In message <20100309145352.gb5...@dul1mcmlarson-l1-2.local>, Matt Larson writes
:
> On Tue, 09 Mar 2010, Wouter Wijngaards wrote:
> > Also +1 for the consensus analysis about signing: not on the path of
> > trust but still somewhat useful to do, but not add another TA for it.
>
> I have not seen
On Tue, 09 Mar 2010, Tony Finch wrote:
> On Tue, 9 Mar 2010, Matt Larson wrote:
> >
> > Even after .net is signed (in Q4 2010)
>
> I note that Verisign's press releases say "by Q1 2011" which I find rather
> hard to interpret. Why don't they say "by the start of 2011"? Do they mean
> "in Q1 2011"?
At 16:59 + 3/9/10, Tony Finch wrote:
On Tue, 9 Mar 2010, Matt Larson wrote:
Even after .net is signed (in Q4 2010)
I note that Verisign's press releases say "by Q1 2011" which I find rather
hard to interpret. Why don't they say "by the start of 2011"? Do they mean
"in Q1 2011"?
Not spe
On 2010-03-09, at 11:59, Tony Finch wrote:
> On Tue, 9 Mar 2010, Matt Larson wrote:
>>
>> Even after .net is signed (in Q4 2010)
>
> I note that Verisign's press releases say "by Q1 2011" which I find rather
> hard to interpret. Why don't they say "by the start of 2011"? Do they mean
> "in Q1 2
On Tue, 9 Mar 2010, Matt Larson wrote:
>
> Even after .net is signed (in Q4 2010)
I note that Verisign's press releases say "by Q1 2011" which I find rather
hard to interpret. Why don't they say "by the start of 2011"? Do they mean
"in Q1 2011"?
People on Twitter have been saying today that Veris
On Tue, 09 Mar 2010, Wouter Wijngaards wrote:
> Also +1 for the consensus analysis about signing: not on the path of
> trust but still somewhat useful to do, but not add another TA for it.
I have not seen any consensus emerge one way or another regarding
signing root-servers.net.
Even after .net
On Mar 9, 2010, at 7:17 AM, Matt Larson wrote:
> On Mon, 08 Mar 2010, George Barwood wrote:
>> It's interesting to note that currently
>>
>> dig any . @a.root-servers.net +dnssec
>>
>> truncates, leading to TCP fallback
>>
>> but
>>
>> dig any . @l.root-servers.net +dnssec
>>
>> does not tru
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Tony, Joe,
On 03/08/2010 08:35 PM, Tony Finch and Joe Abley alternated:
- signing ROOT-SERVERS.NET would result in potentially-harmful large
responses with no increase in security
>>>
>>> Can't you deal with this by omitting the root-serv
On Mon, 08 Mar 2010, George Barwood wrote:
> It's interesting to note that currently
>
> dig any . @a.root-servers.net +dnssec
>
> truncates, leading to TCP fallback
>
> but
>
> dig any . @l.root-servers.net +dnssec
>
> does not truncate ( response size is 1906 bytes ).
a.root-servers.net's s
