On Thu, Sep 07, 2017 at 02:25:14PM -0400,
Joe Abley wrote
a message of 35 lines which said:
> However, the pragmatist in me says that people are already
> implementing things like this anyway, and a standard approach is
> better for all concerned than a fragmented set of
> uncomfortably-differ
I just notice it asks for "Standards Track" document. If it aims to
introduce a special use of resolver to achieve some features for their
users' benefit, I think informational document may be more appropriate ? I
guess, like what RFC7706 does.
Davey
> -邮件原件-
> 发件人: DNSOP [mailto:dnsop-b
On 09/08/2017 11:15 AM, Davey Song(宋林健) wrote:
> I just notice it asks for "Standards Track" document. If it aims to
> introduce a special use of resolver to achieve some features for their
> users' benefit, I think informational document may be more appropriate ? I
> guess, like what RFC7706 does.
> On Sep 8, 2017, at 01:28, Paul Vixie wrote:
>
> if they really need this, they should provide a method by which i can specify
> both a TTL and an Expiry, and i will consider publishing both values, and if
> i
> do, then they can use them the way i intend them. because as i said,
> autonomy
Do you know of protocols that use SRV to localhost in practice?
Anyway, this is like the question of whether to trust IP addresses when
using rsh. Remember rsh? There's a reason we don't use it anymore, even
though it was definitely useful.
Localhost over DNS is analogous.
On Sep 7, 2017 10:28
Stephane Bortzmeyer wrote:
>
> I'm not enthousiastic. We should focus on making the DNS infrastructure
> more reliable, not on adding something to a pile of already fragile
> protocols.
I like this draft because it should help if we lose off-campus
connectivity. We've had a few incidents in recen
Paul Vixie wrote:
>
> if they really need this, they should provide a method by which i can specify
> both a TTL and an Expiry, and i will consider publishing both values, and if i
> do, then they can use them the way i intend them.
RRSIG sort-of does that?
Tony.
--
f.anthony.n.finchhttp://
Tony Finch wrote:
Paul Vixie wrote:
if they really need this, they should provide a method by which i can specify
both a TTL and an Expiry, and i will consider publishing both values, and if i
do, then they can use them the way i intend them.
RRSIG sort-of does that?
but it wasn't intende
On Fri, 8 Sep 2017, Tony Finch wrote:
It isn't possible to distribute trust anchors to BYOD
clients with validating stubs
That's not entirely true,
https://tools.ietf.org/html/draft-ietf-ipsecme-split-dns-02
It supports sending INTERNAL_DNSSEC_TA trust anchors.
Paul
___
Paul Wouters wrote:
> On Fri, 8 Sep 2017, Tony Finch wrote:
>
> > It isn't possible to distribute trust anchors to BYOD
> > clients with validating stubs
>
> That's not entirely true,
> https://tools.ietf.org/html/draft-ietf-ipsecme-split-dns-02
> It supports sending INTERNAL_DNSSEC_TA trust ancho
tjw ietf wrote:
> August is over and my self-imposed holiday is over, so it's time to get
> busy again. We have this document marked as a candidate for adoption.
>
> This starts a formal Call for Adoption for draft-tale-dnsop-serve-stale
>
> The draft is available here:
> https://datatracker.ietf
At Thu, 07 Sep 2017 13:42:45 -0700,
Paul Vixie wrote:
> > If we don't work on a proposal like this, I'd love to see a specific
> > counter proposal that doesn't violate the current protocol
> > specification (i.e., using a cached answer beyond its TTL) and still
> > avoids resolution failure when
On Thu, Sep 07, 2017 at 10:28:30PM -0700, Paul Vixie wrote:
> if they really need this, they should provide a method by which i can specify
> both a TTL and an Expiry, and i will consider publishing both values, and
> if i do, then they can use them the way i intend them. because as i said,
> auto
Evan Hunt wrote:
On Thu, Sep 07, 2017 at 10:28:30PM -0700, Paul Vixie wrote:
if they really need this, they should provide a method by which i can specify
both a TTL and an Expiry, and i will consider publishing both values, and
if i do, then they can use them the way i intend them. because as
Davey Song(宋林健) 于2017年9月8日周五 下午5:16写道:
> I just notice it asks for "Standards Track" document. If it aims to
> introduce a special use of resolver to achieve some features for their
> users' benefit, I think informational document may be more appropriate ? I
> guess, like what RFC7706 does.
>
+1,
On 9 September 2017 at 00:32, Tony Finch wrote:
> Paul Vixie wrote:
> >
> > if they really need this, they should provide a method by which i can
> specify
> > both a TTL and an Expiry, and i will consider publishing both values,
> and if i
> > do, then they can use them the way i intend them.
>
On Fri, Sep 08, 2017 at 06:43:52PM -0700, Paul Vixie wrote:
> not so fast. nxdomain redirection is an attack. censorship is an attack.
> i don't think you mean to group ttl stretching in with those attacks.
> because if you do, then we agree, it is an attack, and ought not be
> done, and certain
17 matches
Mail list logo
