[DNSOP] Re: I-D Action: draft-ietf-dnsop-ns-revalidation-08.txt

IETF. Title: Delegation Revalidation by DNS Resolvers Authors: Shumon Huque Paul Vixie Willem Toorop Name:draft-ietf-dnsop-ns-revalidation-08.txt Pages: 13 Dates: 2025-01-08 Abstract: This document recommends improved DNS resolver

[DNSOP] OARC 44 Call for Contribution deadline extension - Dec 9, 2024

on the DNS, DNSSEC signing and validation. * *Privacy*: Encrypted transports, qname minimization, data anonymization. * *Resilience*: Provisioning planning, load-balancing services, features (e.g. serve-stale) For further details please see https://www.dns-oarc.net/oarc44 Willem

[DNSOP] Deadline Reminder: OARC 44 Call for Contribution - Dec 2, 2024

S experience, attacks on the DNS, DNSSEC signing and validation. * *Privacy*: Encrypted transports, qname minimization, data anonymization. * *Resilience*: Provisioning planning, load-balancing services, features (e.g. serve-stale) For further details please see https://www.dns-oarc.net/oarc44 W

[DNSOP] Re: Fwd: New Version Notification for draft-ietf-dnsop-ns-revalidation-07.txt

Thanks for the reference Gio (and Raffaele who also pointed this out to me), We're citing your paper now in our work-in-progress copy (see https://github.com/shuque/ns-revalidation/commit/5e52689 ), so it will be part of the next version. -- Willem Op 08-07-2024 om 12:55 schreef Giovane C. M

[DNSOP] Fwd: New Version Notification for draft-ietf-dnsop-ns-revalidation-07.txt

Notification for draft-ietf-dnsop-ns-revalidation-07.txt Datum: Mon, 08 Jul 2024 01:45:12 -0700 Van:internet-dra...@ietf.org Aan: Paul Vixie , Shumon Huque , Willem Toorop A new version of Internet-Draft draft-ietf-dnsop-ns-revalidation-07.txt has been successfully submitted by Willem Toorop and

[DNSOP] Re: [Ext] [DNSOP]Requesting final comments on draft-ietf-dnsop-rfc8109bis

Sorry, I noticed my first comment was particularly deformed. Below that first comment corrected into something (hopefully) more readable. Op 07-06-2024 om 10:33 schreef jab...@strandkip.nl: More substantially, this section describes a series of vulnerabilities that would be mitigated by signin

[DNSOP] Re: [Ext] [DNSOP]Requesting final comments on draft-ietf-dnsop-rfc8109bis

Hi Joe, Comments inline. Op 07-06-2024 om 10:33 schreef jab...@strandkip.nl: Hi Tim, all, On Jun 7, 2024, at 01:11, Tim Wicinski wrote: On Wed, Jun 5, 2024 at 12:28 PM Paul Hoffman wrote: Tim jumped the gun by about an hour: we just submitted the -05. It incorporates the suggested text

Re: [DNSOP] Comment on Ranking data

Thank you Fujiwara-san, I agree that some data should be discarded depending on use case. I also think the draft should be more explicit on what data is actually meant in those ranks (i.e. referral responses with "B: Data from the authority section of a non-authoritative answer, Additional inf

Re: [DNSOP] I-D Action: draft-ietf-dnsop-ns-revalidation-06.txt

Op 18-03-2024 om 17:01 schreef Florian Obser: On 2024-03-17 20:12 -07,internet-dra...@ietf.org wrote: Internet-Draft draft-ietf-dnsop-ns-revalidation-06.txt is now available. It is | 7. Security Considerations | [...] | In case of non DNSSEC validating | resolvers, an attacker controlling a

Re: [DNSOP] Fwd: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt

-dnsop-ranking-dns-data-00.txt Date: Mon, 04 Mar 2024 13:12:26 -0800 From: internet-dra...@ietf.org To: i-d-annou...@ietf.org Internet-Draft draft-toorop-dnsop-ranking-dns-data-00.txt is now available.   Title:   Ranking Domain Name System data   Authors: Paul Hoffman    Shumon Huque  

