Re: How is DNSSEC

2008-03-27 Thread Steven M. Bellovin
On Fri, 21 Mar 2008 08:52:07 +1000 James A. Donald [EMAIL PROTECTED] wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an

Re: How is DNSSEC

2008-03-27 Thread Ben Laurie
Dave Howe wrote: James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that DNSSEC is working fine as a technology. However, it is worth remembering that it works based on digitally signing an entire

Re: How is DNSSEC

2008-03-26 Thread Florian Weimer
* James A. Donald: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative public key for any domain name I control, and

Re: How is DNSSEC

2008-03-26 Thread Ben Laurie
James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative public key for any domain name I control, and

Re: How is DNSSEC

2008-03-26 Thread Ben Laurie
[EMAIL PROTECTED] wrote: On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to

Re: How is DNSSEC

2008-03-26 Thread bmanning
On Sat, Mar 22, 2008 at 10:59:18AM +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me

Re: [mm] How is DNSSEC

2008-03-26 Thread Ben Laurie
[EMAIL PROTECTED] wrote: Er... Allow me the option o fdisbeleiving your assertion. PTR records can and do point to mutiple names. Some narrow implementations have assumed that there will only be a single data element and this myth - that PTRs only point to a

Re: [mm] How is DNSSEC

2008-03-26 Thread bmanning
On Sat, Mar 22, 2008 at 02:46:40PM +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: Er... Allow me the option o fdisbeleiving your assertion. PTR records can and do point to mutiple names. Some narrow implementations have assumed that there will only be a single data

Re: [mm] How is DNSSEC

2008-03-26 Thread Ben Laurie
[EMAIL PROTECTED] wrote: On Sat, Mar 22, 2008 at 02:46:40PM +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: Er... Allow me the option o fdisbeleiving your assertion. PTR records can and do point to mutiple names. Some narrow implementations have assumed that there

Re: [mm] How is DNSSEC

2008-03-26 Thread Ben Laurie
[EMAIL PROTECTED] wrote: On Sat, Mar 22, 2008 at 03:52:49PM +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: On Sat, Mar 22, 2008 at 02:46:40PM +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: Er... Allow me the option o fdisbeleiving your assertion. PTR records can and do

Re: How is DNSSEC

2008-03-26 Thread Dave Howe
James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that DNSSEC is working fine as a technology. However, it is worth remembering that it works based on digitally signing an entire zone - the state of

How is DNSSEC

2008-03-21 Thread James A. Donald
From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative public key for any domain name I control, and should be able to obtain

Re: How is DNSSEC

2008-03-21 Thread bmanning
On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative