> On Jul 2, 2019, at 3:31 PM, Jim Reid wrote:
>
>
>
>> On 2 Jul 2019, at 19:12, Matthijs Mekking wrote:
>>
>> I think it is time to move the protocol to Historic status as a clear signal
>> to
>> everyone that it should no longer be implemented or deployed.
>
> Agreed. Kill it with fire!
> On Jul 22, 2019, at 8:37 PM, Normen Kowalewski wrote:
>
> While I agree that “add” today covers discussion around the case described in
> here, but the reason that it covers it is because “add” acts as a "catch all
> bucket" for “various DNS things not well defined”.
> If we want to cover
ain registrants
to get the HTTPSVC records updated with their DNS hosting operator, which often
means upgrading those DNS operators to support the new record. But that is an
issue with ALL of the various “new DNS record” solutions we’ve come up with.
--
Dan York, Director, Web Strategy / Pro
On Feb 26, 2020, at 2:01 PM, Evan Hunt mailto:e...@isc.org>>
wrote:
On Wed, Feb 26, 2020 at 03:34:55PM +0100, Vladimír Čunát wrote:
I don't think it's so simple. The current ANAME draft specifies new
behavior for resolvers, and there I'd expect even slower overall
upgrades/deployment than in b
> On Jul 18, 2018, at 9:46 AM, Sara Dickinson wrote:
>
>> On 17 Jul 2018, at 17:35, Paul Wouters wrote:
>>
>> On Tue, 17 Jul 2018, tjw ietf wrote:
>>
>>> Subject: Re: [DNSOP] QNAME minimisation on the standards track?
>>> I’d like to see a more fleshed out operational considerations section.
+1. Support adoption.
> On Jul 19, 2018, at 8:42 AM, Sara Dickinson wrote:
>
> I also support adoption of this draft - it is attempting to address a genuine
> impediment to deploying DNSSEC and I think this group is the right place to
> work on it.
>
> As mentioned at the mic in Montreal, I’d
not be something widely available for some time. But if we
could get it started, it would definitely help the many people out there trying
to configure domains to point to CDNs from their apex.
Dan
--
Dan York
Director, Content & Web Strategy, Internet Society
y...@isoc.org<mailto:y...@isoc.
ill be different from DNS operators Y and Z. This locks
us in to a specific DNS operator. (Who may or may not also be the CDN
operator.)
Given the long deployment timeline, I do think we need to start on this sooner.
I’m glad to help.
My 2 cents,
Dan
--
Dan York
Director, Content & We
begin 29 hours of travel to Bangkok, so I
probably won’t see any responses until I get on the ground there Sunday morning.
See (some of) you in Bangkok,
Dan
P.S. The “short draft” I mentioned currently exists only on my laptop, so it’s
not something you can see anywhere yet.
--
Dan York
Director
be published.
For instance, I could turn that into a short paper we publish on the Internet
Society's website in the Deploy360 section. But there is also a logical value
to including it along with the other DNSSEC documents in the RFCs.
--
Dan York
Director, Content & Web Strategy,
the apex of a domain zone.
Dan
P.S. Right now we do have "internetsociety.org" redirecting to
"https://www.internetsociety.org";, which uses a CNAME to go out to a CDN. In
our case we are okay with people seeing "www" in the address bar. Other
organization
nd DNSSEC is designed to detect such modifications, DNS64
([RFC6147]) can break DNSSEC in some circumstances.
I'm passing it along in case others were, like me, not paying attention to this
draft.
Dan
--
Dan York
Director, Content & Web Strategy, Internet Society
y...@isoc.org <mailto
draft.
Dan
--
Dan York
Director, Content & Web Strategy, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org> Skype: danyork
http://twitter.com/danyork
http://ww
using
internally in their DNS hosting operations.
Dan
--
Dan York
Director, Content & Web Strategy, Internet Society
y...@isoc.org +1-802-735-1624
Jabber: y...@jabber.isoc.org Skype: danyork http://twitter.com/danyork
http://www.internetsociety.org/
smime.p7s
Description:
user deployment issues I mentioned above.)
> Why service-specific?
> As Ray points out, MX is already there as a service-specic RRtype.