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc8109bis-04.txt

Thanks Paul, I feel Section 3.3. "DNSSEC with Priming Queries" may not do the effects of redirected query traffic enough justice. RFC 8109 already didn't do it enough justice I think. For starters, the second paragraph already assumes a "machine-in-the-middle" attack, but there may also be o

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

Op 08-06-2023 om 11:59 schreef Benno Overeinder: Dear DNSOP WG, The authors and the chairs feel this document has reached the stage where it's ready for Working Group Last Call. This starts a Working Group Last Call for: draft-ietf-dnsop-dns-error-reporting. Dear all, I find this is a ver

Re: [DNSOP] Call for Adoption: draft-klh-dnsop-rfc8109bis

I am also in favor of adoption. I am a member of a consortium carrying out a study on behalf of ICANN on the naming scheme used for the root servers (the RSSAC028 Implementation study ).

Re: [DNSOP] New Version Notification - draft-ietf-dnsop-dns-catalog-zones-09.txt

Op 09-02-2023 om 17:50 schreef Tim Wicinski: On Thu, Feb 9, 2023 at 9:56 AM Paul Wouters <mailto:p...@nohats.ca>> wrote: On Thu, 9 Feb 2023, Willem Toorop wrote: >>  Or it could use “_catalog.example.com <http://catalog.example.com>”  ? > >

Re: [DNSOP] New Version Notification - draft-ietf-dnsop-dns-catalog-zones-09.txt

Op 09-02-2023 om 14:46 schreef Paul Wouters: On Feb 9, 2023, at 06:33, Willem Toorop wrote: Op 07-02-2023 om 16:45 schreef Paul Wouters:> I find the valid use of the name "invalid" to be pretty horrible. An engineer looking at a catalog might quickly believe the invalid is a

Re: [DNSOP] New Version Notification - draft-ietf-dnsop-dns-catalog-zones-09.txt

Op 09-02-2023 om 12:38 schreef Willem Toorop: Op 08-02-2023 om 14:27 schreef Paul Wouters: While re-reading the properties / version bits, I noticed this text in section 4.3.2.1 <http://4.3.2.1>:        In this scenario, consumer(s) shall, by agreement, not sign the member zone "

Re: [DNSOP] New Version Notification - draft-ietf-dnsop-dns-catalog-zones-09.txt

Op 08-02-2023 om 14:27 schreef Paul Wouters: While re-reading the properties / version bits, I noticed this text in section 4.3.2.1 :       In this scenario, consumer(s) shall, by agreement, not sign the member zone "example.com ." with DNSSEC. Since the

Re: [DNSOP] New Version Notification - draft-ietf-dnsop-dns-catalog-zones-09.txt

indeed!, but in the uploaded XML it was no different than other quotes. Note also that the mangled quote does not appear in the txt and html rendering of the document. So I guess it's a bug in the iddiff viewer... Willem Toorop on behalf of the draft-

Re: [DNSOP] Secdir last call review of draft-ietf-dnsop-dns-catalog-zones-08

NS they are not expanded at first use in this document. For definitions of those and other terms, see [RFC8499]." Thank you for your review and kind regards, Willem Toorop on behalf of the draft-ietf-dnsop-dns-catalog-zones co-authors. __

Re: [DNSOP] Genart last call review of draft-ietf-dnsop-dns-catalog-zones-08

in commit https://github.com/NLnetLabs/draft-toorop-dnsop-dns-catalog-zones/commit/3f55e43 Lars and Roman, I believe we have responded to all your IESG comments now. Can you confirm? Thanks Willem Toorop on behalf of the draft-ietf-dnsop-dns-catalog-zones co-authors __

Re: [DNSOP] Murray Kucherawy's Discuss on draft-ietf-dnsop-dns-catalog-zones-08: (with DISCUSS and COMMENT)

Why are the protections of zone transfers and updates only SHOULDs? It depends on the operational reality. Zone transfers may be using a completely separate distribution network which is shielded from external DNS access (with VPNs or UPDATES from an internal network or local machine even).

