On 12/27/2014 01:24 PM, Mark Nottingham wrote:
> Hi Christian and Jake,
>
> We’ve still been discussing this in IETF-land. To reiterate - putting
> all six TLDs into one draft is killing your chances of succeeding.
>
> I’m starting to hear people talking about creating a separate draft
> to do just
On 6/29/15, 13:43, "DNSOP on behalf of Andrew Sullivan"
wrote:
>In my view, the namespace is the logical space of all possible domain
>names.
That certainly narrows the discussion for me.
>In those registries are two kinds of registrations: ones
>that are there to enable further delegation (a "
On 30/06/2015 12:43, Edward Lewis wrote:
> Is being an entry a barrier to being used in the DNS? This is
> not clear - I can ssh to a .local machine.
So can I, but that's because my computer's name service stub used mDNS
to find it, not DNS.
Ray
___
On 6/30/15, 7:48, "DNSOP on behalf of Ray Bellis" wrote:
>So can I, but that's because my computer's name service stub used mDNS
>to find it, not DNS.
Would the same code handle .onion? (Perhaps a new version via RPM push.)
Is relying on software updates scaleable?
This is the flip side of wh
Olafur Gudmundsson wrote:
> There is much simpler way.
> Just add record to the rootzone that is only signed by the new key.
> If resolver returns AD bit it has the new key.
I don't think this works.
If the new key is published in the root zone's DNSKEY RRset then it will
be signed by the old k
> On Jun 30, 2015, at 8:53 AM, Tony Finch wrote:
>
> Olafur Gudmundsson wrote:
>
>> There is much simpler way.
>> Just add record to the rootzone that is only signed by the new key.
>> If resolver returns AD bit it has the new key.
>
> I don't think this works.
>
> If the new key is publis
On 29/06/2015 21:48, Warren Kumari wrote:
I'd appreciate any feedback, the draft announcment is here:
Name: draft-wkumari-dnsop-trust-management
Revision: 00
Title: Simplified Updates of DNS Security (DNSSEC) Trust Anchors
Document date: 2015-06-29
Group: Indi
Olafur Gudmundsson wrote:
>
> I do not yet propose what name or record is used for this experiment but
> having it an “address of an object” would be good as that enables
> testing from browsers. (CNAME is just as good as an address)
But my point is you can't find out a validator's RFC 5011 state
John Dickinson wrote:
>
> I have been planning to write a draft to address 1 by having validators send
> the DS of known TA's in an edns0 option code. This info, could then be logged
> by the authoritative nameservers.
Good idea, though just the key tags should be enough. (I think key
management
unless, of course, DNSSEC allowed for signing individual records instead of
zones.
manning
bmann...@karoshi.com
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
On 30June2015Tuesday, at 6:57, Tony Finch wrote:
> John Dickinson wrote:
>>
>> I have been planning to write a draft to address
On 6/30/15, 9:57, "Tony Finch" wrote:
>John Dickinson wrote:
>>
>> I have been planning to write a draft to address 1 by having validators
>>send
>> the DS of known TA's in an edns0 option code. This info, could then be
>>logged
>> by the authoritative nameservers.
>
>Good idea, though just the k
On Tue, Jun 30, 2015 at 11:43:42AM +, Edward Lewis wrote:
> You can then divide the list into names that have a responsible party and
> those that don't - and call that (positively registered) and not (or
> negatively) registered.
This is a different use of "positively|negatively registered"
Dear colleagues,
Just a reminder:
* The draft cutoff for IETF 93 is next Monday, July 6.
* WG meeting agendas are due the same day.
Please send agenda requests ASAP.
When you do, please note that we have quite a number of documents in flight and
were unable to get two meeting slots for Prag
On 6/30/15, 11:18, "DNSOP on behalf of Andrew Sullivan"
wrote:
>This is a different use of "positively|negatively registered" than I
>outlined. The case that I was talking about I think _does_ have an RP
>for the negaitve registration. But that registration is there to
>prevent delegation. A
On Tue, Jun 30, 2015 at 9:34 AM, John Dickinson wrote:
>
>
> On 29/06/2015 21:48, Warren Kumari wrote:
>>
>> I'd appreciate any feedback, the draft announcment is here:
>> Name: draft-wkumari-dnsop-trust-management
>> Revision: 00
>> Title: Simplified Updates of DNS Securi
On Tue, Jun 30, 2015 at 10:53 AM, Edward Lewis wrote:
> On 6/30/15, 9:57, "Tony Finch" wrote:
>
>>John Dickinson wrote:
>>>
>>> I have been planning to write a draft to address 1 by having validators
>>>send
>>> the DS of known TA's in an edns0 option code. This info, could then be
>>>logged
>>>
On Tue, Jun 30, 2015 at 04:27:10PM +, Edward Lewis wrote:
>
> So this is about words - what you call a negative registration is a
> registration nonetheless, with an responsible party.
Well, it's about conceptual clarity. If we want to call that
"negative registration" instead "skippy the wo
17 matches
Mail list logo
