Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc6304bis-05.txt

Bob Harold wrote: > The only point I don't understand is why it the zones could not be > signed, and all the anycast sites used slave copies. That would break locally-served empty zones (RFC 6303) and private RFC 1918 reverse DNS. Tony. -- f.anthony.n.finchhttp://dotat.at/ Viking, North Ut

Re: [DNSOP] DNSKEY RRset size and the root

On Thu, Jan 22, 2015 at 10:12 AM, Paul Wouters wrote: > > On Wed, 21 Jan 2015, David Conrad wrote: > >> Thanks very much for this note. The issue of the ZSK length is something >> that has popped up on various radars on various occasions and given the >> recent publicity over at imperialviolet a

Re: [DNSOP] DNSKEY RRset size and the root

On Jan 23, 2015, at 9:40 AM, Liang Zhu wrote: > There have been repeated questions about how big DNSSEC keys should > be. We are also interested in understanding at what point IPv4 > fragmentation becomes common in UDP responses as key size increases, > since IPv4 fragmentation brings performance

Re: [DNSOP] DNSKEY RRset size and the root

> On Jan 23, 2015, at 10:01 AM, Paul Hoffman wrote: > > What is the problem with #2? IP fragmentation happens, and The Internet is > expected to work with it. That is, of what possible value is "inform their > customers"? The Internet has unfortunately decreed that Fragmentation Does Not Work

Re: [DNSOP] Followup Discussion on TCP keepalive proposals

Paul Vixie wrote: > > why aren't we preferring a TCP/80 (and perhaps TCP/443) solution Inefficient encoding -> wastes battery -> greater serialization latency In-order responses -> head-of-line blocking Tony. -- f.anthony.n.finchhttp://dotat.at/ Wight, Portland: Southwest veering northw

Re: [DNSOP] DNSKEY RRset size and the root

In message <48ae7501-a80a-40b1-8fda-34984aa4d...@icsi.berkeley.edu>, Nicholas Weaver writes: > > > > On Jan 23, 2015, at 10:01 AM, Paul Hoffman > wrote: > > > > What is the problem with #2? IP fragmentation happens, and The Internet > is expected to work with it. That is, of what possible value

Re: [DNSOP] DNSKEY RRset size and the root

> Mark Andrews > Friday, January 23, 2015 12:50 PM > In message <48ae7501-a80a-40b1-8fda-34984aa4d...@icsi.berkeley.edu>, Nicholas > Weaver writes: >> ... >> >> The Internet has unfortunately decreed that Fragmentation Does Not Work >> with IPv4, and Really Does Not Work w

Re: [DNSOP] DNSKEY RRset size and the root

The Internet has unfortunately decreed that Fragmentation Does Not Work with IPv4, and Really Does Not Work with IPv6. It seems this issue is being escalated as we speak! "Internet fragmentation worries world business leaders" http://www.cbc.ca/m/news/technology/internet-fragmentation-worrie