dne 27. 02. 24 v 21:24 John Levine napsal(a):
>> The total number of domains where I found duplicate tags was 105.
>>
>>
> As I said earlier, is while I appreciate such research, I warn against
> misinterpreting it. The main point
Hi John,
Dne 27. 02. 24 v 21:24 John Levine napsal(a):
The total number of domains where I found duplicate tags was 105.
As I said earlier, is while I appreciate such research, I warn against
misinterpreting it. The main point isn't about the zones that are
currently experiencing a keytag-con
15 matches
Mail list logo
