Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

Maybe you can explain why, if https is needed everywhere, that after significant and extended arguing, the httpwg decided to make it optional in http/2 I really don't see the point in making all those arguments again over here in dnsop, when they were done to death many times in httpwg. Go

Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

I think you and many others will continue to disagree on that point. try using https for OCSP or CRL checking and see how you go. -- Original Message -- From: "Stephane Bortzmeyer" To: "Adrien de Croy" Cc: "Shane Kerr" ;

Re: [DNSOP] New Version Notification for draft-song-dns-wireformat-http-03.txt

-- Original Message -- From: "Paul Hoffman" To: "Adrien de Croy" Cc: "dnsop@ietf.org" Sent: 7/05/2016 7:24:46 a.m. Subject: Re: [DNSOP] New Version Notification for draft-song-dns-wireformat-http-03.txt On 6 May 2016, at

Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

On Fri, May 06, 2016 at 07:14:29PM +, Adrien de Croy wrote a message of 72 lines which said: > Putting https where it's not needed (and it's not needed everywhere) It is. If you don't know why, read RFC 7258 (6973 is useful, too).

Re: [DNSOP] New Version Notification for draft-song-dns-wireformat-http-03.txt

On 6 May 2016, at 12:14, Adrien de Croy wrote: The original text makes a claim about security and privacy around TLS. This is not true in the real world, and is becoming less true with every MitM deployed. It is as true now as it has ever been. Saying that TLS is not secure because there

Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

It's not like that at all. The original text makes a claim about security and privacy around TLS. This is not true in the real world, and is becoming less true with every MitM deployed. Client authentication is very rarely used because of the significant challenges of managing client

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

On Fri, May 6, 2016 at 12:34 PM, 神明達哉 wrote: > I fully understand this document does not provide normative > requirements. But in the way it's currently organized, I'm afraid > it will simply promote a vicious circle: more people will think they > need to provide reverse

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

At Wed, 4 May 2016 11:43:16 -0400, Ted Lemon wrote: > Jinmei-san, with all due respect, I think that you are missing the mark > here. First off, I didn't intend to be opposed to providing reverse mappings per se. If my comments read that way, that was because of my poor

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

Yes; will fix (I think I said in another message). Off today, will catch up again next week. Lee From: DNSOP > on behalf of Ted Lemon > Date: Friday, May 6, 2016 7:26 AM To:

Re: [DNSOP] I-D Action: draft-ietf-dnsop-resolver-priming-07.txt

Stephane, At 2016-05-05 17:47:48 +0200 Stephane Bortzmeyer wrote: > On Sat, Mar 19, 2016 at 10:57:26AM -0400, > Paul Hoffman wrote > a message of 49 lines which said: > > > With respect to the DO bit, there was a suggestion: > > Resolvers SHOULD

Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

Indeed, that was precisely the intended result. MitM attacks are possible to detect; passive listening attacks are not. On Fri, May 6, 2016 at 4:59 AM, Stephane Bortzmeyer wrote: > On Wed, May 04, 2016 at 10:13:09PM +, > Adrien de Croy wrote > a

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

I believe that this was unintentional. I think Lee agreed to fix it. On Fri, May 6, 2016 at 5:32 AM, wrote: > > > The point of this document is not to make normative requirements. > > > > But it does: 'Best practice is that "Every Internet-reachable host > > should have a

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

> > The point of this document is not to make normative requirements. > > But it does: 'Best practice is that "Every Internet-reachable host > should have a name"'. I agree. Especially with IPv6 in mind, "Every Internet-reachable host should have a name" is *not* best practice. Steinar Haug,

Re: [DNSOP] Working Group Last Call draft-ietf-dnsop-isp-ip6rdns

On Wed, May 04, 2016 at 11:43:16AM -0400, Ted Lemon wrote a message of 518 lines which said: > The point of this document is not to make normative requirements. But it does: 'Best practice is that "Every Internet-reachable host should have a name"'. > It's simply to

Re: [DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-03.txt

On Wed, May 04, 2016 at 10:13:09PM +, Adrien de Croy wrote a message of 316 lines which said: > TLS was designed to provide data integrity and security, but not in > the face of MitM attacks. You're playing with words here. It all depends if you use TLS in the strict

Re: [DNSOP] Fwd: I-D Action: draft-ietf-curdle-dnskey-eddsa-00.txt

Ondřej Surý writes: > Dear colleagues, > > a new EdDSA for DNSSEC draft has been posted in CURDLE WG and is in > need of more reviewers ;). > > I merged Ed25519 and Ed448 drafts into one, removed reasoning why > EdDSA is superior for RFC and I-D in Normative references