On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you,
security experts, has been trained to accept signature validation failures as
false alarms by experts from reputable institutions.
Thierry, do you know of anyone that
Dear Jakob:
Trying to reply specifically. The bigger picture would require extensive
background explanations.
Jakob Schlyter wrote:
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you, security
experts, has been trained to
On Fri, 16 Jul 2010, Taral wrote:
Neat, but not (yet) useful... only these TLDs have DS records:
The rest will follow soon. And it is not that you had to stop those
TLD trust anchors just now.
Several are using old SHA-1 hashes...
old ?
Paul
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible
(this was an alternative)? This was
Paul Hoffman wrote:
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible (this
was an
On Sat, Jul 17, 2010 at 7:41 AM, Paul Wouters p...@xelerance.com wrote:
Several are using old SHA-1 hashes...
old ?
old in that they are explicitly not recommended by the latest specs
I was looking at.
--
Taral tar...@gmail.com
Please let me know if there's any further trouble I can give