On Thu, 6 Mar 2014, Dan York wrote:
Now, in this case the attackers compromised the local network devices and took
over control of the local recursive resolvers. In this
case of the attacker controlling the recursive resolver, I don't know that any
of the various solutions thrown around today
Paul Wouters wrote:
> On Thu, 6 Mar 2014, Dan York wrote:
>
> > I don't even see DNSSEC helping much here, either, given that the
> > attacker could just strip out the DNSSEC info (unless, perhaps, the
> > home computers were running full (vs stub) recursive resolvers that
> > also did DNSSEC-vali
A option to obtain feedback from gTLD registries and registrars would be
to use the gtld-t...@icann.org mailing list:
https://mm.icann.org/mailman/listinfo/gtld-tech
Regards,
--
Francisco.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/m
What do we expect CPE devices to implement to update parent
zones. 100 different things to cover all the update methods
registrar's come up with. Or do we say do exactly one
method that works in all situations?
We already have a problem today were they ca
On 7 Mar 2014, at 10:05, Mark Andrews wrote:
> What do we expect CPE devices to implement to update parent
> zones. 100 different things to cover all the update methods
> registrar's come up with. Or do we say do exactly one
> method that works in all situations?
>
>
Joe Abley wrote:
>
> https://xkcd.com/927/
So from the standards development point of view, I think what this is
saying is that success is more likely to come from building on what people
are already doing and nudging more of them to do it more similarly.
The problem with the parent update proce
Hi Chaps,
stupid quick question, listening to the stream:
How does this work with CDNs (I think you may need to capture the IP address;
bailiwick could act as a proxy for that, but ...)
all the best,
Lawrence
___
DNSOP mailing list
DNSOP@ietf.org
htt
On 7 Mar 2014, at 10:49, Tony Finch wrote:
> Joe Abley wrote:
>
>> https://xkcd.com/927/
>
> So from the standards development point of view, I think what this is
> saying is that success is more likely to come from building on what people
> are already doing and nudging more of them to do it
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : DNSSEC Roadblock Avoidance
Authors : Wes Hardaker
Olafur
On Mar 7, 2014, at 10:05 AM, Mark Andrews wrote:
> I know Registrars don't like to be told what to do
+1
--Paul Hoffman
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Lawrence Conroy wrote:
> Hi Chaps,
> stupid quick question, listening to the stream:
> How does this work with CDNs (I think you may need to capture the IP address;
> bailiwick could act as a proxy for that, but ...)
this is well described, as follows:
https://archive.farsightsecurity.com/Pas
In message <8c184518-2a56-42b6-bd63-3e50f8126...@hopcount.ca>, Joe Abley writes
:
>
> On 7 Mar 2014, at 10:49, Tony Finch wrote:
>
> > Joe Abley wrote:
> >
> >> https://xkcd.com/927/
> >
> > So from the standards development point of view, I think what this is
> > saying is that success is more
12 matches
Mail list logo
