Re: [DNSOP] Updated: Compact Denial of Existence

On 2023-03-06 05:00, Paul Vixie wrote: Peter Thomassen wrote on 2023-03-05 14:56: (Compact NSEC answers prevent zone enumeration just as well, if not better.) that makes it even cooler, and it was already cool. (so long as the nxdomain signal is not suppressed as in the cloudflare prototy

Re: [DNSOP] Updated: Compact Denial of Existence

On 2023-03-06 03:35, Shumon Huque wrote: On Sun, Mar 5, 2023 at 12:20 PM Peter Thomassen wrote: Hi, I like this draft. Some thoughts: 1.) Maybe it's worth pointing out that zones using compact denial SHOULD (MUST?) use NSEC, not NSEC3. Yes, we could do that. I agree with Ge

Re: [DNSOP] Updated: Compact Denial of Existence

On 2023-03-28 06:41, Shumon Huque wrote: On Tue, Mar 28, 2023 at 10:01 AM Viktor Dukhovni wrote: [ Multi-response to four upthread messages. ] --- On Fri, Mar 03, 2023 at 06:23:11PM -0500, Shumon Huque wrote: > Thanks for your comments. We've posted an updated draft (-0

Re: [DNSOP] Updated: Compact Denial of Existence

On 2023-03-29 15:45, Paul Vixie wrote: Joe Abley wrote on 2023-03-29 01:56: Hi Paul, On Tue, Mar 28, 2023 at 14:51, Paul Vixie ... for perspective, no root name server has deployed this alternative form of Denial of Existence, ... Root servers don't do online signing; they serve a pre-sig

Re: [DNSOP] Followup Working Group Last Call for draft-ietf-dnsop-dnssec-bootstrapping

Hi everyone! I support the publication of this document. Regards, Christian On 2024-01-21 00:23, Tim Wicinski wrote: All Peter has integrated feedback from the first working group last call, and we'd like to do a followup last call.  The diff with the current version is here: https://auth

Re: [DNSOP] [DNSSEC-Bootstrapping] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt

Coming a bit late to the discussion On 2021-11-09 22:53, Paul Wouters wrote: On Tue, 9 Nov 2021, Peter Thomassen wrote: Let's consider the bootstrapping namespace under _boot.ns1.desec.io. There would usually be NS/DS records at this name. However, it should be possible to introduce zone cuts

[DNSOP] Re: Murray Kucherawy's Discuss on draft-ietf-dnsop-compact-denial-of-existence-06: (with DISCUSS and COMMENT)

Thank you for the helpful review, Murray! On 2025-02-23 12:35, Shumon Huque wrote: On Thu, Feb 20, 2025 at 3:17 AM Murray Kucherawy via Datatracker mailto:nore...@ietf.org>> wrote: Murray Kucherawy has entered the following ballot position for draft-ietf-dnsop-compact-denial-of-existen

[DNSOP] Updates to draft-huque-dnsop-multi-alg-rules

The draft document for Multiple Algorithm Rules in DNSSEC: https://datatracker.ietf.org/doc/draft-huque-dnsop-multi-alg-rules/ has been updated to version 5 Beyond mainly editorial updates, the new draft adds the additional use case for performing independent algorithm roll for KSK/ZSK, lettin