Re: [DNSOP] review of draft-ietf-dnsop-no-response-issue-05

2016-10-16 Thread Mark Andrews
In message

Re: [DNSOP] ECDSA woes

2016-10-16 Thread Mark Andrews
In message <20161016223109.6856756c8...@rock.dv.isc.org>, Mark Andrews writes: > > In message > , > =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= writes: > > I will be happy to do that, stay tuned as I need to create a special > >

Re: [DNSOP] ECDSA woes

2016-10-16 Thread Mark Andrews
In message , =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= writes: > I will be happy to do that, stay tuned as I need to create a special > signer for it :-) > > Olafur dnssec-signzone + awk + dnssec-dsfromkey works well. e.g.

Re: [DNSOP] ECDSA woes

2016-10-16 Thread Ólafur Guðmundsson
I will be happy to do that, stay tuned as I need to create a special signer for it :-) Olafur On Sun, Oct 16, 2016 at 4:16 AM, Mikael Abrahamsson wrote: > On Sat, 15 Oct 2016, Ólafur Guðmundsson wrote: > > I have domains signed by all combinations of signing algorithms and

[DNSOP] Soliciting feedback for draft-kristoff-dnsop-dns-tcp-requirements

2016-10-16 Thread John Kristoff
Friends, If I could trouble you to consider reviewing this and provide any comments you might have about it, that would be appreciated. Thank you. DNS Transport over TCP - Operational Requirements Abstract This

Re: [DNSOP] review of draft-ietf-dnsop-no-response-issue-05

2016-10-16 Thread Matthew Pounsett
On 9 October 2016 at 21:32, Mark Andrews wrote: > > In message mail.gmail.com>, Matthew Pounsett writes: > > > > My first impression of this document is that it is still in need of some > > extreme editing – mostly for

Re: [DNSOP] review of draft-ietf-dnsop-no-response-issue-05

2016-10-16 Thread Matthew Pounsett
On 10 October 2016 at 12:33, Viktor Dukhovni wrote: > On Tue, Oct 11, 2016 at 01:56:42AM +1100, Mark Andrews wrote: > > > If the IETF was setting servers that went and checked DNS servers > > and informed the operators then the IETF would be in the business > > of

Re: [DNSOP] ECDSA woes

2016-10-16 Thread Mikael Abrahamsson
On Sat, 15 Oct 2016, Ólafur Guðmundsson wrote: I have domains signed by all combinations of signing algorithms and DS digests as well as Nsec variants Ds-n.alg-m-nsec.dnssec-test.org Replace n with 1..4 M with 1..14 Nsec is one of Nsec nsec3 none I'd be veryinterested if you could create an

Re: [DNSOP] ECDSA woes

2016-10-16 Thread Mikael Abrahamsson
On Sun, 16 Oct 2016, Geoff Huston wrote: so I have three tests: A: a validly-signed ECDSA P-256 domain B: an invalidly-signed ECDSA P-256 domain C: an unsigned control now if the resolver does NOT recognise ECDSA we should see a fetch for A, B and C (as they treat both A and B as if they