Daniel Senie wrote:
On Apr 14, 2009, at 2:54 AM, Douglas Otis wrote:
On Apr 13, 2009, at 7:01 PM, Mark Andrews wrote:
If a application is doing the wrong thing w.r.t. SRV records then
fix the application. The root servers can handle a Aand
queries for ".". Most cache's will corr
Douglas Otis wrote:
On Apr 13, 2009, at 7:01 PM, Mark Andrews wrote:
If a application is doing the wrong thing w.r.t. SRV records then fix
the application. The root servers can handle a Aand queries
for ".". Most cache's will correctly
negatively cache such responses.
As for "MX
Daniel Senie wrote:
On Apr 14, 2009, at 3:25 PM, Todd Glassey wrote:
Daniel Senie wrote:
On Apr 14, 2009, at 2:54 AM, Douglas Otis wrote:
On Apr 13, 2009, at 7:01 PM, Mark Andrews wrote:
If a application is doing the wrong thing w.r.t. SRV records then
fix the application. The root
Paul Hoffman wrote:
At 9:55 AM -0400 7/13/09, Livingood, Jason wrote:
On the topic of 'lying resolvers' though, that seems a bit strong IMHO. But perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant RFC that you could refer me to?
I am not aware of an RFC that s
ose trust-anchored
sources) need to be able to from a policy control standpoint - decide
whether they update or trigger an alarm to the local DNS Master.
Todd Glassey CISM CIFI
Joe
_
Joe Abley wrote:
On 25-Aug-2009, at 10:53, Todd Glassey wrote:
Joe - the question becomes one of the integrity of the records process
Yes, that's my point.
But your point is as a Systems Administrator rather than a Systems
Auditor - the reasons for rolling the keys periodically perta
Joe Abley wrote:
On 25-Aug-2009, at 12:48, Todd Glassey wrote:
If there *is* a practical motivation to roll keys, then let's not
infer any trust at all from old keys.
I agree that if a KEY is rolled it needs to have its application as a
reliable TRUST ANCHOR revoked or terminated for e
Joe Abley wrote:
On 25-Aug-2009, at 15:13, Todd Glassey wrote:
Joe Abley wrote:
This is all very interesting speculation, but I'm not sure I
understand how the use of old keys for forensic purposes relates to
the problem of trying to establish a new trust anchor after a perio
Since the Internet is formally listed as a component of US Critical
Infrastructure - I want to know the specific provisioning requirements
for operating a root server. Anyone got a pointer to these?
Todd Glassey
___
DNSOP mailing list
DNSOP@ietf.org
ty to on a mere presidential order
(especially a HSPD) or just a simple presidential directive can shut all
- repeat ALL - of ARIN's and each of the root systems down since the US
DoC still owns them.
I wonder how many of the Internet-Mavens on this list have figured that
out...
Todd Glassey
most.
Seems like I may have been more accurate than anyone wanted.
Todd Glassey
On Thu, 3 Sep 2009, Todd Glassey wrote:
Dean Anderson wrote:
BTW, RFC2870 is not the authority on root server operations. The
authority is found in the MoU with ICANN that root server operators are
suppose
SEC services will
become a key part of Internet presence management, these will also need
to be reviewed as part of any formal IT audit practice as well.
Todd Glassey (as an Auditor).
Doug
No virus found in t
oot Search Servers and well known addresses for them and poof.
DNS goes away and a fully TCP based authenticated http type query and
response API could seamlessly replace DNS.
Todd Glassey
It is a genuine user problem but I disagree with your latter statement.
It is not an open question
On 1/21/2010 12:12 PM, Eric Rescorla wrote:
On Thu, Jan 21, 2010 at 11:38 AM, Paul Hoffman wrote:
At 2:17 PM -0500 1/21/10, Edward Lewis wrote:
At 11:05 -0800 1/21/10, Eric Rescorla wrote:
I still don't understand why this implies the need for regular changes
as opposed to c
longer term - how to you prove three years in the future that the
resolutions done today actually happened and were done correctly.
From my point of view this isnt about just working right in the present
its about working right in creating enduring evidence of that operation.
Todd Glassey
dealized model
of attacker capabilities and try to demonstrate that their systems have
certain properties under those models. This is fundamentally different
from the kind of thinking required here.
Or how their crypto-algorithm works in production for that matter. The
use model issue is why ther
On 1/22/2010 10:05 AM, Alex Bligh wrote:
--On 22 January 2010 09:13:22 -0800 Paul Hoffman
wrote:
- Regular rolling can give you a false sense of security about your
rolling process
You mean a periodic process to rotate the keys... OK what is the
periodicity of this?
How can you have a
The real answer Tony is coming out of left field and it is the legal
claims being asserted against people intentionally fielding code they
know is broken and for which they refused to accept criticism's about
that code (oddly enough from people like Dean and I and a number of others.
The real
m' to get early notice of the
bugs and security flaws found by parties outside of the ISC itself and
that is possibly the biggest issue.
You figure out the implications from there - they are pretty obvious.
Todd Glassey
on 2010-02-18 17:54 Todd Glassey said the following:
The real a
If you can proof one, you can also proof the other :)
Not so - and its prove. The issue is that technical proofs and legal
proofs are NOT the same thing anywhere but here before the IETF making
them worthless in Courts.
Todd Glassey
I think they both only provide
proof of non-existence (a
#x27;t the statistical likelihood of an
accidental collision - its the potential for an engineered one and one
in a trillion is too many possible problems.
Todd Glassey
-Ekr
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
ements that the lifetime of the
Intellectual Property is limited' which is what putting anything about
why the thing may not work does IMHO.
Todd Glassey
Doug
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.435 / Virus Database: 271.1.1/2704 - Releas
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
On 02/18/10 10:06, Todd Glassey wrote:
The Vendor's who ship BIND as a part of their OS's are being told that
they must pay the ISC to 'join the forum' to get early notice of the
bugs and security flaws found by partie
On 2/23/2010 1:26 PM, bmann...@vacation.karoshi.com wrote:
On Tue, Feb 23, 2010 at 07:09:12AM -0800, Todd Glassey wrote:
As I have said, there is no difference between this and the Jim Crow
actions which separated blacks from the white population in then US and
the application of
s may need to be amended to
support copyright disclosure for the records responded and that this is
key to global copyright protection.
In the interim we think a COPYRIGHT USE STATEMENT published as a TEXT
type record may work for systems which use legacy packages to operate.
To
So SEARS is a method of replacing the DNS roots with a well-known
service portal providing a Google or other SE based access model. The
session can interface with traditional HTTP or DNS-Lookup Ports to
deliver content or addresses to a browser in the form of a HTTP redirection.
The protocol spec
esses as they would be in
the real world, but in a cyber-context. Content which is anchored is
made portable, that is comparable to any other content processed through
a child or like process.
Sorry...
Todd Glassey
___
DNSOP mailing list
DNSOP@ie
Doug Barton wrote:
Peter Koch wrote:
Dear WG,
this is to initiate a working group last call on
"Requirements for Management of Name Servers for the DNS"
draft-ietf-dnsop-name-server-management-reqs-02.txt
ending Friday, 2009-04-10, 23:59 UTC. The tools site gives easy acce
Stephane Bortzmeyer wrote:
On Wed, Mar 04, 2009 at 03:13:57PM +0100,
Stephane Bortzmeyer wrote
a message of 27 lines which said:
For instance, should the ABNF allow fully-numeric top-level domain
names? There is no *technical* reason to ban them.
Wow, I never noticed this Web pag
from these technologies would also perform functions in the real world
which would have legal implications and so the ability to represent
trust-anchor processes in the records created would admissible in global
courts. This nomenclature provides a resource for this and other uses.
To
30 matches
Mail list logo
