-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/05/2012 12:48 AM, Alfred � wrote:
Here we go with part (B); if deemed necessary, please consider
to provide feedback for the items below on the list.
Again, all items that are adopted without feedback necessary have been
omitted from this
Shane Kerr sh...@isc.org wrote:
For example, I know someone who regularly forgets to re-sign his zones.
That's just stupid. There are a lot of sensible words in Jason's draft
to say that negative trust anchors should not be used as a long-term
workaround for some third party's persistent
Nicholas,
On Wednesday, 2012-04-11 06:28:49 -0700,
Nicholas Weaver nwea...@icsi.berkeley.edu wrote:
b) Actually, I think it should also be auto removed once the
condition is fixed: Continue to attempt to validate the zone in
question. When the zone validates again, the default behavior
Tony,
On Wednesday, 2012-04-11 15:20:50 +0100,
Tony Finch d...@dotat.at wrote:
Shane Kerr sh...@isc.org wrote:
For example, I know someone who regularly forgets to re-sign his
zones.
That's just stupid. There are a lot of sensible words in Jason's draft
to say that negative trust
On 11 Apr 2012, at 15:48, Shane Kerr wrote:
Disabling DNSSEC validation for broken domains seems completely
rational, at least for some types of brokenness.
+1
The problem here is this becomes a local policy/configuration matter
and the experience you outlined still occurs Shane. Sometimes
On Apr 4, 2012, at 8:41 AM, Joe Abley wrote:
On 2012-04-04, at 08:20, William F. Maton Sotomayor wrote:
It seems that after delivering my presentation on subsequent AS112
delegations in Quebec City, I hadn't recalled what the group thought about
adopting this work as a dnsop item.
On 2012-04-11, at 12:09, Wes Hardaker wrote:
On Wed, 11 Apr 2012 06:28:49 -0700, Nicholas Weaver
nwea...@icsi.berkeley.edu said:
NW a) If end-time is specified as a date, not an interval, you can set
NW the date to be 'end of epoch', so you can basically have it 'stay
NW forever', even
Joe
on 2012-04-11 17:56 Joe Abley said the following:
[...]
; example.com's DNSSEC is broken, let's not use it for a day
example.com NTA 20120412162716 20120411162716 ticket [HOPCOUNT-12345]
jab...@hopcount.ca
example.com RRSIG ...
[...]
just a tiny nit to pick, would not the '@' in
On Wed, 11 Apr 2012, Shane Kerr wrote:
Disabling DNSSEC validation for broken domains seems completely
rational, at least for some types of brokenness.
So someone will make a browser plugin to enable this. Let them.
Paul
___
DNSOP mailing list
Matthijs,
thanks for dealing with my comments so expeditiously.
(This extends to the other review comments as well.)
Please see a few follow-up remarks inline below.
On 11 Apr 2012 15:47:33 +0200, Matthijs Mekking wrote:
Hi,
On 04/05/2012 12:41 AM, Alfred Hönes wrote:
After a long delay, I
Matthijs,
again thanks for your quick and detailed response and action.
A few selected follow-up remark can be found inline below.
On 11 Apr 2012 15:48:26 +0200, Matthijs Mekking wrote:
On 04/05/2012 12:48 AM, Alfred Hönes wrote:
Here we go with part (B); if deemed necessary, please consider
On 11 April 2012 14:48, Matthijs Mekking matth...@nlnetlabs.nl wrote:
On 04/05/2012 12:48 AM, Alfred � wrote:
| o Signature validity period The time interval during which a
| signature is valid. It starts at the (absolute) time specified in
| the signature inception field of
12 matches
Mail list logo