Hi all,
as an authoritative DNS server (and signer) vendor, let me state my
opinions on this topic and this draft.
1) I'd very much like to see more exact guidance of how the auth server
/ signer should prevent keytag collisions. For example, what our Knot
DNS does is: (a) on a signle signer,
Hello Rich,
> I'm also surprised by the choice of mnemonic, which is very short. If
> the extra 7 octets of "coap-dtls" would make a material difference in
> some use case, perhaps the draft should explain that.
This was mentioned just very briefly during the tls-reg-review[1], so
I'm happy to
Hi Med,
On 29.07.24 13:56, mohamed.boucad...@orange.com wrote:
Hi Carsten, all,
There is a mismatch between what is claimed in the abstract/into vs.
core documents. Concretely, when reading “This document specifies the
usage of Service Parameters..” or “This document specifies which
informat
Hi Martine,
Please see inline.
Cheers,
Med
> -Message d'origine-
> De : Martine Sophie Lenders
> Envoyé : mardi 30 juillet 2024 12:43
> À : c...@ietf.org; dnsop@ietf.org; BOUCADAIR Mohamed INNOV/NET
>
> Objet : Re: [core] Re: Fwd: WG Adoption Call for draft-lenders-
> core-coap-dtls-
Thanks for the background, Christian. I think one or two sentences on this
topic would be worth including in the draft.
--Ben
From: Christian Amsüss
Sent: Tuesday, July 30, 2024 6:26 AM
To: Ben Schwartz
Cc: mohamed.boucad...@orange.com; Carsten Bormann; c...@ie
Reviewer: Brian Weis
Review result: Has Nits
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG ch
I have also added a nit (as an Issue) to the github repo for this doc,
as I'd like the authors consider explicitly stating that the inability
for resolvers to synthesize NXDOMAIN responses for zones using this CDoE
mechanism can make certain DOS attacks (e.g. Water Torture) more
effective than
On Tue, Jul 30, 2024 at 7:51 PM Brian Weis via Datatracker
wrote:
> Reviewer: Brian Weis
> Review result: Has Nits
>
Thank you for your review Brian.
[... Good summary deleted for brevity ...]
> Security Considerations also mentions that some security tools rely
> on particular return codes t
Thank you Michael,
Your observation is certainly true. However, I want to point out that
inability to
synthesize NXDOMAIN via aggressive negative caching applies to any online
signing scheme that uses minimally covering NSEC, not just Compact DoE.
Your suggestion to explicitly mention the impact
It appears that Shumon Huque said:
>-=-=-=-=-=-
>
>Thank you Michael,
>
>Your observation is certainly true. However, I want to point out that
>inability to
>synthesize NXDOMAIN via aggressive negative caching applies to any online
>signing scheme that uses minimally covering NSEC, not just Compa
10 matches
Mail list logo
