On Fri, Dec 30, 2022 at 12:39:30PM +0100, Peter
wrote:
> On Thu, Dec 29, 2022 at 03:43:35PM -0500, Timothe Litt wrote:
>
> ! So much like DNSSEC itself, the technology is there, but the will to use it
> ! everywhere it's needed is not.
>
> Timothy, thank You for the update. I agree to Your vie
Hi there,
On Fri, 30 Dec 2022, Timothe Litt wrote:
The problem is politics, not technology.
Well there might be a little more to it than that. People just don't know.
When my wife asked about the security of her bank's Website they told her,
"Don't worry, if there's a little padlock in the
On Thu, Dec 29, 2022 at 03:43:35PM -0500, Timothe Litt wrote:
! So much like DNSSEC itself, the technology is there, but the will to use it
! everywhere it's needed is not.
Timothy, thank You for the update. I agree to Your viewpoints, and we
have seen mostly the same with IPv6. Apparently it nee
On 29-Dec-22 19:30, Mark Andrews wrote:
Valid base64 includes spaces and new lines. Poorly written record
parsers reject valid records.
--
Mark Andrews
True for DNS records; the RFC clearly states that whitespace is allowed
in the presentation form's base64 fields of DNSSEC records. And a
On 29-Dec-22 18:37, Eric Germann wrote:
The really annoying part is it isn’t obvious that they want the public
key and not the result of dnssec-dsfromkey; they do it themselves.
The annoying part is they throw an error if the key isn’t valid
Base64 (think spaces or newlines), but gladly accep
Valid base64 includes spaces and new lines. Poorly written record parsers reject valid records. -- Mark AndrewsOn 30 Dec 2022, at 10:38, Eric Germann via bind-users wrote:
On Dec 29, 2022, at 16:34, Timothe Litt wrote:Yup, Eric's case was a classic example. He tried to do the right
thing,
On Dec 29, 2022, at 16:34, Timothe Litt wrote:
Yup, Eric's case was a classic example. He tried to do the right thing, put in
the wrong record, and the system didn't produce the expected results. To his
credit, he persisted. Most people don't. A while ago there was a study
(cloudflare/
Apparently I didn't include the DNS script library link mentioned in my
note. Sorry.
https://github.com/srvrco/getssl/tree/master/dns_scripts
On 29-Dec-22 13:45, Peter wrote:
On Thu, Dec 29, 2022 at 09:17:26AM -0500, Timothe Litt wrote:
! (Manual processes
! are error-prone. That getting r
On 29-Dec-22 13:45, Peter wrote:
On Thu, Dec 29, 2022 at 09:17:26AM -0500, Timothe Litt wrote:
! (Manual processes
! are error-prone. That getting registrars to adopt CDS/CDNSKEY - RFC7344 -
! has been so slow is unfortunate.)
Seconded. Do You have information about this moving at all? Because
On Thu, Dec 29, 2022 at 09:17:26AM -0500, Timothe Litt wrote:
! (Manual processes
! are error-prone. That getting registrars to adopt CDS/CDNSKEY - RFC7344 -
! has been so slow is unfortunate.)
Seconded. Do You have information about this moving at all? Because to
me it looks very much like dead
10 matches
Mail list logo