Re: [DNSOP] Heads-up - draft about "letting localhost be localhost" in SUNSET4 that really should be in DNSOP

(Actually, I think you can't have either!) On Fri, Nov 18, 2016 at 7:14 AM, Ted Lemon wrote: > Which do you want? TLSA, or delegation? You can't have both. > > On Fri, Nov 18, 2016 at 6:52 AM, Mark Andrews wrote: >> >> As I said on the sunset4 mailing list

Re: [DNSOP] Heads-up - draft about "letting localhost be localhost" in SUNSET4 that really should be in DNSOP

Which do you want? TLSA, or delegation? You can't have both. On Fri, Nov 18, 2016 at 6:52 AM, Mark Andrews wrote: > > As I said on the sunset4 mailing list this goes too far. > > I don't know about you but I want to be able to lookup TLSA records, > SRV and other records types

Re: [DNSOP] Heads-up - draft about "letting localhost be localhost" in SUNSET4 that really should be in DNSOP

As I said on the sunset4 mailing list this goes too far. I don't know about you but I want to be able to lookup TLSA records, SRV and other records types for foo.localhost and localhost. And by the way this also requires a insecure delegation in the root zone for DNSSEC to work with validating

Re: [DNSOP] [OT][rant-ish] Electronics & business models (was DNSSEC operational issues long term)

>For most electronics equipment (pre-IoT) once you sold it your job as a >manufacturer was basically done. You don't have to issue security >patches for the keyboard or firmware upgrades to the monitor because >the meaning of the wires in the VGA standard has changed out from under >it. > >With

Re: [DNSOP] special use names and unsecured delegation from the root

I'm going to tick people off again, but noting there is a reason you want to do this, and you think its a justified reason, and you can argue a good case for putting it in a problem statement, it would be (IMH, Very H opinion) a really bad idea (tm) to give anyone a sense that .homenet is "just

Re: [DNSOP] DNSSEC operational issues long term

Edward Lewis wrote: > > There's been a lot of research consideration of how shelved or otherwise > disconnected devices catch up. I recall 20 years ago this topic was > amongst the issues in the labs where I worked, the usual use case > involved submarines surfacing. One

Re: [DNSOP] special use names and unsecured delegation from the root

Ted, Suzanne - it might be helpful if the text can stand by itself, to post the text to the homenet and snoop WG mailing lists, in addition to adding i too the problem statement. - Ralph > On Nov 17, 2016, at 3:43 AM, Ted Lemon wrote: > > It's pretty clear that it needs to

Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-06.txt

On Wed, Nov 16, 2016 at 5:51 PM, Matthijs Mekking wrote: > Hi Ondřej, > > On 16-11-16 07:09, Ondřej Surý wrote: >> >> Hi, >> >> I read the document and I believe that the document goes to far >> to recommend the vendors how to implement the knobs in their >> software here:

Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-06.txt

On Wed, Nov 16, 2016 at 3:09 PM, Ondřej Surý wrote: > Hi, > > I read the document and I believe that the document goes to far > to recommend the vendors how to implement the knobs in their > software here: > >It is recommended that resolvers that implement Aggressive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-06.txt

Hi, Maybe I'm missing something, but it is not clear to me whether this document (-06) allows generation of NODATA answers using matching NSEC records that do not have the QTYPE set in the type bitmap. I don't see it explicitly mentioned. The RFC4035 update in section 7 seems to allow it (or at

Re: [DNSOP] special use names and unsecured delegation from the root

A clarifying question: Given that there are 1518 delegations from the root zone, 1369 to zones owning a DNSKEY set, 1358 having a DS record (in the root zone), is DNSSEC a distinguishing factor in this regard? That is, no other name in the Special-Use Domain Name registry currently is

Re: [DNSOP] special use names and unsecured delegation from the root

It's pretty clear that it needs to be added. I will do so. On Thu, Nov 17, 2016 at 5:00 PM, Suzanne Woolf wrote: > Hi all, > > For those of you who were in the HOMENET WG meeting yesterday, you probably > noticed a controversy that’s developed around the proposed

[DNSOP] special use names and unsecured delegation from the root

Hi all, For those of you who were in the HOMENET WG meeting yesterday, you probably noticed a controversy that’s developed around the proposed .homenet special use name as the default for homenet naming: the working group is considering, among other things, whether its special use name needs