note: replying only to dnsop@. no thread is ever appropriate for dnsop@
plus some other mailing list. please stop cc'ing dns-operations@ on your
replies; this is not an operational thread, and the people in the dns
community who care about protocol development, are probably on both lists.
Mark
removing dns-operations@ as a cc. one mailing list at a time, please?
Michael Sinatra wrote:
On 3/16/15 4:15 PM, P Vixie wrote:
Michael, what attacks do you think we can stop by limiting ANY? Paul
...
* These domains are DNSSEC-signed with NSEC3. Many tools set the TTL of
NSEC3PARAM to
Alec,
On Mar 17, 2015, at 9:20 AM, Alec Muffett al...@fb.com wrote:
Christian’s response clearly distinguishes the separateness of Jake my
document draft-appelbaum-dnsop-onion-tld-00.txt” from his
“draft-grothoff-iesg-special-use-p2p-names”.
Yes. Hopefully, a revised version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/15 18:39, Tim Wicinski wrote:
the implications of widening use of RFC 6761.
*** You certainly mean: the implications of using RFC 6761, given that
so far, it's only been used by its creator, Apple Inc. in RFC 6762 (if
6761 itself is not
Rubens, allow me please to direct your attention to:
https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names
/
Aside: EV certificates are what will be issued for Onion addresses, even
wildcard onion address certificates, for reasons explained on the Ballot.
- alec
On
(cc:s trimmed)
On Tue, Mar 17, 2015 at 04:16:02PM +0100, Christian Grothoff wrote:
it's a Lex Facebook, just like reserving .local was a Lex Apple. I'm not
generally against those at all, but I personally dislike that IETF
passes things
quickly if they are backed by multi-billion dollar
Hi,
draft-hoffman-dns-terminology-02 has the following definition:
Passive DNS -- A mechanism to collect large amounts of DNS data by
storing queries and responses from many recursive resolvers. Passive
DNS databases can be used to answer historical questions about DNS
zones such as
On Tue, Mar 17, 2015 at 12:59:25PM -0400, Richard Barnes wrote:
If an application does not implement tor, and is not tor aware, it
_will_ do a DNS lookup. You can't really go ask the world to stop
doing that. You need to deal with that fact.
The entire point of the special use
These are the drafts I have on special names, reserved TLD, etc. I am
sure I missed something in my list.
http://datatracker.ietf.org/doc/draft-lewis-user-assigned-tlds/
http://datatracker.ietf.org/doc/draft-chapin-additional-reserved-tlds/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Do you have feedback on the idea of an interim meeting for DNSOP to address
these drafts in more depth
*** Thank you Suzanne for your clarification.
My only feedback is that such meeting is very welcome. I hope the
discussion will be
Considering .onion is a non-resolving TLD, how would a CA issue a certificate
for a .onion name that they can't verify whether the requester is the
administrator of that service ? DV certificates can use lots of mechanisms to
verify that, but is one of them feasible for CAs to use ?
Rubens
On Mar 17, 2015, at 4:01 PM, Alec Muffett al...@fb.com
mailto:al...@fb.com wrote:
Hi Rubens!
On 3/17/15, 6:34 PM, Rubens Kuhl rube...@nic.br mailto:rube...@nic.br
wrote:
And where in this ballot is there a need for explicit reserving of
.onion, since CAs already know they
On Tue, 17 Mar 2015, Yunhong Gu wrote:
The reason that this response can be used for an amplification attack is its
size, not the ANY type. A responses
with 200 A records can be used for the same purpose. The (even deeper) root
cause is the use of UDP in DNS protocol.
I just do not think
Before this discussion becomes derailed by discussion of the strategies of
the contents of other proposals, I would like to round this discussion
back to the matter of the draft-appelbaum-dnsop-onion-tld-00.txt document:
Christian’s response clearly distinguishes the separateness of Jake my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/15 12:58, David Conrad wrote:
I doubt arguments of this nature are particular helpful.
*** I feel obliged to reflect this to you.
My personal observation is that one of the problems with your draft
*** Maybe you should direct
On 3/17/15 4:20 PM, Alec Muffett wrote:
Before this discussion becomes derailed by discussion of the strategies of
the contents of other proposals, I would like to round this discussion
back to the matter of the draft-appelbaum-dnsop-onion-tld-00.txt document:
Christian’s response clearly
16 matches
Mail list logo
