On Mon, 27 Feb 2023, Florian Streibelt via Unbound-users wrote:
No, again that is not my issue.
All of the servers that dns.com operates are dropping queries for the
Ressource Record Type DS.
They are the authoritative servers for dns.com as well as for the parent zone
of the zone our
On Sun, Feb 26, 2023 at 8:49 PM Paul Wouters wrote:
> AD review: draft-ietf-ace-cmpv2-coap-transport-07
>
Also, authors, please let the list know if you are willing to be an author
on the document, and that you have no IPR knowledge that you need to
disclose.
AD review: draft-ietf-ace-cmpv2-coap-transport-07
Please see below my AD review comments. I believe a revision of the document
is required before sending it to the IESG. The substantial comments are
mostly
about SHOULD vs MUST cases, but there is also a few large pieces of text,
mostly
in the
AD Review draft-ietf-emu-aka-pfs-10
Thanks for the clear document and the extensive Security Considerations.
But also, thanks for seeing a real world problem (compromised long term
secrets) and thinking about how to reduce the impact of these observed
attacks. This is great work!
My only
/libreswan/pull/1019
Signed-off-by: Brady Johnson
Signed-off-by: Paul Wouters
---
Makefile| 2 +-
lib/libswan/Makefile| 4 ++--
packaging/utils/setlibreswanversion | 2 +-
3 files changed, 4 insertions(+), 4 dele
On Fri, 17 Feb 2023, Roman Danyliw wrote:
** Section 3.1
Section 3.1.5 of
[I-D.ietf-add-dnr] lists a set of service parameters that are
recommended to be supported by implementations.
The referenced section in draft-ietf-add-dnr provides MTI and RECOMMENDED
options. Are both of these
On Fri, 17 Feb 2023, John R Levine wrote:
Surely we know people who run services that use DNS validation. How about
talking to some of them and finding out what kind of user errors they run
into?
The insinuation here is that we didn't talk to them. One of the authors
is at salesforce, who
On Fri, 17 Feb 2023, John Levine wrote:
That makes no sense. Why is it harder to copy a string to the name field
in a cruddy web GUI than to the data field? It's copy and paste either way.
For one, if the zone data presented to you is like a sorted zone file.
Second, because LHS entries
John Levine wrote:
While I think it would be good to publish some best practices in this area,
this draft still seems scattered and makes some assertions that seem to me
to be somewhere between unsupported and mistaken.
I think we agree that the goal is there are two parties, call them
owner
On Fri, 17 Feb 2023, Valery Smyslov wrote:
In IPsec the replay protection is a local matter of receiver,
the sender must always increment the Sequence Number as if
the replay protection is always on.
Right.
Another approach would be to generalize the Transform Type 5
as the way to control
On Thu, 16 Feb 2023, Benjamin Schwartz wrote:
Subject: [IPsec] Disabling replay protection
Hi IPSECME,
RFC 4302 (ESP) says "if an SA establishment protocol such as IKE is employed,
the receiver SHOULD notify the sender, during SA establishment, if the
receiver will not provide anti-replay
On Wed, 15 Feb 2023, Ben Cotton wrote:
For the curious, here are the stats from today's run:
### Found 2129 users in the packager group. ###
### Found 914 users with no activity in pagure/src.fp.org over the
last year. ###
### Found 845 users which also show no activity in Bodhi over the last
Paul Wouters has entered the following ballot position for
draft-ietf-ace-extend-dtls-authorize-06: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
On Tue, 14 Feb 2023, Brady Johnson wrote:
I tried your suggestion and I still get the same result. First I removed the
"rightsubnet=0.0.0.0/0" from the server config, and then got "IKE_AUTH
response rejected Child SA with TS_UNACCEPTABLE" when starting the client, so I also
removed
On Tue, 14 Feb 2023, Brady Johnson wrote:
Why do the policies get created differently?
I think a configuration issue.
Server config with address pool:
---
conn vpnserver.dl110-05.xyz.com
# right is remote(client), left is local(server)
On Thu, 9 Feb 2023, Tero Kivinen wrote:
which do not match. I suggest just removing the section 3 text, as
this is already explained in the section 2.2. Or perhaps moving the
text from section 2.2 to section 3, replacing that old section 3
paragraph with the text moved from section 2.2.
I did
On Thu, 9 Feb 2023, Dmitry Belyavskiy wrote:
I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37.
I will also push to f38 and rawhide later today.
Why is f36/f37 the playground for f38/rawhide? Shouldn't this be done
in the reverse order?
In fact all the updates landed
On Feb 9, 2023, at 16:27, Tim Wicinski wrote:On Thu, Feb 9, 2023 at 12:19 PM Paul Wouters <p...@nohats.ca> wrote:On Thu, 9 Feb 2023, Tim Wicinski wrote:
>> I have a deeper question on using "ext" for extension - it feels like an
> abbreviation which doesn't feel u
On Thu, 9 Feb 2023, Dmitry Belyavskiy wrote:
I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37.
I will also push to f38 and rawhide later today.
Why is f36/f37 the playground for f38/rawhide? Shouldn't this be done
in the reverse order?
This is a security release, it fixes
On Thu, 9 Feb 2023, Tim Wicinski wrote:
Big fan of this document and feel it is good. I have only one small nit:
See also "domain name" in [RFC8499].
Should this not be "Domain name" (per 8499) ?
I have a deeper question on using "ext" for extension - it feels like an
abbreviation
On Thu, 9 Feb 2023, Willem Toorop wrote:
Or it could use “_catalog.example.com” ?
Yes, if we add a sentence that the fictional organization producing this
catalog is "example.com", then we could use that too yes.
That would imho be the best solution.
Paul
On Feb 9, 2023, at 06:33, Willem Toorop wrote:
>
> Op 07-02-2023 om 16:45 schreef Paul Wouters:> I find the valid use of the
> name "invalid" to be pretty horrible. An
>> engineer looking at a catalog might quickly believe
>> the invalid is a bug where it sh
On Wed, 8 Feb 2023, Gayathri Manoj wrote:
We have enabled Pre-shared key based IPSec connection between our application
which running on linux environment and Router. But when our system goes
for a reboot, we have to configure the policy again to work. Please let us know
the reason for the
On Wed, Feb 8, 2023 at 3:33 AM Kees Monshouwer wrote:
> Hi Paul,
>
> On 2/7/23 16:45, Paul Wouters wrote:
>
> On Tue, Feb 7, 2023 at 8:53 AM wrote:
>
> Why must a catalog server / zone only support one version at most? Eg if
> version "3" come
Paul Wouters has entered the following ballot position for
draft-ietf-acme-authority-token-tnauthlist-13: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however
On Mon, 6 Feb 2023, Antony Antony wrote:
All of this could ofcourse go away if the kernel could send us an "idle"
callback, but I think that's still not there right?
I don't know any! I feel there was a lot confusion among us, swan
programmers, around last used and we came up with
On Tue, Feb 7, 2023 at 8:53 AM wrote:
>
> A new version (-09) has been submitted for
> draft-ietf-dnsop-dns-catalog-zones:
> https://www.ietf.org/archive/id/draft-ietf-dnsop-dns-catalog-zones-09.txt
> https://www.ietf.org/archive/id/draft-ietf-dnsop-dns-catalog-zones-09.html
>
>
> The IETF
On Mon, 6 Feb 2023, internet-dra...@ietf.org wrote:
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-labeled-ipsec-09.txt
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-labeled-ipsec-09
These are the changes in response to
New commits:
commit ea7d12abc7c0c3b1d797839feb6a0f49db8992b1
Author: Paul Wouters
Date: Sun Feb 5 20:58:13 2023 -0500
testing: added nss-cert-11-cert-expired-initiator-ikev2
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
On Fri, 3 Feb 2023, u...@blueaquan.com wrote:
Double checked this, rp_filter is disabled on all interfaces and ipv4
forwarding is enabled. I use
"nftables" on both ends and have double checked to rules to ensure packets from
both these sites have
bi-directional traffic enabled. In fact to
On Fri, 3 Feb 2023, u...@blueaquan.com wrote:
Also, an observation I could make is, when the machine at Site Office tries to
reach the HO VPN server,
even though the ping does not happen, I can see the traffic go up incrementally
on both sides.
However when the HO tries to reach the Site
On Fri, 3 Feb 2023, Antony Antony wrote:
New commits:
commit 9a6e1d0335ccfd31a26dbf19e6eea716b9e27d1c
Author: Antony Antony
Date: Mon Jun 27 05:19:34 2022 +
linux: pluto use kernel SA attribute XFRMA_LASTUSED
Linux kernel, since 6.2, updates lastused for all traffic, in and out.
Paul Wouters has entered the following ballot position for
draft-ietf-lwig-curve-representations-23: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however
tun.0@A.B.C.D tun.0@10.10.128.100 Traffic: ESPin=168B ESPout=168B! ESPmax=0B Thanks, BestBAOn 2023-01-31 22:01, Paul Wouters wrote:
On Mon, 30 Jan 2023, u...@blueaquan.com wrote:
I changed the HO's statement to auto=add while keeping auto=start at the Site Office. Also removed encapsulation state
On Mon, 30 Jan 2023, u...@blueaquan.com wrote:
I changed the HO's statement to auto=add while keeping auto=start at the Site
Office. Also removed encapsulation statement at both
ends, However there is no change in status, both machines are unable to reach
each other. The tunnel is getting
On Tue, 31 Jan 2023, Valery Smyslov wrote:
The WG thought this would be a worse solution.
This could be solved by adding only two new TS types
TS_IPV4_ADDR_RANGE_WITH_CONSTRAINTS and TS_IPV6_ADDR_RANGE_WITH_CONSTRAINTS
with a format that allows to add new constraints to the Traffic Selector.
On Tue, 31 Jan 2023, Valery Smyslov wrote:
This document should simply say that TS_SECLABEL MUST NOT be used
alone. This document must not try to do incompatible change to the
base RFC7296 which would make conforming implemntations
non-conforming.
Unfortunately, this won't work. It is not
On Sun, 29 Jan 2023, u...@blueaquan.com wrote:
I have two sites which I am trying to connect using a site-to-site VPN.
Initially I had a lot of
challenges because at the HO, the Linux machine had a Public IP directly
configured, while at the
Site Office the Linux machine was behind an ISP
New commits:
commit c79ade084df023387a34ee533392cd108ad548d7
Author: Paul Wouters
Date: Fri Jan 27 14:33:54 2023 -0500
testing: remove misleading comment line
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
On Fri, Jan 27, 2023 at 12:37 AM Mohit Sahni wrote:
> Hi Paul,
> I have updated the draft to resolve Vallery's comments.
>
Thanks for the update.
I see the secdir review of Valery shows 3 items:
New commits:
commit 8441d46bfa6c62d6a284bc3f19d55f47150b34e6
Author: Paul Wouters
Date: Thu Jan 26 13:15:28 2023 -0500
testing: fixup ikev2-tcp-00-yes
- Remove unneeded tcp-remote-port
- Fixup expected certs in nss
___
Swan-commit
New commits:
commit ea2986e817e932305608f517f07c21956b68afe2
Author: Paul Wouters
Date: Thu Jan 26 13:04:45 2023 -0500
testing: fixup ikev2-tcp-04-ikeport
No longer needs to delete the peer's cert from local nss store.
commit 8a21eb86155a496b33d2b935e9e9e0dc3e867383
Author: Paul
New commits:
commit b7e9029aff0a549bdc6401a0cfc2d145de37707b
Author: Ondrej Moris
Date: Mon Jan 23 20:37:39 2023 -0500
testing: copy xauth passwd to ipsecdir
Resolves: https://github.com/libreswan/libreswan/issues/991
Signed-off-by: Paul Wouters
New commits:
commit 2e2203cfa8a1584095c7765046b464eb161f6aba
Author: Paul Wouters
Date: Mon Jan 23 19:45:05 2023 -0500
documentation: updated CHANGES
commit 1d989b00d986b45f8eb7b8f1d5a828a4f9f5b2a5
Author: Paul Wouters
Date: Mon Jan 23 19:42:19 2023 -0500
testing: fix namespace
On Fri, 20 Jan 2023, Jesse wrote:
I have an issue I am using
Linux Libreswan 3.32 (netkey) on 5.15.0-1027-oracle
on my Oracle Ubuntu 22.04 instance.
I have a partner Connection from my instance and the partner has a primary IP
and a Failover IP
eg.
Connection to partner from my end via
On Sun, 22 Jan 2023, Tim Wicinski wrote:
Subject: [DNSOP] Call for Adoption: Structured Data for Filtered DNS
This starts a Call for Adoption for draft-wing-dnsop-structured-dns-error-page
I have no objection to adoption. I say this instead of "yes" to adoption
because:
A client
On Fri, 20 Jan 2023, Paul Hoffman wrote:
Given the long list of things in this document that ISC has thought about and actively
decided not to do, is it a good idea that we call it a "best current practice"?
It seems there should be more discussion which hopefully would lead to
a converging
Paul Wouters has entered the following ballot position for
draft-ietf-acme-subdomains-06: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
Paul Wouters has entered the following ballot position for
draft-ietf-opsec-indicators-of-compromise-03: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please
New commits:
commit a935317bcd36fddae1ee3c84dcfd878776884322
Author: Paul Wouters
Date: Wed Jan 18 11:28:48 2023 -0500
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit b97627567656f56151b2cb04b25649f987bc
Author: Paul Wouters
Date: Wed Jan 18 11:27:09 2023 -0500
building: fix "make git-rpm"
- use rpm -eval to get sourcedir / specdir
- if not present in sourcedir, download IKE test ve
effen
>> (T
>> > CST) ; von Oheimb, David (T CST SEA-DE)
>> > ; Saurabh Tripathi
>> >
>> > Betreff: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04
>> >
>> > Hi,
>> >
>> > From my perspective it is in t
On Thu, Jan 12, 2023 at 11:34 AM Alan DeKok wrote:
> On Jan 11, 2023, at 8:02 PM, Paul Wouters wrote:
> > Thanks for a very clear document.
> >
> > There is some redundancy in it but I think that is the correct way to
> ensure implementers reading only "their"
On Jan 12, 2023, at 09:06, Valery Smyslov wrote:
>
> Hi Paul,
>
>>> On Mon, 26 Dec 2022, Valery Smyslov wrote:
>>>
>>> Subject: Re: [IPsec] comments on draft-ietf-ipsecme-g-ikev2-07
>>
>> I know this comment comes very late, but within the IETF we now see
>> adoption happening of HPKE,
Thanks for a very clear document.
There is some redundancy in it but I think that is the correct way to
ensure implementers reading only "their" section get the proper information.
I have a few comments and a some nits:
Comments:
Implementations SHOULD NOT use inner identities which
On Wed, 11 Jan 2023, Philip Homburg wrote:
Obviously, this is not an issue if the application specifies an encrypted
transport to a public DNS resolver.
At that point you are fighting ADD proposals. You are fighting the LAN
preferences, the wireless carrier preferences, the OS and maybe the
On Tue, 10 Jan 2023, Philip Homburg wrote:
Should applications control this by default? No. But in my opinion,
it is better if the user can control this per application (in addition
to system-wide defaults) than that we force applications that do want
to have this kind of control work around
On Mon, 26 Dec 2022, Valery Smyslov wrote:
Subject: Re: [IPsec] comments on draft-ietf-ipsecme-g-ikev2-07
I know this comment comes very late, but within the IETF we now see
adoption happening of HPKE, Hybrid Public Key Encryption in RFC 9180.
