On Jul 17, 2010, at 3:30 05PM, Taral wrote:
On Sat, Jul 17, 2010 at 7:41 AM, Paul Wouters p...@xelerance.com wrote:
Several are using old SHA-1 hashes...
old ?
old in that they are explicitly not recommended by the latest specs
I was looking at.
DNSSEC signatures do not need to have a
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you,
security experts, has been trained to accept signature validation failures as
false alarms by experts from reputable institutions.
Thierry, do you know of anyone that
Dear Jakob:
Trying to reply specifically. The bigger picture would require extensive
background explanations.
Jakob Schlyter wrote:
On 16 jul 2010, at 19.59, Thierry Moreau wrote:
With what was called DURZ (Deliberately Unvalidatable Root Zone), you, security
experts, has been trained to
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible
(this was an alternative)? This was
Paul Hoffman wrote:
At 9:52 AM -0400 7/17/10, Thierry Moreau wrote:
Incidentally, you say you [the design team] had good *documented* reasons for
implementing DURZ *as*you*did*. Did you document why any of
unknown/proprietary/foreign signature algorithm code(s) were not possible (this
was an