On Sat, Jul 17, 2010 at 10:41:10AM -0400, Paul Wouters wrote:
On Fri, 16 Jul 2010, Taral wrote:
Neat, but not (yet) useful... only these TLDs have DS records:
The rest will follow soon. And it is not that you had to stop those
TLD trust anchors just now.
actually, soon is a
On Jul 17, 2010, at 3:30 05PM, Taral wrote:
On Sat, Jul 17, 2010 at 7:41 AM, Paul Wouters p...@xelerance.com wrote:
Several are using old SHA-1 hashes...
old ?
old in that they are explicitly not recommended by the latest specs
I was looking at.
DNSSEC signatures do not need to have a
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you,
security experts, has been trained to accept signature validation failures as
false alarms by experts from reputable institutions.
Thierry, do you know of anyone that
Dear Jakob:
Trying to reply specifically. The bigger picture would require extensive
background explanations.
Jakob Schlyter wrote:
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you, security
experts, has been trained to
On Fri, 16 Jul 2010, Taral wrote:
Neat, but not (yet) useful... only these TLDs have DS records:
The rest will follow soon. And it is not that you had to stop those
TLD trust anchors just now.
Several are using old SHA-1 hashes...
old ?
Paul
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible
(this was an alternative)? This was
Paul Hoffman wrote:
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible (this
was an
On Sat, Jul 17, 2010 at 7:41 AM, Paul Wouters p...@xelerance.com wrote:
Several are using old SHA-1 hashes...
old ?
old in that they are explicitly not recommended by the latest specs
I was looking at.
--
Taral tar...@gmail.com
Please let me know if there's any further trouble I can give
The root zone has been signed, and the root zone trust anchor has
been published.
Begin forwarded message:
Date: Fri, 16 Jul 2010 14:35:39 +
From: Joe Abley joe.ab...@icann.org
To: na...@nanog.org
Subject: Root Zone DNSSEC Deployment Technical Status Update
Root Zone DNSSEC Deployment
Perry E. Metzger wrote:
The root zone has been signed, and the root zone trust anchor has
been published.
That's a great achievement for the parties involved. It is also a
significant step towards more trustworthy DNS data.
I have been following this with attention from the perspective of
On Fri, Jul 16, 2010 at 7:47 AM, Perry E. Metzger pe...@piermont.com wrote:
The root zone has been signed, and the root zone trust anchor has
been published.
Neat, but not (yet) useful... only these TLDs have DS records:
bg. 172800 IN DS 46846 5 1
11 matches
Mail list logo