Adrien,
On Thu, Apr 7, 2016 at 7:13 PM, Adrien de Croy wrote:
> -- Original Message --
> From: "Stephane Bortzmeyer"
> To: "Adrien de Croy"
> Cc: "Philip Homburg" ; "dnsop@ietf.org"
> ; "Ted
On 8 Apr 2016, at 10:46, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for
On this topic, I wasn't quick enough to get to the mic before the line was
closed, but I'd like to suggest a higher degree of caution with the "MUST
NOTs" and "MUST-'s" in the validator column, relative to the signer column.
IIRC, RSAMD5 was originally mandatory to implement. I certainly don't
Hi Olafur,
two things I see;
1) the CDNSKEY, since CDS and CDSNKEY are used interchangeably in the document,
"inserts the corresponding DS RRset as requested" does not work for the
CDNSKEY, the parental agent must compute a DS and pick an algorithm & digest
type based on the Parental Agent
On 4/8/16, 12:08, "DNSOP on behalf of Ray Bellis" wrote:
>That said, Cloudflare's implementation appears to assert that the
>wildcard doesn't exist either - I've asked Olafur to check out the
>implications of that.
Not to pick, but I'm
I can't find a draft to cite for this talk, so this refers to the slides
presented.
"DNSSEC Protocol Modifications"
(http://www.rfc-editor.org/rfc/rfc4035.txt) has an explicit prohibition on
names owning only NSEC and RRSIG.
Yeah.
I'm not holding this up as a royal edict. But it's there in
May I please remind the WG of draft-bellis-dnsext-multi-qtypes-01
(expired, but seems eminently applicable in this case as a signalling
mechanism, and is more general purpose)
Ray
___
DNSOP mailing list
DNSOP@ietf.org
On Fri, 8 Apr 2016, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512
(code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing.
The argument is it is not currently heavily used but I am afraid
it is not a very good argument.
I have a question for cryptographers in the list: as far as I know
there
In your letter dated 7 Apr 2016 21:26:51 - you wrote:
>>Just because TOR asks for .onion doesn't mean it should be given it.
>
>The TOR project has been distributing software that special cases
>the .onion TLD for close to a decade.
>
>If the IETF said "you're wrong, go away", what exactly do
> On Apr 7, 2016, at 10:49 PM, Adrien de Croy wrote:
>
> But it's good to see a clear statement from 1987 about desirability of
> supporting alternate protocols (although they use CLASS for that). Maybe
> onion should have used a new CLASS :)
>
See
11 matches
Mail list logo