> On Apr 7, 2016, at 10:49 PM, Adrien de Croy wrote:
>
> But it's good to see a clear statement from 1987 about desirability of
> supporting alternate protocols (although they use CLASS for that). Maybe
> onion should have used a new CLASS :)
>
See draft-sullivan-dns-class-useless (which
In your letter dated 7 Apr 2016 21:26:51 - you wrote:
>>Just because TOR asks for .onion doesn't mean it should be given it.
>
>The TOR project has been distributing software that special cases
>the .onion TLD for close to a decade.
>
>If the IETF said "you're wrong, go away", what exactly do y
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for cryptographers in the list: as far as I know
there i
On Fri, 8 Apr 2016, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for cryptog
May I please remind the WG of draft-bellis-dnsext-multi-qtypes-01
(expired, but seems eminently applicable in this case as a signalling
mechanism, and is more general purpose)
Ray
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listin
I can't find a draft to cite for this talk, so this refers to the slides
presented.
"DNSSEC Protocol Modifications"
(http://www.rfc-editor.org/rfc/rfc4035.txt) has an explicit prohibition on
names owning only NSEC and RRSIG.
Yeah.
I'm not holding this up as a royal edict. But it's there in plai
On 08/04/2016 11:39, Edward Lewis wrote:
> I can't find a draft to cite for this talk, so this refers to the slides
> presented.
>
> "DNSSEC Protocol Modifications"
> (http://www.rfc-editor.org/rfc/rfc4035.txt) has an explicit prohibition on
> names owning only NSEC and RRSIG.
>
> Yeah.
>
> I'
On 4/8/16, 12:08, "DNSOP on behalf of Ray Bellis" wrote:
>That said, Cloudflare's implementation appears to assert that the
>wildcard doesn't exist either - I've asked Olafur to check out the
>implications of that.
Not to pick, but I'm trying to remove the fact that this is tied to a
specific co
Hi Olafur,
two things I see;
1) the CDNSKEY, since CDS and CDSNKEY are used interchangeably in the document,
"inserts the corresponding DS RRset as requested" does not work for the
CDNSKEY, the parental agent must compute a DS and pick an algorithm & digest
type based on the Parental Agent pol
On this topic, I wasn't quick enough to get to the mic before the line was
closed, but I'd like to suggest a higher degree of caution with the "MUST
NOTs" and "MUST-'s" in the validator column, relative to the signer column.
IIRC, RSAMD5 was originally mandatory to implement. I certainly don't mi
On 8 Apr 2016, at 10:46, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for cr
Adrien,
On Thu, Apr 7, 2016 at 7:13 PM, Adrien de Croy wrote:
> -- Original Message --
> From: "Stephane Bortzmeyer"
> To: "Adrien de Croy"
> Cc: "Philip Homburg" ; "dnsop@ietf.org"
> ; "Ted Lemon"
> Sent: 8/04/2016 3:06:43 a.m.
> Subject: Re: [DNSOP] Alternative Special-Use TLD proble
12 matches
Mail list logo