Re: [DNSOP] Paul Wouters' Discuss on draft-ietf-dnsop-dns-catalog-zones-08: (with DISCUSS and COMMENT)

Hi Paul, Hi Murray, Hereby the responses to Paul's review. I've CC'ed you Murray, because you mentioned explicitly that you support Paul's DISCUSS positions. Op 04-01-2023 om 05:05 schreef Paul Wouters via Datatracker: DISCUSS: -

Re: [DNSOP] Dnsdir last call review of draft-ietf-dnsop-dns-catalog-zones-08

Hi David, Response inline at the bottom. Op 03-01-2023 om 19:42 schreef Blacka, David: On Jan 3, 2023, at 12:48 PM, Peter Thomassen wrote: Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the cont

Re: [DNSOP] AD Review of draft-ietf-dnsop-dns-catalog-zones

Thanks Warren, We have addressed your change requests in the freshly submitted version -08. I'll go over them individually as well as answer your questions inline below. (most of them copied verbatim from the PR for these changes: https://github.com/NLnetLabs/draft-toorop-dnsop-dns-catalog-zo

Re: [DNSOP] New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-01.txt

Dear dnsop, We submitted a new version of a “dry-run DNSSEC” draft. The draft describes a method that allows for testing DNSSEC deployments in real world DNS(SEC) deployments without affecting the DNS service in case of DNSSEC errors. Any encountered errors are signaled to the DNS operator of the

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-06.txt

Op 10-07-2022 om 10:56 schreef Willem Toorop: > > I will try to go over the document once more to "correct" those cases. > Sorry! The quotes surrounding "correct" were from an earlier version of the text when I still didn't agree completely yet! So no quotes in

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-06.txt

Op 08-07-2022 om 00:21 schreef Michael StJohns: > On 7/7/2022 5:32 AM, Willem Toorop wrote: >> Dear dnsop, >> >> This draft describes a mechanism for automatic provisioning of zones >> among authoritative name servers by way of distributing a catalog of >> those zo

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-06.txt

is a work item of the Domain Name System Operations WG of the IETF. > > Title : DNS Catalog Zones > Authors : Peter van Dijk > Libor Peltan > Ondrej Sury > Willem

Re: [DNSOP] draft-yorgos-dnsop-dry-run-dnssec-00 and DS digest field

Thanks Libor, I'm planning to create an overview of all the feedback and proposed solutions to our issues we've had since IETF113 (including your proposal), discuss that with the co-authors, and then post that to dnsop together with an announcement that we're working on this. Cheers, -- Willem

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-05.txt

Authors : Peter van Dijk > Libor Peltan > Ondrej Sury > Willem Toorop > Kees Monshouwer > Peter Thomassen > Filename: draft-ietf-dnsop

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-04.txt

ories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : DNS Catalog Zones > Authors : Peter van Dijk > Libor Peltan > Ondrej Sury >

[DNSOP] OARC 36 Workshop, November 29th & 30th, Extending Call for Contributions

* 29 & 30 November 2021 - OARC 36 Workshop The details for presentation submission are published at the Workshop website: https://www.dns-oarc.net/oarc36 If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via Willem T

[DNSOP] OARConline 35a Registrations and OARC 36 Call for Contributions

If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via Willem Toorop, for the DNS-OARC Programme Committee OARC depends on sponsorship to fund its workshops and associated social events. Please contact if your organization is

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-03.txt

DNS Catalog Zones > Authors : Peter van Dijk > Libor Peltan > Ondrej Sury > Willem Toorop > Leo Vandewoestijne > Filename: draft-ietf-dnsop-dns-catalog-zones

[DNSOP] OARConline 35a Workshop, September 8th, Call for Contributions now open

ehearsal on August 24th. It would be very useful to have your slides (even if draft) ready for this. If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via Willem Toorop, for the DNS-OARC Programme Committee OARC depends on spo

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

Op 22-03-2021 om 15:50 schreef Ben Schwartz: > On Mon, Mar 22, 2021 at 5:41 AM Willem Toorop <mailto:wil...@nlnetlabs.nl>> wrote: > > But what about the keys in the "mandatory" SvcParam? Should they be > sorted automatically? Or should the parser produce

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

Op 19-03-2021 om 18:03 schreef Pieter Lexis: > Hi Willem, > > On 3/19/21 11:47 AM, Willem Toorop wrote: >> That'd be nice! > > PR is here [1]. > >> Do you also have tests for peculiar/corner and failure cases? > > I'm a little bit unsure what y

Re: [DNSOP] OARC 35 Workshop, May 6th & 7th, Registration and Call for Contributions now open

milestones are: * 25 Mar 2021 - Deadline for submission (23:59 UTC) * 25 Mar 2021 - Initial Contribution list published * 08 Apr 2021 - Full agenda published * 22 Apr 2021 - Deadline for slideset submission and Rehearsal * 06 May 2021 - OARC 35 Workshop Willem Toorop, for the DNS-OARC Programme Committee

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

Op 19-03-2021 om 11:19 schreef Pieter Lexis: > Hi Willem, Ben, > > On 3/19/21 11:14 AM, Willem Toorop wrote: >> Also, it would have been nice to have some test-vectors of RR's in >> presentation format and wire format (in hexdump) in an appendix in the >> docume

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

No version of NSD, Unbound, ldns and getdns with SVCB and HTTPS support has been released yet, so no problem for us to change the name of SvcParamKey 5 to ech for us there, but ... The Net::DNS perl library does have parsing and printing of SVCB and HTTPS based on draft-ietf-dnsop-svcb-https-01 si

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-02.txt

> This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : DNS Catalog Zones > Authors : Peter van Dijk > Libor Peltan > Ondrej Sury >

[DNSOP] OARC 35 Workshop, May 6th & 7th, Registration and Call for Contributions now open

s-oarc.net/oarc/programme via Willem Toorop, for the DNS-OARC Programme Committee OARC depends on sponsorship to fund its workshops and associated social events. Please contact if your organization is interested in becoming a sponsor. (Please note that OARC is run on a non-profit basis, and is not i

Re: [DNSOP] IETF 110 Agenda and Call for Agenda Items DNSOP WG

I'd like to request 20 minuted for draft-ietf-dnsop-dns-catalog-zones. We have a lot to discuss! Op 18-02-2021 om 17:23 schreef Benno Overeinder: > Hi all, > > The IETF 110 Agenda is out https://datatracker.ietf.org/meeting/110/agenda. > > DNSOP has two sessions scheduled: > >     dnsop Session

Re: [DNSOP] Various Thoughts on Catalog Zones (draft-ietf-dnsop-dns-catalog-zones-01)

Peter, Thank you! I am intrigued by your suggestion to use CSYNC RR to signal SOA Serial numbers and to help out in. And indeed, the flags in CSYNC's flags rdata field appear to have helpful names and meanings with respect to clashing member zones and member zone transitions. What a good catch! Ho

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-05.txt

> Title : Interoperable Domain Name System (DNS) Server > Cookies > Authors : Ondrej Sury > Willem Toorop > Donald E. Eastlake 3rd > Mark Andrews > Filename: draft-i

Re: [DNSOP] Éric Vyncke's No Objection on draft-ietf-dnsop-server-cookies-04: (with COMMENT)

Op 17-12-2020 om 08:37 schreef Éric Vyncke via Datatracker: > -- > COMMENT: > -- Thank you for your feedback Éric, > -- Section 3 -- > I like that a Client cooki

Re: [DNSOP] Martin Duke's No Objection on draft-ietf-dnsop-server-cookies-04: (with COMMENT)

Op 16-12-2020 om 19:55 schreef Martin Duke via Datatracker: > -- > COMMENT: > -- > > It seems to me the mechanisms in Section 5 would be simplified by using some

Re: [DNSOP] Murray Kucherawy's No Objection on draft-ietf-dnsop-server-cookies-04: (with COMMENT)

