On Thu, 25 Feb 2021, Ben Schwartz wrote:
On Thu, Feb 25, 2021 at 10:26 AM Paul Hoffman wrote:
In reading draft-schwartz-dnsop-dnssec-strict-mode, I still don't
understand why it is even useful. If I am
signing one of my zones with two algorithms, I must intend to do so. What
is th
On Tue, 23 Feb 2021, Paul Hoffman wrote:
What is the purpose of this flag? Why wouldn't a zone owner who has
such a strong desire for using that one algorithm just sign with
that algorithm?
section 2.2 of the draft makes the argument. Ben seems to be
imagining a world where some validators
simple. Processing rules for them are hard.
Specifying the former without the latter leads to breakage. Let's
pick one use case and then spec out the logic for satisfying it.
-- Sam
-- Forwarded message --
Date: Fri, 8 Mar 2019 15:30:03 -0500 (EST)
From: Samuel Weiler
To
Both docs in this set should say something more about authenticity and
integrity, particularly since DNSSEC cannot be used to establish the
same. (The security considerations sections mention confidentiality.
Authenticity and integrity are likely important for most use cases.)
On the whole, I
On Tue, 2 Jul 2019, Matthijs Mekking wrote:
Here's a draft with discussion why also the protocol should go
away. We would like to hear what you think about it.
The discussion of the private network use case in section 2 has two
minor errors plus one bit that is unclear.
When we designed DLV
On Tue, 2 Jul 2019, Matthijs Mekking wrote:
Here's a draft with discussion why also the protocol should go
away. We would like to hear what you think about it.
No objection. I'm not aware of any active private use of DLV.
Thank you for doing the detailed work of looking up the citations and
sanity check, someone?
i believe that in dnssec, an empty non-terminal has a proof that the
name exists, and a proof that there are no RR's. thus, vastly different
from the signaling for NXDOMAIN.
Yes, it does. With NSEC3 it is an explicit proof. With NSEC you have to
read between the line
I have not reviewed this doc in depth; I'm just commenting on little
things I noticed, and this review should not be considered complete.
This was triggered by seeing the RR type template on the DNSEXT WG
mailing list.
1) Why require the SEP bit set? The SEP bit has, to date, been merely
adv
On Fri, 4 Apr 2008, Alfred H?nes wrote:
I wanted to send comments on
draft-hardaker-dnsops-name-server-management-reqs-01
in private communications to the author, but the message
has been bounced after 3 days of persistent errors:
...
Similar experiences?
Can someone there help?
Sadly, ye
I have read this document and have no objection to its publication.
That said, I share Jinmei's concern that the recommendation against
depending on reverse mapping is too weak in the context of the rest of
the document. I'm in favor of much stronger language saying "don't
depend on reverse ma
10 matches
Mail list logo