<dnsop@ietf.org>
> > Sent: Monday, 31 October, 2016 05:22:43
> > Subject: Re: [DNSOP] FYI - Added note about ECDSA resolver issue in
> Sweden - Fwd: New Version Notification for
> > draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt
>
> > It is only my p
rk" <y...@isoc.org>
> Cc: "dnsop" <dnsop@ietf.org>
> Sent: Monday, 31 October, 2016 05:22:43
> Subject: Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden -
> Fwd: New Version Notification for
> draft-york-dnsop-deploying-dnssec-crypto-algs-02.t
> On 1 Nov. 2016, at 11:22 am, George Michaelson wrote:
>
> The net effect is the same in respect of new algorithms. I'm fine with
> checking conformance if the algorithm is known, it feels like a low
> bar.
>
> Rejecting sigs because you don't know how to check feels like a
The net effect is the same in respect of new algorithms. I'm fine with
checking conformance if the algorithm is known, it feels like a low
bar.
Rejecting sigs because you don't know how to check feels like a huge
impediment to technology: The use of the new algorithm is now gated by
the ability
> On 1 Nov. 2016, at 3:37 am, Matthew Pounsett wrote:
>
>
>
> On 31 October 2016 at 00:22, George Michaelson wrote:
> It is only my personal opinion, but I believe registrars are incorrect
> in performing crypto alg checks on proffered DS, and this is
On 31 October 2016 at 00:22, George Michaelson wrote:
> It is only my personal opinion, but I believe registrars are incorrect
> in performing crypto alg checks on proffered DS, and this is an
> entirely unwarranted, and incorrect understanding of their role. It
> conflates
It is only my personal opinion, but I believe registrars are incorrect
in performing crypto alg checks on proffered DS, and this is an
entirely unwarranted, and incorrect understanding of their role. It
conflates one public good (checking) with another public good
(registry of data into the DNS)
FYI, I submitted a new version of this draft that added some text in the
section about "Resolvers" that mentions the case Mikael Abrahamsson brought to
us about how they had to disable DNSSEC validation in the CPE they deployed to
their customers because the resolver software was not following