> I expect there will be a depressingly large amount of DNS-over-TLS in
> the future in order to bypass broken ALGs.
there may be a lot of foo-over-https to bypass broken nats in the core,
and the edge, and whatever restrictive middleboxes political disfunction
creates.
because of st00pidity, we
Randy Bush wrote:
>
> > When your browers supports DANE
>
> and a billion home nats support dnssec :(
I expect there will be a depressingly large amount of DNS-over-TLS in the
future in order to bypass broken ALGs.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Malin: Cyclonic 4 or 5. Slight or
On May 28, 2012, at 22:59, bmann...@vacation.karoshi.com wrote:
> On Tue, May 29, 2012 at 12:38:23PM +1000, Mark Andrews wrote:
>>
>> Putting it another way, the ISP doesn't want to be fooled even if
>> it is fooling its customers.
>
>don't lie to us, but we lie to our customers.
>
>
In message <20120529055919.ga23...@vacation.karoshi.com.>, bmann...@vacation.ka
roshi.com writes:
> On Tue, May 29, 2012 at 12:38:23PM +1000, Mark Andrews wrote:
> >
> > Putting it another way, the ISP doesn't want to be fooled even if
> > it is fooling its customers.
>
> don't lie to us
On Tue, May 29, 2012 at 12:38:23PM +1000, Mark Andrews wrote:
>
> Putting it another way, the ISP doesn't want to be fooled even if
> it is fooling its customers.
don't lie to us, but we lie to our customers.
and you don't see a problem with this?
/bill
In message
, Jimmy Hess writes:
> On 5/28/12, Mark Andrews wrote:
> > Until stub resolvers set DO=1 pretty much ubiquitously this won't
> > be a problem for ISP's that want to do nxdomain redirection. There
>
> Yeah.
> Right now current _server_ implementations don't even have it
In message <23491623.6382.1338256344974.javamail.r...@benjamin.baylink.com>,
Jay Ashworth writ
es:
> - Original Message -
> > From: "Mark Andrews"
>
> [ vix: ]
> > > > meanwhile isc continues to push for ubiquitous dnssec, through to
> > > > the stub,
> > > > to take this issue off the
On 5/28/12, Mark Andrews wrote:
> Until stub resolvers set DO=1 pretty much ubiquitously this won't
> be a problem for ISP's that want to do nxdomain redirection. There
Yeah.
Right now current _server_ implementations don't even have it right,
for properly implementing DNSSEC valida
> Jay Ashworth writes:
please do not feed the troll
> When your browers supports DANE
and a billion home nats support dnssec :(
randy
- Original Message -
> From: "Mark Andrews"
[ vix: ]
> > > meanwhile isc continues to push for ubiquitous dnssec, through to
> > > the stub,
> > > to take this issue off the table for all people and all time.
> > > (that's "the
> > > real fix" for nxdomain remapping.)
> >
> > You really b
In message <1564718.6360.1338247007903.javamail.r...@benjamin.baylink.com>, Jay
Ashworth writes:
> - Original Message -
> > From: "Paul Vixie"
>
> > > *Now*, you see, we no longer have a canonical Good Engineering
> > > Example to
> > > which we can point when yelling at people (and sof
- Original Message -
> From: "Paul Vixie"
> > *Now*, you see, we no longer have a canonical Good Engineering
> > Example to
> > which we can point when yelling at people (and software vendors)
> > which
> > *do* permit that, to say "see? You shouldn't be doing that; it's
> > bad."
> >
> >
12 matches
Mail list logo
