Petr Špaček:
http://iepg.org/2017-07-16-ietf99/Fully%20automatic%20DNSSEC%20-%20final.pdf
Feel free to play with it, we very much welcome feedback!
Please direct further questions to Jaromír Talíř .
update:
I followed the instructions. One day after publishing a CDNSKEY I
received one ema
On 20.8.2017 03:48, John Levine wrote:
> In article <272dc071-c650-220c-3528-acb9467c7...@nic.cz> you write:
>> Yes, someone might try to attack a domain using this. To lower
>> probability of this kind of attack CZ.NIC is nagging the technical
>> contact for one week before the DS gets installed i
In article <272dc071-c650-220c-3528-acb9467c7...@nic.cz> you write:
>Yes, someone might try to attack a domain using this. To lower
>probability of this kind of attack CZ.NIC is nagging the technical
>contact for one week before the DS gets installed into the CZ zone.
>
>For further details please
In message , "John R Levine"
writes:
> On Fri, 18 Aug 2017, Mark Andrews wrote:
> >>> Or you can have credentials to allow the hoster to update the DS
> >>> records alone.
> >>
> >> Of course, but that's independent of how you present the updates to the
> >> registry or registrar.
> >
> > Yet, yo
On Fri, 18 Aug 2017, Mark Andrews wrote:
Or you can have credentials to allow the hoster to update the DS
records alone.
Of course, but that's independent of how you present the updates to the
registry or registrar.
Yet, you chose to attempt to shoot down the proposal based on the
premise tha
In message , "John R Levine" wri
tes:
> On Thu, 17 Aug 2017, Mark Andrews wrote:
> > Or you can have credentials to allow the hoster to update the DS
> > records alone.
>
> Of course, but that's independent of how you present the updates to the
> registry or registrar.
Yet, you chose to attempt
On Thu, 17 Aug 2017, Mark Andrews wrote:
Or you can have credentials to allow the hoster to update the DS
records alone.
Of course, but that's independent of how you present the updates to the
registry or registrar.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Have a look at:
https://datatracker.ietf.org/doc/draft-ietf-regext-dnsoperator-to-rrr-protocol/
I've talked to Jacques about it, will try it when I have a chance. I only
have two .CA domains so it's not a very high priority at this point.
I agree that at this point it's the most promising app
On 16 August 2017 at 19:09, John Levine wrote:
> In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
> >> A colleague says "If TLDs allowed UPDATE messages to be processed most
> >> of the issues with DNSSEC would go away. At the moment we have a whole
> >> series of kludges becau
On 17.8.2017 01:09, John Levine wrote:
> In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
>>> A colleague says "If TLDs allowed UPDATE messages to be processed most
>>> of the issues with DNSSEC would go away. At the moment we have a whole
>>> series of kludges because people a
In message <20170816230917.4475.qm...@ary.lan>, "John Levine" writes:
> In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
> >> A colleague says "If TLDs allowed UPDATE messages to be processed most
> >> of the issues with DNSSEC would go away. At the moment we have a whole
> >> s
In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
>> A colleague says "If TLDs allowed UPDATE messages to be processed most
>> of the issues with DNSSEC would go away. At the moment we have a whole
>> series of kludges because people are scared of signed update messages."
Someone
12 matches
Mail list logo
