[DNSOP] Re: [Ext] Revised the application for the WALLET RRTYPE

2024-07-19 Thread Stephane Bortzmeyer
On Mon, Jul 01, 2024 at 07:20:19PM +, Paul Hoffman wrote a message of 8 lines which said: > Thanks again for the input on the new RRTYPE. I submitted it to the RRTYPE > expert reviewers, and the new definition is posted at >

[DNSOP] Re: Fwd: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

2024-07-19 Thread Yorgos Thessalonikefs
Hi Ben, Thanks for the feedback! On 16/07/2024 17:55, Ben Schwartz wrote: I think dry-run DNSSEC is an interesting idea.  I suggest that the authors also consider how it would interact with DELEG, which aims to improve the state of DNSSEC configuration and improve delegation flexibility.  Som

[DNSOP] Re: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

2024-07-19 Thread Yorgos Thessalonikefs
Hi Libor, Mark, Thanks both for the feedback! On 18/07/2024 10:47, libor.peltan wrote: My point was that example.com. IN DS49172 13 130 e2c8c32fb3c40586e0dabc367bfde4368b8dff52a7ffc60f619c720ec7767320 example.com. IN DS49172 13   2 e2c8c32fb3c40586e0dabc367bfde4368b8dff52a7ffc60f619c720ec776

[DNSOP] Re: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

2024-07-19 Thread Yorgos Thessalonikefs
Hi Mark, On 19/07/2024 01:09, Mark Andrews wrote: One can test if the zone is properly signed by installing trust anchors in recursive servers you control and have your applications use them. This is much less complicated than expecting validators to be updated to soft fail on this/these new

[DNSOP] Re: Fwd: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

2024-07-19 Thread Peter Thomassen
On 7/19/24 08:34, Yorgos Thessalonikefs wrote: I'm also interested in the possibilities for malicious use of this extension.  Can a malicious domain cause a resolver to do an enormous amount of work?  Can a malicious intermediary cause an enormous volume of error reports? For validation work

[DNSOP] Re: Fwd: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

2024-07-19 Thread Philip Homburg
> To prevent this discrepancy between how dry-run and real validation > is done, the resolver either needs to halve its work bounds (which > is a disadvantage for real deployments), or commit to twice the > work it is willing to do. This would be a problem is the work a validator can reasonably do