On 1.11.2017 12:11, Edward Lewis wrote:
> On 10/31/17, 20:50, "DNSOP on behalf of Mark Andrews" on behalf of ma...@isc.org> wrote:
>
>> Secondly doing deepest match on trust anchors is the only secure way to
>> prevent a parent overriding the child zone's security policy.
Even though Knot
Doesn't "I don't trust my parent's security policy" open up a million
cans of worms anyway? It feels like making this change to the default
behavior will make validation more brittle (because people *will* forget
to update their lower-level trust anchors) in order to help a very small
number of
internet-dra...@ietf.org writes:
> Title : Serving Stale Data to Improve DNS Resiliency
> Filename: draft-ietf-dnsop-serve-stale-00.txt
This is the same as draft-tale-dnsop-serve-stale-02, only renamed for
WG adoption.
The differences between -01 and -02 are here:
h
internet-dra...@ietf.org writes:
> Title : BULK DNS Resource Records
> Filename: draft-woodworth-bulk-rr-07.txt
Changes are here:
https://www.ietf.org/rfcdiff?url1=draft-woodworth-bulk-rr-06&url2=draft-woodworth-bulk-rr-07
The primary differences are to add a bit mo
On 6.11.2017 16:15, Paul Hoffman wrote:
> Doesn't "I don't trust my parent's security policy" open up a million
> cans of worms anyway? It feels like making this change to the default
1. The problem is that there were (and certainly will be) successfull
hacks into registries, that seems just inevi
On 6 Nov 2017, at 7:56, Petr Špaček wrote:
2. Vast majority of people will not bother with setting up own trust
anchors. I.e. vast majority of people will not be affected by any
brittlenes you envision.
3. The small fraction of people who configure their own TA do it for a
reason. The reason I
