[ Apologies for delay in getting to these. The draft-cutoff is a
wonderful motivator! ]
On Tue, Dec 16, 2014 at 12:57 PM, Evan Hunt wrote:
> On Tue, Dec 16, 2014 at 10:47:33AM +, Tony Finch wrote:
>> That is a good point. Happily I think the draft already makes it hard for
>> operators to do
> Em 16/12/2014, à(s) 15:54:000, Warren Kumari escreveu:
>
> On Mon, Dec 15, 2014 at 9:17 PM, Rubens Kuhl wrote:
>>
>> My feedback to a possible -01 version is to add something related to not
>> consider NTAs for the upper hierarchy of a failed DNSSEC domain. For
>> instance, even if I see a
On Tue, Dec 16, 2014 at 10:47:33AM +, Tony Finch wrote:
> That is a good point. Happily I think the draft already makes it hard for
> operators to do that, since an NTA will be automatically removed if its
> zone validates (section 10).
Thank you for pointing this out, Tony; I'd missed it when
On Mon, Dec 15, 2014 at 9:17 PM, Rubens Kuhl wrote:
>
> My feedback to a possible -01 version is to add something related to not
> consider NTAs for the upper hierarchy of a failed DNSSEC domain. For
> instance, even if I see a good number of .gov domains failed DNSSEC, adding a
> NTA configura
Rubens Kuhl wrote:
>
> My feedback to a possible -01 version is to add something related to not
> consider NTAs for the upper hierarchy of a failed DNSSEC domain. For
> instance, even if I see a good number of .gov domains failed DNSSEC,
> adding a NTA configuration for .gov would not be considere
My feedback to a possible -01 version is to add something related to not
consider NTAs for the upper hierarchy of a failed DNSSEC domain. For instance,
even if I see a good number of .gov domains failed DNSSEC, adding a NTA
configuration for .gov would not be considered good operational practic
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : Definition and Use of DNSSEC Negative Trust Anchors
Authors : Paul Ebersman