[ Apologies for delay in getting to these. The draft-cutoff is a
wonderful motivator! ]
On Tue, Dec 16, 2014 at 12:57 PM, Evan Hunt e...@isc.org wrote:
On Tue, Dec 16, 2014 at 10:47:33AM +, Tony Finch wrote:
That is a good point. Happily I think the draft already makes it hard for
On Mon, Dec 15, 2014 at 9:17 PM, Rubens Kuhl rube...@nic.br wrote:
My feedback to a possible -01 version is to add something related to not
consider NTAs for the upper hierarchy of a failed DNSSEC domain. For
instance, even if I see a good number of .gov domains failed DNSSEC, adding a
NTA
On Tue, Dec 16, 2014 at 10:47:33AM +, Tony Finch wrote:
That is a good point. Happily I think the draft already makes it hard for
operators to do that, since an NTA will be automatically removed if its
zone validates (section 10).
Thank you for pointing this out, Tony; I'd missed it when I
Em 16/12/2014, à(s) 15:54:000, Warren Kumari war...@kumari.net escreveu:
On Mon, Dec 15, 2014 at 9:17 PM, Rubens Kuhl rube...@nic.br wrote:
My feedback to a possible -01 version is to add something related to not
consider NTAs for the upper hierarchy of a failed DNSSEC domain. For
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : Definition and Use of DNSSEC Negative Trust Anchors
Authors : Paul Ebersman
My feedback to a possible -01 version is to add something related to not
consider NTAs for the upper hierarchy of a failed DNSSEC domain. For instance,
even if I see a good number of .gov domains failed DNSSEC, adding a NTA
configuration for .gov would not be considered good operational