Re: [DNSOP] Alternative Special-Use TLD problem statement draft

Adrien, On Thu, Apr 7, 2016 at 7:13 PM, Adrien de Croy wrote: > -- Original Message -- > From: "Stephane Bortzmeyer" > To: "Adrien de Croy" > Cc: "Philip Homburg" ; "dnsop@ietf.org" > ; "Ted

Re: [DNSOP] RSASHA512 SHOULD-

On 8 Apr 2016, at 10:46, Francis Dupont wrote: In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for

Re: [DNSOP] RSASHA512 SHOULD-

On this topic, I wasn't quick enough to get to the mic before the line was closed, but I'd like to suggest a higher degree of caution with the "MUST NOTs" and "MUST-'s" in the validator column, relative to the signer column. IIRC, RSAMD5 was originally mandatory to implement. I certainly don't

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-maintain-ds

Hi Olafur, two things I see; 1) the CDNSKEY, since CDS and CDSNKEY are used interchangeably in the document, "inserts the corresponding DS RRset as requested" does not work for the CDNSKEY, the parental agent must compute a DS and pick an algorithm & digest type based on the Parental Agent

[DNSOP] expanding on Re: Olafur's "black lies" presentation

On 4/8/16, 12:08, "DNSOP on behalf of Ray Bellis" wrote: >That said, Cloudflare's implementation appears to assert that the >wildcard doesn't exist either - I've asked Olafur to check out the >implications of that. Not to pick, but I'm

[DNSOP] Olafur's "black lies" presentation

I can't find a draft to cite for this talk, so this refers to the slides presented. "DNSSEC Protocol Modifications" (http://www.rfc-editor.org/rfc/rfc4035.txt) has an explicit prohibition on names owning only NSEC and RRSIG. Yeah. I'm not holding this up as a royal edict. But it's there in

[DNSOP] AAAA4Free

May I please remind the WG of draft-bellis-dnsext-multi-qtypes-01 (expired, but seems eminently applicable in this case as a signalling mechanism, and is more general purpose) Ray ___ DNSOP mailing list DNSOP@ietf.org

Re: [DNSOP] RSASHA512 SHOULD-

On Fri, 8 Apr 2016, Francis Dupont wrote: In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for

[DNSOP] RSASHA512 SHOULD-

In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for cryptographers in the list: as far as I know there

Re: [DNSOP] Alternative Special-Use TLD problem statement draft

In your letter dated 7 Apr 2016 21:26:51 - you wrote: >>Just because TOR asks for .onion doesn't mean it should be given it. > >The TOR project has been distributing software that special cases >the .onion TLD for close to a decade. > >If the IETF said "you're wrong, go away", what exactly do

Re: [DNSOP] hostnames vs domain names vs RFC1034/1035 vs RFC2818 vs Wikipedia etc

> On Apr 7, 2016, at 10:49 PM, Adrien de Croy wrote: > > But it's good to see a clear statement from 1987 about desirability of > supporting alternate protocols (although they use CLASS for that). Maybe > onion should have used a new CLASS :) > See