Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

On Mon, May 4, 2020 at 11:10 PM Tim Wicinski wrote: > > > > All, > > As we stated in the meeting and in our chairs actions, we're going to run > regular call for adoptions over next few months. > We are looking for *explicit* support for adoption. > > > This starts a Call for Adoption for >

Re: [DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

In article you write: >Please review this draft to see if you think it is suitable for adoption >by DNSOP, and comments to the list, clearly stating your view. It doesn't seem like a bad idea but I'm wondering who's likely to implement it, since that makes it much more interesting.

Re: [DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

I support adoption. I wondered a little about "it is absolutely essential for these transfers to be protected from unexpected modifications on the route. So, catalog zone transfers SHOULD be authenticated using TSIG [RFC2845]." The use of a categorical *absolutely* and SHOULD is jarring. If this

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc2845bis-08.txt

Hi Tim, On Mon, May 11, 2020 at 1:51 PM Tim Wicinski wrote: > Donald > > So you're suggest hmac-sha224 is "MAY" for both Implementation and Use ? > Yes, that would be fine. SHA-224 is just SHA-256 with some different initial vectors and the result truncated to 224 bits. So if you have

Re: [DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

On Mon, May 11, 2020 at 1:42 PM Tim Wicinski wrote: > > All, > > As we stated in the meeting and in our chairs actions, we're going to run > regular call for adoptions over next few months. > We are looking for *explicit* support for adoption. > > > This starts a Call for Adoption for

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc2845bis-08.txt

Donald So you're suggest hmac-sha224 is "MAY" for both Implementation and Use ? On Mon, May 11, 2020 at 12:29 AM Donald Eastlake wrote: > The incremental effort to implement SHA-224 if you are implementing > SHA-256 is miniscule. It makes no sense to me for SHA-224 to be NOT > RECOMMENDED to

[DNSOP] Call for Adoption: draft-toorop-dnsop-dns-catalog-zones

All, As we stated in the meeting and in our chairs actions, we're going to run regular call for adoptions over next few months. We are looking for *explicit* support for adoption. This starts a Call for Adoption for draft-toorop-dnsop-dns-catalog-zones The draft is available here:

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

Hi Tim, Just to clarify, I fully agree there is a lot of similarities and we will work on it with Joe. Yours, Daniel On Thu, May 7, 2020 at 8:16 PM Tim Wicinski wrote: > > Daniel > > Thanks for taking Joe's draft under advice and I agree there is work to be > collaborated on. > > Tim >

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

Thanks Brian. That is really much appreciated! Yours, Daniel On Thu, May 7, 2020 at 1:56 PM Brian Dickson wrote: > > > On Mon, May 4, 2020 at 12:10 PM Tim Wicinski wrote: > >> >> >> All, >> >> As we stated in the meeting and in our chairs actions, we're going to run >> regular call for

Re: [DNSOP] New draft on delegation revalidation

>> Do you plan to maintain the parent/child disjoint NS  >> domain (marigliano.xyz ) going forward? And what >> about the test >> domains for other types of misconfigurations? > > Great idea. Let me look into this, will get back to with that. Done. Check

Re: [DNSOP] I-D Action: draft-pwouters-powerbind-04.txt

On 5/7/20 6:06 AM, Paul Wouters wrote: > On Tue, 5 May 2020, Vladimír Čunát wrote: >> 1. Validation without logging. >> At the end of 3.1 you claim that mode is still useful.  When I focus on >> intentional attacks, signing a malicious DS seems among the easiest >> ones, and that can't be detected