I can't agree with this statement. As others have said, the practice of
using a search list to allow 'ssh foo.bar' to reach 'foo.bar.example.com'
isn't going anywhere, and there are a lot of people that make extensive use
of the convenience.
It needs to die because it's
Paul Wouters;
I think the following ID solves the problem.
http://www.ietf.org/id/draft-ohta-practically-secure-dns-00.txt
Masataka Ohta
___
DNSOP mailing list
DNSOP@ietf.org
On Oct 24, 2011, at 2:08 AM, sth...@nethelp.no wrote:
I can't agree with this statement. As others have said, the practice of
using a search list to allow 'ssh foo.bar' to reach 'foo.bar.example.com'
isn't going anywhere, and there are a lot of people that make extensive use
of the
--On 24 October 2011 06:53:05 -0400 Keith Moore
mo...@network-heretics.com wrote:
I'm just pointing out that for the vast majority of the contexts in which
domain names are used, the expectation is that a domain name that
contains a . is fully-qualified.
This is sampling bias.
In the
--On 22 October 2011 19:41:58 + Ted Lemon ted.le...@nominum.com wrote:
Yes. But if a bare name is used, a bogus search list can also bypass
DNSSEC validation.
For the hard of understanding, please could you expand on this?
Doesn't the client know the full name being looked up, even
--On 24 October 2011 07:29:55 -0400 Keith Moore
mo...@network-heretics.com wrote:
I'm just pointing out that for the vast majority of the contexts in
which domain names are used, the expectation is that a domain name that
contains a . is fully-qualified.
This is sampling bias.
No, I
On Oct 24, 2011, at 7:55 AM, Alex Bligh wrote:
--On 24 October 2011 07:29:55 -0400 Keith Moore mo...@network-heretics.com
wrote:
I'm just pointing out that for the vast majority of the contexts in
which domain names are used, the expectation is that a domain name that
contains a .
On 10/23/2011 7:49 PM, Mark Andrews wrote:
In message 96472fb7-8425-4928-8f55-2abf2cb59...@conundrum.com, Matthew
Pounse
tt writes:
On 2011/10/22, at 15:21, Keith Moore wrote:
On Oct 22, 2011, at 2:42 PM, Doug Barton wrote:
1. I think we're all in agreement that dot-terminated names
On 10/24/2011 05:16, Keith Moore wrote:
That's the point - search lists are not appropriate most of the time, and
it's very hard for software to distinguish the cases where they are
potentially appropriate from the cases when they're not, and it's not
possible for software to do this in all
On 10/24/2011 13:58, Keith Moore wrote:
On Oct 24, 2011, at 4:52 PM, Doug Barton wrote:
On 10/24/2011 05:16, Keith Moore wrote:
That's the point - search lists are not appropriate most of the time, and
it's very hard for software to distinguish the cases where they are
potentially
Hi there Doug, Keith, folks,
Speaking of broken mechanisms ... how many dots?
arstechnica.com is OK
co.uk is not OK
ndots strikes me as a chocolate soldier in the fire used to warm the chocolate
teapot that is search lists.
At best these are context dependent (and keep IT support in
On Oct 24, 2011, at 6:50 PM, Jeffrey Hutzelman wrote:
So it seems that this question is already a matter of local policy,
which given the number and quality of the divergent views seems
eminently reasonable. Can we move on now?
No, because relying on local policy is not sufficient for
In message cb52baaf-f38f-4815-9b91-4656f1f38...@insensate.co.uk, Lawrence Con
roy writes:
Hi there Doug, Keith, folks,
Speaking of broken mechanisms ... how many dots?
arstechnica.com is OK
co.uk is not OK
ndots strikes me as a chocolate soldier in the fire used to warm the
13 matches
Mail list logo