> Other service-specific RRtypes may be needed, and new RRtypes are easy to get
> now.
> (Perhaps we can anticipate what some of tho
at least one hosting/authority service will
> do this as soon as a stable spec is available (i.e. HTTP and a code point
> early allocation).
DY> :-) Good to know!
Dan
--
Dan York
Director, Content & Web Strategy, Internet Society
y...@isoc.org +1-802-735-1624
Jabber: y...@jabber.iso
ing to have a side meeting to talk about simplifying the draft and providing
a new version.
If it is a larger meeting than just the authors, then there are probably a
number of us who would be interested.
Dan
--
Dan York
Director of Web Strategy, Internet Society
y...@isoc.org<mailto:y...@
> On Mar 26, 2019, at 7:23 PM, Brian Dickson
> wrote:
>
> We need to start with the base requirements, which is, "I want an apex RR
> that allows HTTP browser indirection just as if there was a CNAME there”.
Yes, THIS.
In response to the discussion last November, I put together this draft
On Jul 18, 2015, at 12:24 PM, Suzanne Woolf
mailto:suzworldw...@gmail.com>> wrote:
Jabber scribe: ?
I'll jabber-scribe. Someone else as a backup would be appreciated.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-7
ubject: New Version Notification for
draft-york-dnsop-deploying-dnssec-crypto-algs-00.txt
Date: March 21, 2016 at 2:29:57 PM EDT
To: "y...@isoc.org<mailto:y...@isoc.org>"
mailto:y...@isoc.org>>, Ondrej Sury
mailto:ondrej.s...@nic.cz>>, "Olafur Gudmundsson"
mailto
DNSOP members,
FYI, we've got 20+ people gathering at the IETF 96 Hackathon on Saturday and
Sunday, July 16-17, in Berlin to work on various "DNS / DNSSEC / DPRIVE / DANE"
projects.
Anyone else who is around on the weekend is welcome to join us.
There are some projects that could use some addi
__
DNSOP mailing list
DNSOP@ietf.org<mailto:DNSOP@ietf.org>
https://www.ietf.org/mailman/listinfo/dnsop
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:
raft to use another term if someone has a better
suggestion than "signing software".
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyo
of the tougher points of algorithm change, particularly when so
many of the resolvers may be in commodity customer-premises equipment (CPE)
that may or may not be easily updated or replaced.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org>
direct connection to IETF documents in DNSOP, but
thought this might be of interest to others on the list.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype:
ailto:internet-dra...@ietf.org>>
Subject: New Version Notification for
draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt
Date: October 30, 2016 at 11:37:13 PM EDT
To: Ondrej Sury mailto:ondrej.s...@nic.cz>>, Olafur
Gudmundsson mailto:olafur+i...@cloudflare.com>>,
Dan York m
Daniel,
On Nov 2, 2016, at 11:55 PM, Daniel Migault
mailto:daniel.miga...@ericsson.com>> wrote:
If you believe that the document is ready to be submitted to the IESG for
consideration as a Standards Track RFC please send a short message stating this.
>From a DNS perspective I support the draft a
x27;d just like any feedback (even if to say that it looks good).
Thanks,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http:
ys "not our problem".
Do you have a suggestion for a solution?
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork
at for them would be an
edge case in terms of volume.
Just my 2 cents,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter
/id/draft-west-let-localhost-be-localhost-02.txt
It was brought to SUNSET4 because they are interested in stopping the
proliferation of IPv4 addresses.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.is
Ted,
> On Nov 17, 2016, at 12:46 PM, Ted Lemon wrote:
>
> Just to play the devil's advocate here, what does this have to do with DNS?
>From the abstract:
This document updates RFC6761 by requiring that the domain
"localhost." and any names falling within ".localhost." resolve to
loopb
ing DNS software now so we are
> ready when 5G hits :P
>
> Paul
>
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
--
Dan York
Senior Manager, Content & Web Strategy, In
in a few days, stay tuned.)
... I think it would be helpful for the new draft to have a few examples of
what the RR would look like in a zone file. (This was the one component I
found missing from Anthony's ALIAS draft.)