Thank you Murray for your review, Op 16-12-2020 om 07:31 schreef Murray Kucherawy via Datatracker: > -- > COMMENT: > -- > > In Section 3 there's a line that says

Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-server-cookies-04: (with COMMENT)

Thank you Roman for your review, Op 16-12-2020 om 01:00 schreef Roman Danyliw via Datatracker: > -- > COMMENT: > -- > > ** Section 7. For future agility, should

Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-server-cookies-04: (with COMMENT)

Op 15-12-2020 om 09:10 schreef Erik Kline via Datatracker: > -- > COMMENT: > -- > > [ questions ]] > > [ section 3 ] > > * I assume it's not a big deal that som

[DNSOP] OARC 34 Workshop, February 4th & 5th, Deadline for Contributions extended to 11/01/2021 23:59

ter the meeting * you will be expected to attend a rehearsal on January 28th. It would be very useful to have your slides (even if draft) ready for this. If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via Willem Toorop, f

Re: [DNSOP] Implementation status for ZONEMD?

Op 22-12-2020 om 01:07 schreef Benno Overeinder: > Hi Paul, > > On 18/12/2020 22:57, Paul Hoffman wrote: >> Greetings. Now that ZONEMD is waiting in the RFC Editor's queue, I was >> wondering how the developers are coming with implementation. The >> protocol is ripe for two-party testing. > > >

[DNSOP] OARC 34 Workshop, February 4th & 5th, Registration and Call for Contributions now open

on January 28th. It would be very useful to have your slides (even if draft) ready for this. If you have questions or concerns you can contact the Programme Committee: https://www.dns-oarc.net/oarc/programme via Willem Toorop, for the DNS-OARC Programme Committee OARC depends on sponsors

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-01.txt

Title : DNS Catalog Zones > Authors : Peter van Dijk > Libor Peltan > Ondrej Sury > Willem Toorop > Leo Vandewoestijne > Filename: draft-ietf-dnsop-dns-catalog-zo

Re: [DNSOP] [Last-Call] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Op 02-12-2020 om 23:31 schreef Stephen Farrell: > FWIW, I'd say it's worth a few more words to try reduce > the probability of such failures happening, e.g. maybe > just highlighting the "unsigned/2106" point you made > above would be enough. But, if the WG don't want to do > that, that's also f

Re: [DNSOP] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Op 02-12-2020 om 22:49 schreef Stephen Farrell: > > Hiya, > > On 02/12/2020 21:38, Willem Toorop wrote: >> Op 02-12-2020 om 21:37 schreef Stephen Farrell: >> >> >> >>>> ad 2) we need a value that’s synchronized well enough and monotonic. >

Re: [DNSOP] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Op 02-12-2020 om 21:37 schreef Stephen Farrell: >> ad 2) we need a value that’s synchronized well enough and monotonic. >> I honestly don’t see any value in using 64-bit value here. Using >> unixtime has a value in itself, it’s a well-known and there’s a >> little room for any implementer to mak

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-server-cookies

Thanks Brian, All but one nit resolved in these commits: * https://github.com/NLnetLabs/draft-sury-toorop-dns-cookies-algorithms/commit/db51181a * https://github.com/NLnetLabs/draft-sury-toorop-dns-cookies-algorithms/commit/e1e763e8 For your convenience, a rendered possible future version of the

Re: [DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

Op 12-05-2020 om 00:48 schreef George Michaelson: > I support adoption. > > I wondered a little about "it is absolutely essential for these > transfers to be protected from unexpected modifications on the route. > So, catalog zone transfers SHOULD be authenticated using TSIG > [RFC2845]." > > The

Re: [DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

Op 11-05-2020 om 21:38 schreef Bob Harold: > On Mon, May 11, 2020 at 1:42 PM Tim Wicinski > wrote: > > > All, > > As we stated in the meeting and in our chairs actions, we're going > to run > regular call for adoptions over next few months.   > We

