On Nov 21, 2016, at 10:31 AM, Matt Larson wrote:
> Personally, I think we'd better have a really good reason for adding a new
> TLD without a requirement for DNSSEC. I further think that adding an
> insecure delegation in the root for localhost to permit DNSSEC validation of
> local names like
> On Nov 20, 2016, at 9:27 PM, Ted Lemon wrote:
>
> The point is that the current policy for the root precludes an
> unsecure delegation.
Huh? If by "insecure delegation" you mean "no DS record", then are are plenty
such delegations right now:
$ comm -23 tlds tlds_with_ds | wc -l
161
I
On Mon, Nov 21, 2016 at 10:31:12AM -0500, Matt Larson wrote:
> That's an issue we (the community) would have to decide upon and document in
> whatever document governed adding a hypothetical new TLD with an insecure
> delegation.
>
If by "we (the community)" you mean "the names community", the
On 21/11/2016 15:39, Andrew Sullivan wrote:
> If by "we (the community)" you mean "the names community", then I
> agree. That's the main point I've been trying to make: the decisions
> about what to put _in the root zone_ (which includes delegation data
> of special-use names) is, as near as I
On Mon, Nov 21, 2016 at 03:50:08PM +, Ray Bellis wrote:
> As has been mentioned before, there's (currently) no process for this,
> but that doesn't mean we can't ask. The lack of process doesn't mean
> it's impossible.
No question. As long as we recognise that we're asking another
community
>> The point is that the current policy for the root precludes an
>> unsecure delegation.
>
>Huh? If by "insecure delegation" you mean "no DS record", then are are plenty
>such delegations right now:
No, I think the point is that you want the equivalent of an NSEC3
opt-out, but the root is curre
In message <20161121180641.79893.qm...@ary.lan>, "John Levine" writes:
> >> The point is that the current policy for the root precludes an
> >> unsecure delegation.
> >
> >Huh? If by "insecure delegation" you mean "no DS record", then are are p
> lenty such delegations right now:
>
> No, I think
.localhost and .homenet don't have the escape to a different protocol
and any error from the DNS will do for those not worried about a
clean solution. These namespace are intended to be looked up in
the DNS with local content.
Well, maybe. On my computer, and on pretty much every computer runn
In message , "John R Levine" wri
tes:
> > .localhost and .homenet don't have the escape to a different protocol
> > and any error from the DNS will do for those not worried about a
> > clean solution. These namespace are intended to be looked up in
> > the DNS with local content.
>
> Well, maybe
Andrew,
At 2016-11-21 12:16:41 -0500
Andrew Sullivan wrote:
> On Mon, Nov 21, 2016 at 03:50:08PM +, Ray Bellis wrote:
> > As has been mentioned before, there's (currently) no process for this,
> > but that doesn't mean we can't ask. The lack of process doesn't mean
> > it's impossible.
>
In message <20161122112421.5acef...@pallas.home.time-travellers.org>, Shane Ker
r writes:
> Andrew,
>
> At 2016-11-21 12:16:41 -0500
> Andrew Sullivan wrote:
>
> > On Mon, Nov 21, 2016 at 03:50:08PM +, Ray Bellis wrote:
> > > As has been mentioned before, there's (currently) no process for th
11 matches
Mail list logo