Thanks for doing this,
Dan
--
Dan York
Senior Manager, Content & Web
efine operations and protocols used within the
root zone? If yes or "maybe", we should incorporate the terms. If "probably
not" or "no", then there could just be a new section about "Root Zone
terminology" that specifically directs people to view RSAAC026
, Matthijs, for the pointer after
Paul mentioned it yesterday):
http://tools.ietf.org/html/draft-wouters-dnsop-secure-update-use-cases-00
Anyway - I think we do need to move this whole area of work forward as
rapidly as we can.
My 2 cents,
Dan
--
Dan York, dan-i...@danyork.org
http://danyork.me http://twit
On 3/4/14 8:00 PM, "Joel Jaeggli" wrote:
>If we created a new session in the thursday evening 18:40-20:40 slot to
>accommodate expanded discussion of the Drafts discussed during DNSE and
>deconflicted that discussion with UTA on friday morning would that be a
>significant imposition? it seems un
8.8.8.8 (and its IPv6 equivalent). I'd like
to remove that connection as a place where an attacker can monitor /
observe / log my DNS queries.
Regards,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org <mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabb
Suzanne,
On 3/6/14 10:51 AM, "Suzanne Woolf" wrote:
>DNSOP now has two meetings to manage, both with packed agendas. This
>means your chairs will really appreciate early volunteers for note-takers
>and jabber scribes.
>
>Please drop us a note if you can do either job for either session.
I am g
re, either, given that the attacker could just
strip out the DNSSEC info (unless, perhaps, the home computers were running
full (vs stub) recursive resolvers that also did DNSSEC-validation).
I just thought it was an interesting example of a type of attack against DNS
that is out there now.
Dan
-
Tim,
I support these changes as they seem to be logical modifications to the
charter, particularly given the closing of the DNSEXT wg. I personally
don't know that DNSSEC needs to be added to point #5, as I do see it as a
natural extension of DNS. However, I could see that for clarity for other
d to add to the queue of messages).
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter.com/danyork
http://www.intern
tself as their web site address.
So yes, I think this is very definitely a current operational problem that
needs to be worked on.
My 2 cents,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jab
nough challenge right now getting DNS resolvers updated to
do DNSSEC validation - largely because DNS resolvers are installed on a ton of
boxes like "home routers" that almost never get updated. The path to getting
those updated may involve replacement lifecycles on the level of
ays looking at how to get DNSSEC more widely deployed)
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter.com/danyork
http://
Suzanne,
I'll be glad to be a jabber scribe. If there's someone else who wants to help
with that, too, the assistance would be great as I do sometimes find myself at
the microphone. ;-)
Dan
On Jul 22, 2014, at 7:12 AM, Suzanne Woolf
wrote:
> As usual…..desperately needed. Any volunteers in
ing to contribute text, review, etc.
Yes, I will.
Regards,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter
ltiple software vendors and
systems.
My 2 cents,
Dan
P.S. Nice quote, Warren!
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter.
ou trying to go with this note about consensus?
A bit puzzled,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter.com/d
her meta queries should be put
behind some kind of access control mechanism. My worry about grouping ANY
with the other meta queries is that it may indicate to people that it is still
okay to implement the ANY query.
My 2 cents,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@i
would be
good to discuss in the Security Considerations area.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter
the
current time, anyway) affect how the operations really work.
My 2 cents,
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: dany
on the
text. With all the comments coming in I’ve lost track of all the suggested
changes.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork
I’ve been reading this whole discussion with great interest over the past while
and do intend on joining today’s call. In the midst of all of this I think two
points from Andrew and Ed have been helpful to my thinking:
> On May 11, 2015, at 9:06 PM, Andrew Sullivan wrote:
>
> It seems to me t
ools: https://dnssec-tools.org,
https://www.opendnssec.org
*
Champions
*
Dan York, Internet Society y...@isoc.org<mailto:y...@isoc.org>
*
Allison Mankin, Verisign Labs aman...@verisign.com<mailto:aman...@verisign.com>
*
Willem Toorop, NLnet Labs
ools)... only outside the scope of the regular
DNS system.
Dan
--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork http://twitter.com/danyork
56 matches
Mail list logo