Would it make sense to redo the draft using HPKE
On Tue, 10 Jan 2023, Philip Homburg wrote:
[speaking as individual]
However, such a setup leaves the application with no control over
which transport the proxy uses.
Why should the application have control over this? If you want to give
control to the application, what should they
New commits:
commit a1bc070487734648ab72cf92444ca423f5a598a5
Author: Paul Wouters
Date: Mon Jan 9 22:22:35 2023 -0500
testing: updated TESTLIST
commit 3d7f9a3d6e5ecfdef90defa6117fd0868b3e30b2
Author: Paul Wouters
Date: Mon Jan 9 22:19:21 2023 -0500
testing: add ikev2-14-compress
On Mon, Jan 9, 2023 at 2:52 PM Daniel Migault wrote:
> Hi Paul,
>
> Thanks for the review. We updated the document as follows.
>
> https://github.com/ietf-homenet-wg/ietf-homenet-hna/pull/63/commits/f221d3413f71bf95f8961f8fe3c71e53f8f3dd20
>
Thanks for the update.
> The only comment that has
On Mon, 9 Jan 2023, Praveen Chavan wrote:
Thanks for the clarification.
Follow up:
1. Could you share some examples for "ipsec trafficstatus" output?
See git grep "ipsec traffic" testing/pluto/
you can also see the test output on testing.libreswan.org
eg from
New commits:
commit f72a08502726cdcab32f8684c9753aa364d116f0
Author: Paul Wouters
Date: Mon Jan 9 12:26:58 2023 -0500
testing: update tests for FIPS tweaks
commit 96b288bf4ef0cefebf052982c5559dde207745e7
Author: Paul Wouters
Date: Mon Jan 9 12:26:31 2023 -0500
FIPS: tweak FIPS
On Mon, 9 Jan 2023, Praveen Chavan wrote:
With libreswan upgrade to 4.5.x, I've noticed changes in the output of 'ipsec
whack --status' command. I relied on 'IPsec SA
established' to verify the active tunnels. With the upgraded version this
string is not present in the output. I rather notice
New commits:
commit 6a505a63e62f345a6d3066f313ffbb3f2b83fc4b
Author: Paul Wouters
Date: Mon Jan 9 10:55:35 2023 -0500
testing: ikev2-selectors-44in4-rw-ike-mismatch-02 is still WIP
while road works, east is still broken.
___
Swan-commit
New commits:
commit c149d854b9b8fc0a02f2aa0384c6826fb76519ae
Author: Paul Wouters
Date: Sun Jan 8 16:47:58 2023 -0500
testing: updated TESTLIST
commit 09d37eb4275483a43f37206433d4ab6c79f8aca0
Author: Paul Wouters
Date: Sun Jan 8 16:47:08 2023 -0500
testing: added ikev2-selectors
New commits:
commit 6e2b9d0b9aa9ada6fe305bda6d51aebfbfc35a62
Author: Paul Wouters
Date: Sun Jan 8 16:34:57 2023 -0500
testing: update TESTLIST
commit b554ade25e1383f3c3aec47f05592244a512ee03
Author: Paul Wouters
Date: Sun Jan 8 16:33:23 2023 -0500
testing: add tests for proper
New commits:
commit ae3c8b1c67c4d85ff12ae9938c6fa78a971fb634
Author: Paul Wouters
Date: Sun Jan 8 16:11:29 2023 -0500
testing: fixup ikev2-rw-multiple-subnets
commit 84fc696a120e2512eb9ab40c9cd80ca45c90427d
Author: Paul Wouters
Date: Sun Jan 8 16:03:58 2023 -0500
testing: fixup
On Thu, 5 Jan 2023, zhangcuiling wrote:
Dear dnsop,
According to the comment, I modified the draft. There are two major changes.
