The 7 Layer model is a useful tool to talk about things, its not a rei-fied
thing. That said, apparent layer violations invite critique because they
inherently carry architectural consequence.
I think the overloading of a (semantic space) name to have special
properties to take it out of the syste
With onion you get a rather different thing that looks like an open
TCP connection, a couple of levels up the protocol stack.
Strictly an Onion address yields you a _real_ TCP connection to your
SOCKS server, ...
It's certainly a virtual circuit, but it's not a TCP connection because
the end
Stephen,
Sorry for being so blunt below.
The document totally content free as to why this makes any sense in an
operational context.
DNSSEC algorithms should not be given out lightly as there is a significant
COST to deploy support for each additional algorithm.
While I strongly support having b
Hiya!
> On Dec 5, 2015, at 03:44, John Levine wrote:
>
> With onion you get a rather different thing that looks like an open
> TCP connection, a couple of levels up the protocol stack. So if the
> theory is that these special names are doing a protocol switch, it's
> not one switch, it's potent
Objections so far
* The approach is dated (not fast prime rigid) and the randomness isn't
established to be rigid.
* DNSSEC requires a single algorithm for interop
* The code points are 8 bit and thus scarce
* We should do Curdle first.
I am opposed to Brainpool for all the above and in addition,
Hi Jared,
Thanks a lot for your quick response.
>
> People have done things similar to this over the years. I remember software
> once distributed UNENCODED over sequenced DNS TXT records.
>
> It seems something like TXT would be the best way to do this, eg:
>
> dig txt 1.255.42.204.in-addr.ar
> On Dec 9, 2015, at 3:25 PM, Hosnieh Rafiee wrote:
>
> Hi,
>
> Since DNS is a very important service on the internet, for several security
> processes, it can be used as a powerful system. So far, some resource
> records were proposed for certificates, keys and other values.
>
> I would like
Mark Andrews wrote:
> In message <35c15c68-b6db-4970-b816-9295c123e...@dnss.ec>,
> =?utf-8?Q?=F0=9F=94=92Roy_Arends?= writes:
> > We'd end up adding stuff to a response in order to make it shorter.
>
> We'd end up changing a 0x00 to a 0x01 in the OPT record.
>
> > Is there a clear benefit (short
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : The EDNS Key Tag Option
Author : Duane Wessels
Filename: draft-iet
Hi,
Since DNS is a very important service on the internet, for several security
processes, it can be used as a powerful system. So far, some resource
records were proposed for certificates, keys and other values.
I would like to suggest the following format (this is the rough version and
it is no
Forwarded Message
Subject: code points for brainpool curves for DNSSEC
Date: Wed, 9 Dec 2015 18:00:18 +
From: Stephen Farrell
To: s...@ietf.org
Hiya,
The brainpool folks have written an I-D [1] that they are pushing
through the rfc editor's independent stream. [2]
That
In message <35c15c68-b6db-4970-b816-9295c123e...@dnss.ec>,
=?utf-8?Q?=F0=9F=94=92Roy_Arends?= writes:
> We'd end up adding stuff to a response in order to make it shorter.
We'd end up changing a 0x00 to a 0x01 in the OPT record.
> Is there a clear benefit (shorter responses)? Can you show me a
12 matches
Mail list logo