Hi Shane
On Tue, Sep 29, 2015 at 12:02:19PM +, Shane Kerr wrote:
> If a checksum is added it will probably show up in the final fragment.
> An attacker now needs to insure that the final fragment shows up before
> the final fragment from the real authority server. This is not too
> difficult,
On 23 September 2015 at 21:40, Dave Lawrence wrote:
> Ted Lemon writes:
>> It would be helpful if the authors could explain why the REFUSED
>> response is being used here.
>
> Not to be glib, but because that's what Wilmer originally specified.
> That's thus what got implemented by
Jiankang Yao,
I think a simpler approach that works in general is the "HAMMER"
approach proposed by Warren Kumari, Roy Arends, and Suzanne Woolf a
couple of years ago:
https://tools.ietf.org/html/draft-wkumari-dnsop-hammer
Basically the idea is that if a query is made for a RRSET that is near
All,
On Mon, 28 Sep 2015 16:53:25 +0100
Andras Salamon wrote:
> On Mon, Sep 28, 2015 at 07:59:00AM -0400, Joe Abley wrote:
> >This document describes existing practice, and provides guidance for
> >people who need to bootstrap a validator using the mechanisms provided
> >by
Paul(s) & all,
tl;dr a checksum adds some small benefit for a moderate cost... worth
it?
On Mon, 28 Sep 2015 10:21:54 -0700
Paul Vixie wrote:
> Paul Hoffman wrote:
> > Paul's "no" (which I agree with) shows what might be a fatal flaw in
> >
On 29 Sep 2015, at 2:20, Shane Kerr wrote:
Jiankang Yao,
I think a simpler approach that works in general is the "HAMMER"
approach proposed by Warren Kumari, Roy Arends, and Suzanne Woolf a
couple of years ago:
https://tools.ietf.org/html/draft-wkumari-dnsop-hammer
A huge +1 to this. The
Hi Jiankang,
What reason do you have to think that response latency from root servers
has any measurable impact on end-user experience?
Queries to root servers from individual clients are sent very
infrequently, in my experience; the TTLs are not short. The probability
that any client of a
Joe Abley wrote:
>
> +---+---+-+
> | Value | Type | Status, Remarks |
> +---+---+-+
> | 0 | EMPTY | Empty digest|
> | 1
On 26 Sep 2015, at 2:55, Terry Manderson wrote:
Thank you for writing this document and describing how it is done and
also the risks of doing this, and most importantly why it should not
be
done on a whim or by default.
I concur that this is not a new idea. In fact I implemented a similar
On 28 Sep 2015, at 6:53, Benoit Claise wrote:
--
COMMENT:
--
Malicious third
parties might be able to observe that traffic on the network between
the
Hi Joe
Thank you for this review. See comments below:
On Mon, Sep 28, 2015 at 07:53:10PM -0400, Joe Abley wrote:
>
>
> On 28 Sep 2015, at 11:51, Mukund Sivaraman wrote:
>
> > o draft-muks-dnsop-dns-message-checksums-00
> >Initial draft (renamed version). Removed the NONCE-COPY field as
From: Joe Abley
Date: 2015-09-29 23:00
To: yaojk
CC: dnsop
Subject: Re: [DNSOP] New Version Notification for
draft-yao-dnsop-root-cache-00.txt
>Hi Jiankang,
>What reason do you have to think that response latency from root servers
>has any measurable impact on end-user experience?
>
I think
On Sep 29, 2015, at 2:53 AM, Shane Kerr wrote:
>> On Mon, Sep 28, 2015 at 07:59:00AM -0400, Joe Abley wrote:
>>> This document describes existing practice, and provides guidance for
>>> people who need to bootstrap a validator using the mechanisms provided
>>> by ICANN
David Dagon writes:
> I have some concerns, which I describe below. [...]
David,
Thank you very much for your thoughtful comments. Broadly speaking, I
very much agree with the bulk of them. Yet my current reaction is not
to make any more alterations to the existing document. It describes
the
14 matches
Mail list logo