Dear colleagues,
This message starts a Working Group Last Call for
draft-ietf-dnsop-compact-denial-of-existence, “Compact Denial of Existence in
DNSSEC”.
Current and previous versions of the draft are available here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existe
[drifting off topic]
> On Oct 2, 2024, at 00:10, Paul Vixie
> wrote:
>
>
>
>
> i would not. much of the world now relies upon inauthentic dns responses for
> defense against bad actors.
that's a limitation of RPZ. Years ago I proposed to move the Answer to the
Authority section so you c
Signed isn't the same as authentic. Authentic means as the zone owner
publishes. We must not lodge in this document a requirement that a DNS server
not be protective. Protective means not all answers flow equally.
p vixie
On Oct 2, 2024 08:56, Paul Wouters
wrote:
[drifting off topic]
Hi Arnaud,
I believe your assessment that many network administrators think they need to
block access to certain domains and/or disable the usage of ECH via network
service configuration. I also believe that they are generally incorrect, since
ECH does not conceal any information that a firewa
I am taking this thread on the fly and I do have a number of concerns with what
I read and I align with Paul Vixie here.
First I disagree with Ben on “I don’t see any reason why an enterprise, etc.” …
I DO see reasons here confirmed in a campaign of discussions about ECH with no
less than 70 or
