On Wed, 03 Aug 2011 09:42:55 +0200, Matthijs Mekking
said:
> On 08/02/2011 07:48 PM, Blacka, David wrote:
>>
>> On Jul 28, 2011, at 1:29 PM, Matthijs Mekking wrote:
>>
> My understanding of this paragraph is that there MUST be an
> RRSIG for each RRset using at least one key of each al
On Thu, 28 Jul 2011 19:29:31 +0200 (CEST), Matthijs Mekking
said:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> On Wed, 27 Jul 2011, Alexander Gall wrote:
>> Matthjis,
>>
>> On Wed, 27 Jul 2011 18:03:30 +0200 (CEST), Matthijs Mekking
>> said:
>&
Matthjis,
On Wed, 27 Jul 2011 18:03:30 +0200 (CEST), Matthijs Mekking
said:
> On Wed, 27 Jul 2011, Alexander Gall wrote:
>>> I don't understand which corner case this is supposed to cover. The
>>> relevant section of RFC4035 quoted in the draft says
>>>
I'm about to implement algorithm rollover according to section 4.1.5
of rfc4641bis into our homegrown DNSSEC key management system. In the
step named "new RRSIGs", the zone is supposed to include the signature
of DNSKEY_K_2 over the DNSKEY RRset containing DNSKEY_Z_1 and
DNSKEY_K_1. The explanatio
On Tue, 19 Aug 2008 15:43:14 -0400, Andrew Sullivan <[EMAIL PROTECTED]> said:
> On Tue, Aug 19, 2008 at 10:35:54AM -0700, David Conrad wrote:
>> it in their products or services. Peter Koch did provide an interesting
>> data point that warrants further investigation (20-35% of queries having DO
On Fri, 26 Jan 2007 09:20:46 -0500, Edward Lewis <[EMAIL PROTECTED]> said:
> At 14:12 +0100 1/26/07, Alexander Gall wrote:
>> What strategies to deal with unreachable servers do common
>> implementations use? I would have thought that most of them prefer
>> the server
On Fri, 26 Jan 2007 14:40:48 +0100, Stephane Bortzmeyer <[EMAIL PROTECTED]>
said:
> On Fri, Jan 26, 2007 at 02:12:53PM +0100,
> Alexander Gall <[EMAIL PROTECTED]> wrote
> a message of 1149 lines which said:
>> We happen to have full NetFlow data for this per