1. Modify the description of SM3 DS records ( Section 2 )
In section 2, the length of digest is listed as a difference between SHA-256
and SM3,
but in reality the
A note on the ESP SPI overloading trick, such as used in
draft-ponchon-ipsecme-anti-replay-subspaces for which SSH
has IPR, they submitted an IPR statement:
See https://datatracker.ietf.org/ipr/5880/
In the event that any claims of the Subject Patents are necessarily
infringed
Paul Wouters has entered the following ballot position for
draft-ietf-dnsop-dns-catalog-zones-08: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
Paul Wouters has entered the following ballot position for
draft-ietf-dmm-srv6-mobile-uplane-23: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please
Paul Wouters has entered the following ballot position for
draft-ietf-homenet-front-end-naming-delegation-25: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however
Why not go to xml and use xml2man / pandoc ?
That’s what we use for libreswan. xml is easier to write and read than man/mdoc.
Paul
Sent using a virtual keyboard on a phone
> On Dec 31, 2022, at 11:31, Jan Stary via nsd-users
> wrote:
>
> Dear authors of NSD,
>
> currently, the manpages
On Thu, 22 Dec 2022, Petr Menšík via Unbound-users wrote:
Domain suffix should not be necessary. /etc/hosts allows
aliases, so you can have line like "10.0.0.1 primary.example.com primary".
That would make primary.example.com a primary
fully qualified domain name. And "primary." just an alias
On Wed, 21 Dec 2022, Brendan Kearney wrote:
Subject: [Swan] Tunnel is up, but getting udp port unreachable
connecting client is seen replying with ICMP udp port unreachable messages:
VPN Server config:
conn rac
leftsubnet=0.0.0.0/0
right=%any
Thanks, the changes resolve my comments!
Paul
Sent using a virtual keyboard on a phone
> On Dec 22, 2022, at 18:33, Brian Campbell wrote:
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
On Dec 21, 2022, at 05:39, Petr Menšík wrote:
>
>
>> This happens before the "dns" entry, so before unbound is used. So for
>> apps on localhost this should work fine? It is always read (and not
>> cached)
> That is not strictly true. Some software may use DNS explicitly via
> specialized
New commits:
commit 63cdd714de5f2588adff342ce6faf6d762a7a52c
Author: Paul Wouters
Date: Wed Dec 21 11:23:58 2022 -0500
pluto: rate limit all logs in for IKE version numbers
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 62f9437578551b371a906d2b62b67aad31351362
Author: Paul Wouters
Date: Wed Dec 21 11:16:14 2022 -0500
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit f0fa9562e34146d12b9ecd03ca8f0bf7ba6ed185
Author: Paul Wouters
Date: Tue Dec 20 13:06:13 2022 -0500
documentation: extend config setup options in ipsec.conf
Add commented out config setup options in our ipsec.conf that we
we consider "standard user fea
New commits:
commit 9c7c43a5a98b476eab7e3723269315da3fcb3283
Author: Paul Wouters
Date: Tue Dec 20 12:42:02 2022 -0500
documentation: update CHANGES
commit 4e05d99a8a7d942e5f43ca10fd5c19525b0a3716
Author: Antonio Silva
Date: Tue Dec 20 12:31:48 2022 -0500
packaging: fix debian
/stop/restart/enable/disable ipsec service without any issue.
>
> Do you want me to create e pull request in github?
>
>
> —
> Saludos / Regards / Cumprimentos
> António Silva
>
>> On 8 Nov 2022, at 12:58, Paul Wouters wrote:
>>
>>> On Tue, 8 Nov 2022, antonio w
On Mon, 19 Dec 2022, Rebecca Guthrie wrote:
[speaking only as libreswan implementer]
DoD has customers who are interested in incorporating a PSK into the initial
IKEv2 SA. While RFC 8784
already defines a PSK mechanism, the PSK is not rolled into the encryption
until creation of the
first
On Mon, 19 Dec 2022, Petr Menšík via Unbound-users wrote:
Is there some plugin for automatically watching /etc/hosts file for changes
and loading them as a local data?
