[DNSOP] Comment on draft-livingood-dnsop-negative-trust-anchors-01.txt

I think it is good to minimize disruption caused by broken DNSSEC domains, for all the reasons listed in the document. However, I also believe there is a second-order negative effect of implementing NTAs as described. Validating stub resolvers and validating forwarding resolvers, will still break

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

As for protocol police, we need them. Deploying anything new is getting to be extremely difficult given the levels of non compliance with existing RFC. Protocols only work when both side are following the protocol. As Tim hasn't sent out a updated agenda I will draw your attention to: http://t

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <16VeoWCqs8UUFA$s...@highwayman.com>, Richard Clayton writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > In message <5453adcd.7090...@redbarn.org>, Paul Vixie > writes > > >and yet, every proposal i've seen concerning IPv6 PTR screams silently, > >"PTR is an old-internet c

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Friday, October 31, 2014, Andrew Sullivan wrote: > On Fri, Oct 31, 2014 at 05:28:40PM +0100, Stephane Bortzmeyer wrote: > > something that is "against the rules laid out by the standard". > > "Nonconforming", then. Nonconformant or noncompliant ((as previously suggested) does not comply with

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <5453adcd.7090...@redbarn.org>, Paul Vixie writes >and yet, every proposal i've seen concerning IPv6 PTR screams silently, >"PTR is an old-internet concept which no longer applies." it's as if we >were trying to placate a bunch of apps tha

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Fri, Oct 31, 2014 at 05:28:40PM +0100, Stephane Bortzmeyer wrote: > something that is "against the rules laid out by the standard". "Nonconforming", then. I have to agree that "illegal" is wrong. There are no DNS cops, despite what many people would like. A -- Andrew Sullivan a...@anvilwalr

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul Wouters > Friday, October 31, 2014 9:29 AM > On Fri, 31 Oct 2014, Paul Vixie wrote: > >> if you have a business grade connection to the internet, you should be >> able to establish a PTR for each real host. > > Oh, you want me to pay an additional $2000/month to use

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Fri, 31 Oct 2014, Paul Vixie wrote: if you have a business grade connection to the internet, you should be able to establish a PTR for each real host. Oh, you want me to pay an additional $2000/month to use IPv6 with email. in other words i didn't relegate your address to third party stat

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Fri, Oct 31, 2014 at 12:17:31PM -0400, Edward Lewis wrote a message of 16 lines which said: > I’d support non-standard. Not me. I may be wrong in logic or in english but to me, "non standard" means "there is no existing standard about this behaviour - either pro or con - so I can do what I

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

Stephane Bortzmeyer writes: > Paul Hoffman wrote > > Nonstandard or noncompliant. > > OK, we just have to fix RFC 6274, 6120, 5646, 5246 and dozens of other > RFC which all use "illegal" like the draft. No, we don't. They are not normative, and do not proscribe the use of language that is les

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Oct 31, 2014, at 9:03 AM, Stephane Bortzmeyer wrote: > > On Fri, Oct 31, 2014 at 08:55:03AM -0700, > Paul Hoffman wrote > a message of 11 lines which said: > >> Nonstandard or noncompliant. > > OK, we just have to fix RFC 6274, 6120, 5646, 5246 and dozens of other > RFC which all use "ille

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Oct 31, 2014, at 12:03, Stephane Bortzmeyer wrote: > On Fri, Oct 31, 2014 at 08:55:03AM -0700, > Paul Hoffman wrote > a message of 11 lines which said: > >> Nonstandard or noncompliant. > > OK, we just have to fix RFC 6274, 6120, 5646, 5246 and dozens of other > RFC which all use "illegal"

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Fri, Oct 31, 2014 at 08:55:03AM -0700, Paul Hoffman wrote a message of 11 lines which said: > Nonstandard or noncompliant. OK, we just have to fix RFC 6274, 6120, 5646, 5246 and dozens of other RFC which all use "illegal" like the draft. ___ DNS

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Oct 31, 2014, at 4:30 AM, Stephane Bortzmeyer wrote: >> 4th paragraph: I'd suggest dropping the word "illegal" It's a >> loaded term and may not be true depending on the jurisdiction. > > Ed Lewis did a similar remark. The idea is to have one short word for > "something which is a violation

Re: [DNSOP] New Version Notification for draft-livingood-dnsop-negative-trust-anchors-01.txt

On Fri, Oct 31, 2014 at 10:26 AM, Paul Ebersman wrote: > > srose> Should there be text describing auto-adding of NTA's based on > srose> important domains (for the ISP/resolver's definition of > srose> important)? So that domains that are used by low level services > srose> don't fail that also a

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Paul > Friday, October 31, 2014 6:50 AM > Not sure why Paul Vixie wants to relegate my IPv6 address to third > class citizen that's not good enough to be a peer on the Internet for > port 25. your question is a nonsequitur. i have no such desire. > I'd ask him, but his

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> Bob Harold > Friday, October 31, 2014 6:02 AM > > ... > > I recall running into applications that refused to accept connections > (or took a very long time) if the reverse DNS lookup was not found. > If memory serves, telnet and ssh on some hosts. Do we know if the

[DNSOP] Definition of terms in Re: Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Oct 31, 2014, at 7:20, Stephane Bortzmeyer wrote: > "Minimisation" did not came out of the blue. It is a very common term > in privacy work and it is used in RFC 6973 (normative reference for > draft-ietf-dnsop-qname-minimisation-00), section 6.1. Let's not > reinvent terminology. But it’s no

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

Yes, but… On Oct 31, 2014, at 10:20, Dave Lawrence wrote: > > On a barely related note, qname min helps with the logical progression > of the DNSSEC chain when a signed subdomain of a signed domain is > hosted on the same machine. With longest match rules a full qname > means the resolver has t

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

>Not sure why Paul Vixie wants to relegate my IPv6 address to third class >citizen that's >not good enough to be a peer on the Internet for port 25. I'd ask him, but his >mail server >refuses my email due to my ISPs lack of reverse IPv6 :p > >I'm all for anti-spam heuristics, but checking the rev

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

To clear up a few points. On Oct 31, 2014, at 7:08, Stephane Bortzmeyer wrote: > On Thu, Oct 30, 2014 at 03:29:21PM -0400, > Edward Lewis wrote > a message of 526 lines which said: > >> This sounds like something related to work attempted in the DBound >> mail list, > > Doug Barton suggested

Re: [DNSOP] New Version Notification for draft-livingood-dnsop-negative-trust-anchors-01.txt

srose> Should there be text describing auto-adding of NTA's based on srose> important domains (for the ISP/resolver's definition of srose> important)? So that domains that are used by low level services srose> don't fail that also aren't normally visible to end users? One srose> example is nist.

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

Scott Rose: > > 4th paragraph: I'd suggest dropping the word "illegal" It's a > > loaded term and may not be true depending on the jurisdiction. Stephane Bortzmeyer writes: > Ed Lewis did a similar remark. The idea is to have one short word for > "something which is a violation of the RFC". Any

[DNSOP] Fwd: [sunset4] New Version Notification for draft-song-sunset4-ipv6only-dns-00.txt

Hello, this draft has been posted to sunset4, but has some DNS operational perspective, which is why I’m forwarding to this mailing list. Marc (co-chair sunset4) > Début du message réexpédié : > > Date: 27 octobre 2014 22:00:52 UTC−4 > De: Davey Song > À: "suns...@ietf.org" > Objet: [sunset

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Not sure why Paul Vixie wants to relegate my IPv6 address to third class citizen that's not good enough to be a peer on the Internet for port 25. I'd ask him, but his mail server refuses my email due to my ISPs lack of reverse IPv6 :p I'm all for anti-spam heuristics, but checking the reverse i

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Bob Harold wrote: > I recall running into applications that refused to accept connections (or > took a very long time) if the reverse DNS lookup was not found. If memory > serves, telnet and ssh on some hosts. Do we know if there are still > applications like that? Ubuntu has a long-standing bug

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Fri, Oct 31, 2014 at 1:28 AM, Paul Vixie wrote: > ... > > i suggest an efficiency improvement: don't manufacture these PTR's in the > first place. let last-mile devices be PTR-free. signal to anti-spam folks, > such as myself, by this method, that these are not real "hosts" and should > not be

Re: [DNSOP] comments on draft-ietf-dnsop-qname-minimisation

On Thu, Oct 30, 2014 at 03:46:01PM +, Rose, Scott wrote a message of 27 lines which said: > I am not a lawyer, but have had to deal with them on occasion. > qname minimization may or may not reduce legal responsibilities. Right. IANAL too, so text changed for something milder ("it may d

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Thu, Oct 30, 2014 at 05:02:21PM -0400, Andrew Sullivan wrote a message of 21 lines which said: > Ed's point is not wrong, however -- in one fairly natural meaning, the > technique is actually "query maximization". If one called it "query > disclosure minimization" or something like that it

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Thu, Oct 30, 2014 at 08:46:37PM +, Darcy Kevin (FCA) wrote a message of 19 lines which said: > Isn't "doing the minimum necessary to get the job done" pretty much > the definition of "optimization" (or, for that matter, > "efficiency")? "Minimize" means, basically, only "to make small";

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Thu, Oct 30, 2014 at 01:35:28PM -0700, Paul Vixie wrote a message of 7 lines which said: > the term "query minimization" appeals to me since each server, > during iteration, sees the minimum substring of the qname needed. That's why it is "qname minimisation", not "query minimisation" :-)

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Thu, Oct 30, 2014 at 07:42:02PM +, Darcy Kevin (FCA) wrote a message of 1087 lines which said: > I too have been tempted to comment on the fact that there is no > QNAME that is being "minimized" here (which would imply making it > shorter; not the gist of the proposal at all). I really

Re: [DNSOP] Comments on draft-ietf-dnsop-qname-minimisation-00.txt

On Thu, Oct 30, 2014 at 03:29:21PM -0400, Edward Lewis wrote a message of 526 lines which said: > Should be DNSOP WG Boilerplate from XML2RFC. I have to read the documentation. > Because, as described this proposal would increase the number of > queries sent in search of a name. It's minimi