A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : DNS Query Name Minimisation to Improve Privacy
Authors : Stephane Bortzmeyer
Support adoption. This is a mechanism which I think is useful and
which permits out-of-dns provisioning mechanisms to have high trust in
the specific state of a zone being fetched. It is complementary to
DNSSEC and not antagonistic.
-George
On Sun, Mar 10, 2019 at 3:31 PM Tim Wicinski wrote:
>
>
Tim Wicinski writes:
> So Mr. Lawrence says you hold the pen on both of these. The Chairs
> would like to chat with you about these (well. me, but also the
> others). Let us know when we can sync up on Sunday (6am?) for a
> quick update.
Hi Tim (and all of dnsop),
I'd love to chat at 6am. F
I support adoption. I can see some good use cases for this and I have
previously worked on a proprietary implementation achieving similar goals
to those that are mentioned in the draft.
On Sun, Mar 10, 2019 at 3:32 PM Tim Wicinski wrote:
>
> The chairs feel the document has been updated to addre
On Sun, Mar 10, 2019 at 3:32 PM Tim Wicinski wrote:
>
> The chairs feel the document has been updated to address
> several issues raised from the last meeting, including
> some implementations.
>
> If there is pushback during this call for adoption, we can
> take the topic up in Prague.
>
> This
On Fri, Feb 1, 2019 at 1:35 PM Tony Finch wrote:
> I'm working on tools for KSK rollover automation at the moment.
>
> It turns out that CDS records are very useful even if your parent zone
> doesn't check them.
>
> KSK rolls work better when the DS records are not simply generated from
> the cur
Paul Vixie:> if all you have is an ip address (say, from dhcp or resolv.conf),
how
> would you decide whether the https endpoint you found at that
> address, was using an x.509 key you had any reason to trust? https
> wants names.
https works also without names it is just less common.
Example:
If I'm not mistaken, currently the solution used by at least Cloudflare
bootstraps using traditional DNS as the certificate they are using for DoH
is just a standard X.509 certificate issued by DigiCert. I believe you
could just hardcode both the host and IP address on the client side if you
want t
Wes
So Mr. Lawrence says you hold the pen on both of these. The Chairs would
like to chat with you about these (well. me, but also the others). Let us
know when we can sync up on Sunday (6am?) for a quick update.
Tim
___
DNSOP mailing list
DNSOP@ietf.
Wes Hardaker wrote on 2019-03-22 21:03:
Kenji Baheux writes:
* We are considering a first milestone where Chrome would do an automatic
upgrade to DoH when a user’s existing resolver is capable of it.
Sorry for the delayed question, but with respect to this bullet:
1) ...
2) ...
Stephen Farrell wrote on 2019-03-22 15:36:
... in addition to transport security,
things like logging etc. also affect folks' privacy. Not sure
if you're aware of it, but there's an effort to craft BCP-like
text on that broader topic in a draft [1] in the dprive WG. It'd
be great to get your a
On Sat, 23 Mar 2019 at 14:08, Paul Vixie wrote:
> Bind9 with no config file now does the right recursive thing, including
> dnssec. Knot and unbound and powerdns will not be far behind. We just need
> to get the word out, to ISPs, Enterprise, SOHO, and end users of Windows,
> macosx, Linux, and B
All
We've updated the agenda for both DNSOP meetings. Details are here:
https://datatracker.ietf.org/meeting/104/materials/agenda-104-dnsop-02
and below. Some notes.
- We have Dan York as Jabber Scribe (Thanks Dan!), and we've assigned Paul
Hoffman as minute taker, but we do always like 2 folk
Hi,
We would particularly appreciate to share your thoughts and discuss the
requirements to operate DNSSEC validators. In particular, feed backs from
operators or implementers would be more than welcome. Please feel free to
share your thoughts on the mailing list, or let me know if there is a time
Bind9 with no config file now does the right recursive thing, including dnssec.
Knot and unbound and powerdns will not be far behind. We just need to get the
word out, to ISPs, Enterprise, SOHO, and end users of Windows, macosx, Linux,
and BSD. The hard part will be iOS and Android, due to the p
The DNSOP WG has placed draft-moura-dnsop-authoritative-recommendations in
state Candidate for WG Adoption (entered by Tim Wicinski)
The document is available at
https://datatracker.ietf.org/doc/draft-moura-dnsop-authoritative-recommendations/
___
DNS
On Fri, Mar 22, 2019 at 12:26:47PM -0700, Paul Vixie wrote:
>
>
> Jared Mauch wrote on 2019-03-22 11:59:
> > So my thoughts on this real quick: one of the reasons many people are
> > using centralized services like 8.8.8.8 (for example) is its complex
> > to run these servers properly.
>
> i thi
17 matches
Mail list logo