Re: [DNSOP] Fwd: [EXT] New Version Notification for draft-toorop-dnsop-dns-catalog-zones-01.txt

tps://github.com/NLnetLabs/draft-toorop-dnsop-dns-catalog-zones/issues/9 -- Willem > > On 4/16/20 09:17, Willem Toorop wrote: >> An authoritative nameserver might have two or more catalog zones, each >> associated with their own set of configuration.  In that case, the >&g

Re: [DNSOP] Fwd: [EXT] New Version Notification for draft-toorop-dnsop-dns-catalog-zones-01.txt

Op 16-04-2020 om 14:37 schreef Bob Harold: > On Wed, Apr 15, 2020 at 5:27 AM Willem Toorop <mailto:wil...@nlnetlabs.nl>> wrote: > > Dear all, > > This is the new catalog zones draft as presented yesterday at the > DNSOP WG Interim meeting. The idea of ca

[DNSOP] Fwd: [EXT] New Version Notification for draft-toorop-dnsop-dns-catalog-zones-01.txt

dnsop-dns-catalog-zones-01.txt Datum: Tue, 14 Apr 2020 04:02:23 -0700 Van:internet-dra...@ietf.org Aan:Ondrej Sury , Libor Peltan , Peter van Dijk , Willem Toorop , Leo Vandewoestijne A new version of I-D, draft-toorop-dnsop-dns-catalog-zones-01.txt has been successfully submitted by W

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-02.txt

rs : Ondrej Sury > Willem Toorop > Donald E. Eastlake 3rd > Mark Andrews > Filename: draft-ietf-dnsop-server-cookies-02.txt > Pages : 16 > Date: 2019

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-01.txt

Op 06-11-2019 om 17:27 schreef Philip Homburg: >> Philip Homburg pointed out that, although impractical to determine the >> Client IP before Client Cookie construction, it is feasible for a Client >> to detect it when it learns a Server Cookie from a specific Server. It >> can subsequently be trie

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-01.txt

n-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Interoperable Domain Name System (DNS) Server > Cookies > Authors : Ondrej Sury >

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On 09-09-19 15:45, Philip Homburg wrote: > In your letter dated Mon, 9 Sep 2019 14:13:01 +0200 you wrote: >> When implementing DNS Cookies, several DNS vendors found that >> impractical as the Client Cookie is typically computed before the Client >> IP address is known. Therefore, the requirement t

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On 09-09-19 14:52, Paul Wouters wrote: > On Mon, 9 Sep 2019, Willem Toorop wrote: > >> The only change since the previous version (i.e. >> draft-sury-toorop-dnsop-server-cookies-00) is that we no longer >> recommend to include the Client IP address with constructing clien

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

of the IETF. > > Title : Interoperable Domain Name System (DNS) Server > Cookies > Authors : Ondrej Sury > Willem Toorop > Donald E. Eastlake 3rd > Mark Andrews >

Re: [DNSOP] [dns-privacy] Do53 vs DoT vs DoH Page Load Performance Study at ANRW

On 21-07-19 16:26, Puneet Sood wrote: > * The experiment was run from Princeton, New Jersey in Northeast US. > The location is in a very well connected part of the world between > network peering points in NYC and Washington DC. You will not see much > difference (due to network latency) between th

[DNSOP] Fwd: New Version Notification for draft-sury-toorop-dnsop-server-cookies-00.txt

. Mark Andrews and Donald Eastlake are added as co-authors. Willem Forwarded Message Subject: New Version Notification for draft-sury-toorop-dnsop-server-cookies-00.txt Date: Wed, 26 Jun 2019 04:12:58 -0700 From: internet-dra...@ietf.org To: Mark Andrews , Willem Toorop , Donald E

Re: [DNSOP] Fwd: New Version Notification for draft-sury-toorop-dns-cookies-algorithms-00.txt

Thanks Mukund, Comments inline below... On 31-05-19 19:54, Mukund Sivaraman wrote: > On Tue, Mar 12, 2019 at 12:29:13PM +0100, Willem Toorop wrote: >> Dear DNSOP, >> >> A new draft has been submitted addressing the issue of DNS Cookies in >> multi-vendor anycast depl

