On Thu, 2021-01-21 at 18:14 -0800, Brian Dickson wrote:
> Paul's proposal would still require the parent to produce and serve the
> NSRRSIG. However small a change that is, it is still a change.
Yes, a change in signers and auths.
> When compared with the alternative I proposed, my suggestion do
On Thu, Jan 21, 2021 at 3:45 AM Peter van Dijk
wrote:
> On Thu, 2020-12-10 at 15:48 -0800, Brian Dickson wrote:
> > >
> > > Compared to DiS, registrar complexity is identical (because the
> > > complexity is also hidden in the signer here); signer complexity is
> > > potentially lower. The only r
On Thu, 2020-12-10 at 15:48 -0800, Brian Dickson wrote:
> >
> > Compared to DiS, registrar complexity is identical (because the
> > complexity is also hidden in the signer here); signer complexity is
> > potentially lower. The only real complexity change vs. DiS is in the
> > auths, that now need
On Dec 10, 2020, at 4:52 PM, Joe Abley wrote:
>
> On 10 Dec 2020, at 19:41, Paul Hoffman wrote:
>
>>> "Authenticate authoritative servers" is a bit vague for me. Parent and
>>> child are namespace concepts and not relying parties that you'd ordinarily
>>> expect to be able to authenticate any
On Thu, Dec 10, 2020 at 4:52 PM Joe Abley wrote:
> On 10 Dec 2020, at 19:41, Paul Hoffman wrote:
>
> >> "Authenticate authoritative servers" is a bit vague for me. Parent and
> child are namespace concepts and not relying parties that you'd ordinarily
> expect to be able to authenticate anything
On 10 Dec 2020, at 19:41, Paul Hoffman wrote:
>> "Authenticate authoritative servers" is a bit vague for me. Parent and child
>> are namespace concepts and not relying parties that you'd ordinarily expect
>> to be able to authenticate anything.
>
> A resolver asks a parent what the NS records
On Dec 10, 2020, at 4:35 PM, Joe Abley wrote:
>
> On Dec 10, 2020, at 19:25, Paul Hoffman wrote:
>
>> In DPRIVE, there is a desire to TLSA records to authenticate authoritative
>> servers. In order to do that without getting into a chicken-and-egg loop,
>> the parent needs to authenticate the
On Dec 10, 2020, at 19:25, Paul Hoffman wrote:
> In DPRIVE, there is a desire to TLSA records to authenticate authoritative
> servers. In order to do that without getting into a chicken-and-egg loop, the
> parent needs to authenticate the NS records of the child authoritative server.
I haven't
On Dec 10, 2020, at 4:14 PM, Mark Andrews wrote:
>
> Before going on I would really like to know what operational problem is being
> attempted to be solved by signing delegating information?
>
> Fujiwara-san has presented the draft without specifying what problem it is
> attempting to solve. Th
On Dec 10, 2020, at 19:14, Mark Andrews wrote:
> Before going on I would really like to know what operational problem is being
> attempted to be solved by signing delegating information?
+1
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/ma
Before going on I would really like to know what operational problem is being
attempted to be solved by signing delegating information?
Fujiwara-san has presented the draft without specifying what problem it is
attempting to solve. The fact the records are not signed is a observation
not a proble
On Thu, Dec 10, 2020 at 1:19 PM Peter van Dijk
wrote:
> Hello Paul,
>
> On Mon, 2020-11-30 at 15:43 +, Paul Hoffman wrote:
> > The more I think about
> draft-fujiwara-dnsop-delegation-information-signer, the more I think that
> it is much more complex than what we are doing now in DNSSEC, and
12 matches
Mail list logo