.
-- original email--
>From: Evan Hunt
>Reply-To:
>To: haikuo
>Cc: matthaeus.wan...@uni-due.de, dnsop@ietf.org
>Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anchor.txt
>Date: Sat, 31 May 2014 16:09:59 +
>
> If the verification is failed, it should r
On Sat, 31 May 2014, 张海阔 wrote:
I think it is the problem which came from UDP protocal. It maybe better
if this problem can be handled in UDP protocal
It appears you have a solution that is looking for a problem or an excuse
to get deployed.
Of cause, all of problem which I mentioned in the
> If the verification is failed, it should response "Bogus"
> If the resolver do not get enough data to do the verification, then the
> resolver which weak trust anchor should be response with "insecure" DNS
> package. it is up to end-user or netizens to decide what to do next.
If the resolver di
ect: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anchor.txt
>Date: Sat, 31 May 2014 20:35:27 +1000
>
In message
, "=?gb2312?B?1cW
6o8Cr?=" writes:
> The TCP is an optional protocal for DNS query at the auth name server side, a
> nd is not mandatory,
> so not every DNS service
old the end-user that "it is a insecure DNS package", I think the end-user
has the ability to decide to drop/accept it.
thanks
-- original email --
>From: Matth�us Wander
>Reply-To:
>To: dnsop@ietf.org
>Subject: Re: [DNSOP] draft-zhang-dnsop-we
e insane to disable
TCP if you are serving a signed zone.
Mark
> -- origin email --
> >From: Paul Wouters
> >Reply-To:
> >To: "zhanghai...@cnnic.cn"
> >Cc: dnsop
> >Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anch
--
>From: Paul Wouters
>Reply-To:
>To: "zhanghai...@cnnic.cn"
>Cc: dnsop
>Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anchor.txt
>Date: Fri, 30 May 2014 14:11:45 -0400 (EDT)
>
On Fri, 30 May 2014, zhanghai...@cnnic.cn wrote:
> Name: draft-zhang-d
Moin!
On 30 May 2014, at 11:32, Evan Hunt wrote:
> On Fri, May 30, 2014 at 02:11:45PM -0400, Paul Wouters wrote:
>> Note also that for this problem, there is already a commonly deployed
>> solution at the application level that addresses this situation, such
>> as https://www.nlnetlabs.nl/projec
On Fri, May 30, 2014 at 02:11:45PM -0400, Paul Wouters wrote:
> Note also that for this problem, there is already a commonly deployed
> solution at the application level that addresses this situation, such
> as https://www.nlnetlabs.nl/projects/dnssec-trigger/ which will inform
> the user the netwo
On Fri, 30 May 2014, zhanghai...@cnnic.cn wrote:
Name: draft-zhang-dnsop-weak-trust-anchor
URL:
http://www.ietf.org/internet-drafts/draft-zhang-dnsop-weak-trust-anchor-00.txt
Status: https://datatracker.ietf.org/doc/draft-zhang-dnsop-weak-trust-anchor/
Htmlized: http://tools.ietf.org/html/dr
In message <5388821c.8000...@uni-due.de>, =?ISO-8859-1?Q?Matth=E4us_Wander?= wr
ites:
>
> Hi,
>
> Section 4:
> >If the resolver was
> >configured with a weak trust anchor and got nothing after sending a
> >request with DO bit set, then it should clear DO bit in the EDNS0 in
> >the
Hi,
Section 4:
>If the resolver was
>configured with a weak trust anchor and got nothing after sending a
>request with DO bit set, then it should clear DO bit in the EDNS0 in
>the query message and query again to the authoritative name server.
>So it could receive a normal DNS
Hi everybody here,
A new version of I-D, draft-zhang-dnsop-weak-trust-anchor-00.txthas been
successfully submitted and posted to the?IETF repository.?Name:
draft-zhang-dnsop-weak-trust-anchorRevision: 00Title: Weak Trust
Anchor IntroductionDocument date: 2014-05-30Group
13 matches
Mail list logo