Re: [DNSOP] New Version Notification for draft-jabley-dnsop-refuse-any-00.txt

In message , =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= writes: > > On Sun, Oct 4, 2015 at 7:32 AM, Dave Lawrence wrote: > > > A couple of quick observations: > > > > * The draft says that the answer in a signed zone MAY be unsigned. > > Since this will ultimately cause a SERVFAIL for validati

Re: [DNSOP] Expiration impending:

it might be useful to review/consider how the IETF NOMCOM does or did its selections. At one point, they used, as a salt, stock values as published on a particular date and time. the USG does the same type of thing with the CBD. …

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-client-subnet

Jinmei writes: > I interpret this as the answer to my question is "we expect newer > implementations are developed based on this specification". And we're > going to publish it even if we know there are several technical flaws." > Our mileage may vary about how "minor" they are, and I myself would

[DNSOP] Document Action: 'Decreasing Access Time to Root Servers by Running One on Loopback' to Informational RFC (draft-ietf-dnsop-root-loopback-05.txt)

The IESG has approved the following document: - 'Decreasing Access Time to Root Servers by Running One on Loopback' (draft-ietf-dnsop-root-loopback-05.txt) as Informational RFC This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Benoit C

Re: [DNSOP] Expiration impending:

Moin! On 5 Oct 2015, at 17:42, Suzanne Woolf wrote: All, First, thanks to the engaging on this. On Oct 5, 2015, at 5:20 PM, "Joe Abley" wrote: Perhaps it's time to sit back and wait for others here to express an opinion. I'd like to hear opinions from others in the WG with an operationa

Re: [DNSOP] Expiration impending:

For BIND is is essentially useless as we use DNSKEYs as our trust anchors. You can go from a DNSKEY to a DS record. You can't go from a DS record to a DNSKEY, you can only select from a set of DNSKEYs the one or more (not that I expect that to ever happen) that matches a DS. If you are going to

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 17:16, Paul Hoffman wrote: On 5 Oct 2015, at 17:00, Joe Abley wrote: OK, I agree they are templates. I disagree that it makes sense to publish URLs that refer to just the key label used by the currently active KSK. That would make this document inaccurate as soon as a KS

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 17:00, Joe Abley wrote: On 5 Oct 2015, at 16:43, Paul Hoffman wrote: On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most com

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 16:43, Paul Hoffman wrote: On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomp

Re: [DNSOP] Expiration impending:

Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomplete. I am confused by that. The KSK maint

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-client-subnet

At Sun, 4 Oct 2015 11:49:22 -0400, Dave Lawrence wrote: > > It would be nicer if it can be clarified before advancing > > it: are we expecting newer implementations are developed based on this > > specification, or is this document literally for describing the > > current practice for the record

Re: [DNSOP] Expiration impending:

A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomplete. If instead the document is supposed to be about current ICANN publication only, then the doc

Re: [DNSOP] Expiration impending:

Out of band was discussed very early on with DNSSEC. John Gilmore and I talked about it at the INET’98 conference. A problem is transitive trust. At some point you leave the DNS trust hierarchy and have to trust assertions in a different trust domain. Sometimes several other trust domains… I t

Re: [DNSOP] Expiration impending:

On 10/5/15, 9:37, "DNSOP on behalf of Tim Wicinski" wrote: >Could ICANN not document what they do now ? In there world of "there's so many things to do" - a few weeks back, off-list, there was a start of a discussion to alter the list of editors (namely, add me) of the draft. Aside - if I reca

Re: [DNSOP] Expiration impending:

FWIW I think the document should go ahead, with pretty minor edit about the current practice/should stuff. I think it was good to author a document on whats currently done even if people want other things done. (I don't mean my other things, I mean other peoples other things. one does not refer to

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 11:06, George Michaelson wrote: > If its on the internet, its not out of band. Then there's no out-of-band (by your use of the phrase) distribution of trust anchors today. I think it's fair to say that your understanding of the phrase is not universal, incidentally, in age wh

Re: [DNSOP] Expiration impending:

Sheesh..I thought we were talking about engineering issues. Speaking only as the humble engineer who helped develop the publication methods and wrote the software that generates all the pieces, the most recent draft does describe what my programs, scripts, and other pieces do. If there is any

Re: [DNSOP] Expiration impending:

If its on the internet, its not out of band. On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley wrote: > > > On 5 Oct 2015, at 10:42, George Michaelson wrote: > > > Something very left field for me, but I believe important, is that we > need > > to also publish the out-of-band publication point of the tr

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 10:42, George Michaelson wrote: > Something very left field for me, but I believe important, is that we need > to also publish the out-of-band publication point of the trust material. This draft is exclusively concerned with publishing trust anchors out-of-band of the protoco

Re: [DNSOP] Expiration impending:

every time I post a reply to a thread I think a million kittens (for herding) are born Joe, so it evens out. Here's another kitten to kill... Something very left field for me, but I believe important, is that we need to also publish the out-of-band publication point of the trust material. I menti

Re: [DNSOP] Expiration impending:

Hi Paul, On 5 Oct 2015, at 9:52, Paul Hoffman wrote: Given that the title and abstract of this document disagree with what many people here have said they want the document to discuss, if the WG adopts this work item, please adopt an exact description of what is wanted with the expectation th

Re: [DNSOP] Expiration impending:

Given that the title and abstract of this document disagree with what many people here have said they want the document to discuss, if the WG adopts this work item, please adopt an exact description of what is wanted with the expectation that this draft could be changed to fit the description.

[DNSOP] I-D Action: draft-ietf-dnsop-qname-minimisation-06.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations Working Group of the IETF. Title : DNS query name minimisation to improve privacy Author : Stephane Bortzmeyer

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 9:32, Jakob Schlyter wrote: The document goes well beyond describing the files, and this is where it fails. Further, the files are not the only way that the trust anchor is published, so the document is fairly incomplete. Trust anchors may be published in other ways, but IMH

Re: [DNSOP] Expiration impending:

On 5 okt. 2015, at 15:08, Paul Hoffman wrote: >> As far as I'm aware, the document does document current practice. > > It does not. It describes a mixture of some of the current practice and some > aspirational hopes for how things might be done. Further, it is incomplete in > many aspects. I

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 8:50, Jakob Schlyter wrote: On 4 okt. 2015, at 20:27, Suzanne Woolf wrote: On Oct 4, 2015, at 2:00 PM, David Conrad wrote: I've since been told that the draft doesn't actually document current practice (don't know the details), so this probably needs to be fixed. What

Re: [DNSOP] Expiration impending:

On 4 okt. 2015, at 20:27, Suzanne Woolf wrote: > On Oct 4, 2015, at 2:00 PM, David Conrad wrote: > >> I've since been told that the draft doesn't actually document current >> practice (don't know the details), so this probably needs to be fixed. > > What "needs to be fixed"? That the draft do