Hi, Am 06.09.2012 21:54, schrieb Vernon Schryver: >> From: Ralf Weber <[email protected]> > >> The protocol doesn't mandate a resolver to retry, ... > > Which protocol is that? I'm not disagreeing since the claim matches > my intuition, but only asking for an RFC number (or numbers) so > that I can understand the exegesis.
RFC 4035 Section 5 explains how to validate signatures and what to do it that fails (5.5). It says nothing about doing or not doing retries. BIND and Unbound retry a couple of times and scatter the queries among all authoritative NS. > How is javascript involved? That sounds like a pair of ordinary > <IMG> beacons. > > If javascript is involved, do you figure that browsers with javascript > controlled manually or automatically (e.g. with NoScript) are > insignificant or that the resolvers of users that do such things > should not be counted? JavaScript is only needed if you want to show the result to the user. For statistics the <img> tags suffice, no JS involved. > I assume I'm odd, because I'm not eagar to put the invisible HREF > anchor on my web pages because of the extra DNS transactions imposed > on users. I also have vague worries I can't articulate about privacy > concerns. > > My answer to putting a simple <IMG> beacon on my web pages would > be a flat "never." There are too many technical and legal issues. > For example, what about privacy issues with the referer string? > > I'd have trouble responding politely to a request that I add > javascript to my web pages. I don't think I'm religiously opposed > to javascript, since I'm taking a break from fighting some javascript > bugs to write this. It's just simple security and operational > prudence to never code that is not strictly necessary. Can't argue with that. If privacy is an issue, you won't become friends with foreign HTTP resources. Kind regards, Matt -- Universität Duisburg-Essen Fachgebiet Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg Tel: +49 203 379 2767
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
