Admittedly having not read past the abstract and responding to Scott's message
- Scott is right on a point I think is underplayed.
The protocol parameter registry is titled "DNS Security Algorithm Numbers", see:
I have read the draft and support it being made into a WG document.
I do have some minor comments - none that change the tone of the
document:
1. Introduction 5th paragraph
“DNSSEC algorithms are used…” Probably should be “DNSSEC
registered algorithms…” There are no crypto algorithms that
Mark,
At 2016-11-25 15:45:08 +1100
Mark Andrews wrote:
> >
> > Sorry for being stupid and ignorant here, but again, is there an RFC
> > which says you need multiple signatures?
>
> Yes. RFC4035 and RFC6840. Note the words "entire zone". You can't
> have two algorithm is use
In message <20161125115823.747eb...@pallas.home.time-travellers.org>, Shane Ker
r writes:
> Mark,
>
> At 2016-11-16 08:39:37 +1100
> Mark Andrews wrote:
>
> > In message <20161116000530.19ed4...@pallas.home.time-travellers.org>,
> Shane Kerr writes:
> > > Dan,
> > >
> > > At
Mark,
At 2016-11-16 08:39:37 +1100
Mark Andrews wrote:
> In message <20161116000530.19ed4...@pallas.home.time-travellers.org>, Shane
> Kerr writes:
> > Dan,
> >
> > At 2016-11-15 12:41:01 +
> > Dan York wrote:
> > > The draft is at either of:
> > >
> > >
> On Nov 24, 2016, at 01:05, Matthijs Mekking wrote:
>
> In section 2.1.1 there is a note on an in 2016 standards non-compliant
> resolver. Having RFCs (to be) note that other RFCs are not safe to assume its
> implemented is a bit ridiculous to me. It is a given that
Dan,
I read your draft and I have a concern. The document makes a lot of
observations about the current state of DNSSEC implementation, so I am
afraid that this publication gets outdated quickly.
So I do think it's a good idea to highlight which pieces in the DNS
infrastructure needs
In message <20161116000530.19ed4...@pallas.home.time-travellers.org>, Shane
Kerr writes:
> Dan,
>
> At 2016-11-15 12:41:01 +
> Dan York wrote:
> > The draft is at either of:
> >
> > https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-cryptoalgs/
> >
Dan,
At 2016-11-15 12:41:01 +
Dan York wrote:
> The draft is at either of:
>
> https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/
> https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-04
>
> Please send any comments to the
As mentioned at the very end of DNSOP, Olafur Gudmundsson, Ondrej Sury, Paul
Wouters and I have a draft published that aims to document the steps involved
with deploying a new cryptographic algorithm for DNSSEC. The overall goal is to
make it easier to get new DNSSEC crypto algorithms deployed,
10 matches
Mail list logo