Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-00.txt

2017-12-12 Thread Bob Harold
On Sun, Dec 10, 2017 at 8:21 PM, wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : A Sentinel for Detecting Trusted Keys in DNSSEC >

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

2017-12-12 Thread Wes Hardaker
Michael StJohns writes: > 2) T + activeRefresh  is the time at which the server sees the last > query from the last resolver just starting their trust anchor > installation. > 3) T + activeRefresh + addHoldDownTime is the time at which the server > sees the first query from any resolver finalizin

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

2017-12-12 Thread Wes Hardaker
Paul Vixie writes: > This timing based approach to online DNSSEC signing key changes is > subtle beyond anybody's expectations, and because it will be used by > the root zone, it is vital that we do more than simply whiteboard our > proposed methods. I have a thought about a demonstration. Will

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

2017-12-12 Thread Michael StJohns
On 12/12/2017 12:24 PM, Wes Hardaker wrote: Michael StJohns writes: 2) T + activeRefresh  is the time at which the server sees the last query from the last resolver just starting their trust anchor installation. 3) T + activeRefresh + addHoldDownTime is the time at which the server sees the fi

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

2017-12-12 Thread Wes Hardaker
Michael StJohns writes: > A "perfect" system will behave the way you've described - but adding a > safety factor while ignoring the phase shift brought on by retransmits > within the addHoldDown interval will not characterize the actual > system. Ah ha! So, you do actually agree that my descrip

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

2017-12-12 Thread Michael StJohns
On 12/12/2017 4:03 PM, Wes Hardaker wrote: Michael StJohns writes: A "perfect" system will behave the way you've described - but adding a safety factor while ignoring the phase shift brought on by retransmits within the addHoldDown interval will not characterize the actual system. Ah ha! So,

Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-00.txt

2017-12-12 Thread Geoff Huston
> On 13 Dec 2017, at 3:44 am, Bob Harold wrote: > > > On Sun, Dec 10, 2017 at 8:21 PM, > wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the I

[DNSOP] Ask for advice of 3 new RRs for precise traffic scheduling

2017-12-12 Thread zuop...@cnnic.cn
Hi everyone, Here’s a problem about CDN traffic scheduling. So far as I know, many business companies use multi-CDN to speed up their websites and the CDN providers have requirements for precise traffic scheduling especially in the rush hour of traffic. As CDN providers usually m