Re: [DNSOP] Call for Adoption: draft-wessels-dns-zone-digest

I support adoption too and have (the version in this draft) of ZONEMD provisioned already in the net-dns.org. zone. Dick Franks worked on a ZONEMD verifier for Net::DNS during the Hackathon last Saturday/Sunday (remotely). On 10-03-19 15:31, Tim Wicinski wrote: > > The chairs feel the document ha

[DNSOP] Fwd: New Version Notification for draft-sury-toorop-dns-cookies-algorithms-00.txt

-dra...@ietf.org To: Willem Toorop , Ondrej Sury A new version of I-D, draft-sury-toorop-dns-cookies-algorithms-00.txt has been successfully submitted by Willem Toorop and posted to the IETF repository. Name: draft-sury-toorop-dns-cookies-algorithms Revision: 00 Title

Re: [DNSOP] raising the bar: requiring implementations

I would love to see a hard requirement for implementations & implementation reports (like IDR has) in the charter or in the working group house rules. Early implementations (perhaps even during the hackathon) can reveal implications that might have been missed while designing the draft. In additi

Re: [DNSOP] New draft: Algorithm Negotiation in DNSSEC

Op 20-07-17 om 10:45 schreef Shumon Huque: > On Thu, Jul 20, 2017 at 10:39 AM, Ólafur Guðmundsson > mailto:ola...@cloudflare.com>> wrote: > > > I disagree, if a zone operator selects "less-than" common algorithm > they do that at their own risk, > if the risk is not acceptable then i

Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-00.txt

Op 18-07-17 om 18:09 schreef Tony Finch: > The other kind of DNS server that might be able to do something useful > with ANAME is a recursive server, so it could co-operate nicely with > authoritative servers that are playing clever tricks. But the rDNS will > have to be careful about not breaking

Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-00.txt

I support trying to come up with a standards solution for alias names at the apex. But The dependency on online signing is a little more then just a technical issue. Currently the zone owner, the holder of the domain name, is the one having control over the zone content and as such also the

Re: [DNSOP] Want to join the IETF 93 Hackathon to work on DNSSEC, DANE or DNS Privacy?

Excellent idea! Looking forward to help out with this! I will discuss with Wouter (what he thinks about this and how he would take it on), but also Sara is deep into Unbound code, especially with respect to transports! -- Willem Op 02-07-15 om 22:36 schreef Daniel Kahn Gillmor: > On Thu 2015-07-

Re: [DNSOP] Definition of "validating resolver"

I'd like to maintain the term exactly as specified in RFC4033 (understanding DNSSEC but not validating), because it comes in use when talking about validating stubs. Some network operators don't know or care about DNSSEC and do not equip their network's resolver with a trust anchor. Such a resolv

Re: [DNSOP] New Version Notification for draft-hoffman-dns-terminology-00.txt

Op 23-02-15 om 15:15 schreef Ray Bellis: > >> On 23 Feb 2015, at 14:06, Willem Toorop wrote: >> >> Maybe this document can give a decisive answer on the expansion of AXFR >> as well? In the RFC Editor Abbreviations List ( >> https://ftp.rfc-editor.org/rfc

Re: [DNSOP] Fwd: New Version Notification for draft-hoffman-dns-terminology-00.txt

Maybe this document can give a decisive answer on the expansion of AXFR as well? In the RFC Editor Abbreviations List ( https://ftp.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt ), this is expanded as either - Asynchronous Full Transfer (AXFR) or - Authoritative Transfer

Re: [DNSOP] I-D Action: draft-ietf-dnsop-cookies-01.txt

Thanks, Are section 6 and 7 an alternative drop in replacement for section 4 and 5? Because I feel there are some pieces missing in section 7 about server policies and how that works out in responses, that can be found in section 5. Sections 7.2.3 (Only a CLIENT Cookie) and 7.2.4.1 (A Client Coo

[DNSOP] New user mailing-list for Net::DNS

-users-requ...@nlnetlabs.nl with the word `subscribe' in the subject or body. Best regards, Willem Toorop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop