Re: [DNSOP] Validating stubs? Was: Re: WG review of draft-ietf-homenet-dot-03

2017-03-22 Thread Ted Lemon
On Mar 22, 2017, at 7:08 PM, Brian Dickson wrote: > Establish a trust anchor for homenet (whatever name is used), AND publish the > private keys. Homenet is not a globally unique namespace. No such trust anchor can be established.

Re: [DNSOP] Validating stubs? Was: Re: WG review of draft-ietf-homenet-dot-03

2017-03-22 Thread George Michaelson
Your question is well timed. with DNSSEC keyroll happening, the question: "what level of 5011 deployement" exists is unanswerable with authority because the architects did not consider signalling of capability sufficiently trustable. So we have no direct measure of capability, and a weak, indirect

[DNSOP] Validating stubs? Was: Re: WG review of draft-ietf-homenet-dot-03

2017-03-22 Thread Brian Dickson
I was thinking about the DNSSEC validation by stubs, with respect to the homenet discussion. And, I was wondering about various trust anchor options (other than ICANN's current root trust anchor). It occurred to me, that any non-ICANN trust anchor, would possibly require 5011 key rolls under

Re: [DNSOP] .arpa

2017-03-22 Thread Ralph Droms
> On Mar 22, 2017, at 1:11 PM, Andrew Sullivan wrote: > > Hi, > > On Wed, Mar 22, 2017 at 09:19:24AM -0700, Ray Bellis wrote: >> Arguably I'm not "typical", but IMHO we shouldn't be designing for the >> lowest common denominator. > > That argument is absurd on the

Re: [DNSOP] WG review of draft-ietf-homenet-dot-03

2017-03-22 Thread Andrew Sullivan
On Wed, Mar 22, 2017 at 02:00:08AM +1100, Mark Andrews wrote: > > What is the point of having a MoU that names may need to be assigned > in the root namespace if there cannot be a entry added to the root > namespace if there is a technical need to it? You are conflating "root namespace" and

Re: [DNSOP] .arpa

2017-03-22 Thread Andrew Sullivan
Hi, On Wed, Mar 22, 2017 at 09:19:24AM -0700, Ray Bellis wrote: > Arguably I'm not "typical", but IMHO we shouldn't be designing for the > lowest common denominator. That argument is absurd on the face of it, because anyone sufficiently clueful about systems to be using ssh or hand-entering

[DNSOP] draft-mglt-dnsop-dnssec-validator-requirements

2017-03-22 Thread Daniel Migault
Hi, Please find an update of our draft on DNSSEC Validator Requirements [xml - txt]. DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too DNS authoritative operations - like KSK roll over, signing errors - and 2) network administrators have little control on these

Re: [DNSOP] .arpa

2017-03-22 Thread Ray Bellis
On 22/03/2017 08:11, Tim Chown wrote: > I’d like to think such uses are largely all GUI/icon driven. Or perhaps > increasingly voice driven, like Alexa. How often will foo.homenet.arpa, > or foo.homenet be used in typical cases? I use ".local" to access several devices in my home network

Re: [DNSOP] .arpa

2017-03-22 Thread Ted Lemon
On Mar 22, 2017, at 11:11 AM, Tim Chown wrote: > Well, when I print, it’s by selecting a printer by a name (that I or someone > gave it) from a list of printers I’ve already discovered (or configured). > When I throw a movie from my phone to the TV, it’s by hitting an icon

Re: [DNSOP] .arpa

2017-03-22 Thread Tim Chown
> On 22 Mar 2017, at 14:53, Ted Lemon wrote: > > On Mar 22, 2017, at 10:50 AM, Tim Chown > wrote: >> Interesting question then as to how often a typical home user would need to >> do so, if there’s GUI-driven service

Re: [DNSOP] .arpa

2017-03-22 Thread Ted Lemon
On Mar 22, 2017, at 10:50 AM, Tim Chown wrote: > Interesting question then as to how often a typical home user would need to > do so, if there’s GUI-driven service discovery on top? How often do end users access the web ui of their browser? (I don't know, just curious if

Re: [DNSOP] .arpa

2017-03-22 Thread Tim Chown
> On 22 Mar 2017, at 12:51, Ted Lemon wrote: > > On Mar 22, 2017, at 7:50 AM, Tim Chown > wrote: >> Surely the people who would make comments about (say) homenet.arpa are >> already making comments about in-addr.arpa and

Re: [DNSOP] .arpa

2017-03-22 Thread Ted Lemon
On Mar 22, 2017, at 7:50 AM, Tim Chown wrote: > Surely the people who would make comments about (say) homenet.arpa are > already making comments about in-addr.arpa and ip6.arpa? So is there really > that great a harm in using .arpa for additional things (that make many

Re: [DNSOP] .arpa

2017-03-22 Thread Tim Chown
> On 22 Mar 2017, at 11:40, Suzanne Woolf wrote: > >> On Mar 22, 2017, at 3:05 AM, Jim Reid wrote: >> >>> On 21 Mar 2017, at 14:53, Suzanne Woolf wrote: >>> >>> RFC 3172 was written in 2001… >> >> RFC 3172 was an attempt to

Re: [DNSOP] .arpa

2017-03-22 Thread Suzanne Woolf
> On Mar 22, 2017, at 3:05 AM, Jim Reid wrote: > >> On 21 Mar 2017, at 14:53, Suzanne Woolf wrote: >> >> RFC 3172 was written in 2001… > > RFC 3172 was an attempt to rewrite history and contrive an acronym: Address > and Routing Parameter Area -

Re: [DNSOP] [dns-privacy] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00

2017-03-22 Thread Paul Vixie
Lanlan Pan wrote: > ... Because ECS is also based on the map of > "*client subnet -> geolocation*" information. Paul Vixie 于2017年3月22日周 > wait, what? Lanlan Pan wrote: > Hi Paul, hi. > https://www.cdnplanet.com/blog/which-cdns-support-edns-client-subnet/ this web page is

Re: [DNSOP] [dns-privacy] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00

2017-03-22 Thread Lanlan Pan
Hi Paul, https://www.cdnplanet.com/blog/which-cdns-support-edns-client-subnet/ Paul Vixie 于2017年3月22日周三 下午4:00写道: > > > Lanlan Pan wrote: > > ... Because ECS is > > also based on the map of "*client subnet -> geolocation*" information. > > wait, what? > > -- > P Vixie > > --

Re: [DNSOP] .arpa

2017-03-22 Thread Patrik Fältström
On 22 Mar 2017, at 8:05, Jim Reid wrote: >> On 21 Mar 2017, at 14:53, Suzanne Woolf wrote: >> >> RFC 3172 was written in 2001… > > RFC 3172 was an attempt to rewrite history and contrive an acronym: Address > and Routing Parameter Area - really? > >> Respectfully, I’ve

Re: [DNSOP] [dns-privacy] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00

2017-03-22 Thread Paul Vixie
Lanlan Pan wrote: > ... Because ECS is > also based on the map of "*client subnet -> geolocation*" information. wait, what? -- P Vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] .arpa

2017-03-22 Thread Jim Reid
> On 21 Mar 2017, at 14:53, Suzanne Woolf wrote: > > RFC 3172 was written in 2001… RFC 3172 was an attempt to rewrite history and contrive an acronym: Address and Routing Parameter Area - really? > Respectfully, I’ve always wondered who has this problem (US or non-US)

Re: [DNSOP] [dns-privacy] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00

2017-03-22 Thread Lanlan Pan
Hi Ask, Ask Bjørn Hansen 于2017年3月22日周三 下午12:40写道: > > On Mar 21, 2017, at 21:30 , Lanlan Pan wrote: > > See this example of ECS : Which CDNs support edns-client-subnet? > , > they *map