I am thinking about supporting unbound as a default localhost cache. But I
think many people rely on /etc/hosts changes are
On Thu, 15 Dec 2022, Warren Kumari wrote:
Subject: Re: [IPsec] Warren Kumari's Discuss on
draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
Francesca / Warren: would these changes resolve your points? I kept
the word deprecated as Roman pointed out that is exactly what the TLS
On Thu, 15 Dec 2022, Martin Schanzenbach wrote:
I am not looking for that. What I said that what this sentence
insinuates is that as a developer I am "wholly responsible" for dealing
with collisions that may occur.
Maybe it is because English is my 2nd language but this rubs me the
wrong
Paul Wouters has entered the following ballot position for
draft-ietf-6lo-use-cases-14: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
Paul Wouters has entered the following ballot position for
draft-ietf-opsawg-service-assurance-yang-10: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however
Paul Wouters has entered the following ballot position for
draft-ietf-oauth-rar-19: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
https
es is their affair.
I don’t think people disagree on this.
>> On 14.12.22 17:13, Paul Wouters wrote:
>> "bob.foo.alt" still squarely falls into "my" namespace
>> It is indeed not “yours”.
> ... from the perspective of DNS. Whether it is "yours"
On Dec 14, 2022, at 05:37, Martin Schanzenbach wrote:
>
>
> I think my main issue is the word "wholly".
> The developer cannot be "wholly" responsible.
> I can choose a label (e.g. "foo.alt") that is not already taken right
> now.
> But I cannot really do anything if somebody else comes along
> On Dec 13, 2022, at 18:50, Wessels, Duane
> wrote:
>
>
> I
> I still think the requirements for library (stub) and caching resolver
> behavior should be stronger. i.e. MUST NOT put .alt queries on the wire.
> But this is probably a minority opinion.
Earlier I had said “should use
On Tue, 13 Dec 2022, Warren Kumari via Datatracker wrote:
[speaking with author hat on]
--
DISCUSS:
--
Be ye not afraid -- see
On Wed, 7 Dec 2022, OBETalk?? wrote:
Date: Wed, 7 Dec 2022 04:57:50
From: OBETalk??
To: swan
Subject: [Swan] The issue of connecting to Libreswan VPN from Android
Dears,
There's a big issue of Android phone connecting to Libreswan deployed on Ubuntu
18.04 which is based on AWS
EC2
On Wed, Dec 7, 2022 at 5:46 PM Tero Kivinen wrote:
> I started this last call almost a month ago, and I have not seen any
> discussion, comments or emails on the ipsec list.
>
> For me that would indicate that nobody has actually reviewed the
> document during the WGLC, and would indicate there
FYI.
-- Forwarded message --
Date: Wed, 7 Dec 2022 12:06:47
From: IETF Secretariat
Cc: rfc6761...@ietfa.amsl.com, p...@nohats.ca, war...@kumari.net
To: IETF Announcement List
Subject: [Rfc6761bis] New Non-WG Mailing List: rfc6761bis
A new IETF non-working group email list
On Wed, 7 Dec 2022, John Scudder via Datatracker wrote:
--
COMMENT:
--
Nits
- “A few notably” should be “A few notable”
- “an addition Security Context
Ok, all good with me. Thanks Valery!
Sent using a virtual keyboard on a phone
> On Nov 30, 2022, at 12:03, Valery Smyslov wrote:
>
> We are converging :-)
>
>>> I'm a bit reluctant to add all this information to the abstract. It is
>>> already a bit too long
>>> (since Éric and Warren
On Wed, 30 Nov 2022, Valery Smyslov wrote:
Yes I meant the abstract :)
I'm a bit reluctant to add all this information to the abstract. It is already
a bit too long
(since Éric and Warren suggested to augment it with the explanation text of how
this design helps in situation when PQ
501 - 600 of 8081 matches
Mail list logo
