> From: Ralf Weber <[email protected]> > The protocol doesn't mandate a resolver to retry, ...
Which protocol is that? I'm not disagreeing since the claim matches my intuition, but only asking for an RFC number (or numbers) so that I can understand the exegesis. > The approach from Matthäus described earlier in the thread using > javascript and two pics, one validating and one not seems cleaner > to me and can deal with all the cases Olafur, myself and others had > problems with. Is that the scheme mentioned on https://lists.dns-oarc.net/pipermail/dns-operations/2012-September/008724.html ] Our test methodology is to load 1px images from two domain names, one ] correctly signed and the other one with a broken signature. How is javascript involved? That sounds like a pair of ordinary <IMG> beacons. If javascript is involved, do you figure that browsers with javascript controlled manually or automatically (e.g. with NoScript) are insignificant or that the resolvers of users that do such things should not be counted? I assume I'm odd, because I'm not eagar to put the invisible HREF anchor on my web pages because of the extra DNS transactions imposed on users. I also have vague worries I can't articulate about privacy concerns. My answer to putting a simple <IMG> beacon on my web pages would be a flat "never." There are too many technical and legal issues. For example, what about privacy issues with the referer string? I'd have trouble responding politely to a request that I add javascript to my web pages. I don't think I'm religiously opposed to javascript, since I'm taking a break from fighting some javascript bugs to write this. It's just simple security and operational prudence to never code that is not strictly necessary. Vernon Schryver [email protected]
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
