On Fri, 2020-07-31 at 00:23 +0100, Tony Finch wrote:
> * should set the DONTFRAG option on responses
>
> * should listen for ICMP frag needed packets, and react by re-sending the
> response (which is embedded in the ICMP packet) with a TC bit set
Only part of the response is embedded in the
On Jul 31, 2020, at 05:06, Vladimír Čunát wrote:
>
> Hello dnsop.
>
> So far it's been clear. But now... how do we know that this fake
> victim.evil DS set was not submitted by the registrant? I assume every
> registrant is supposed to watch the logs from everyone for such fakes?
> Sounds
> On 31 Jul 2020, at 19:46, Pieter Lexis wrote:
>
> Hi folks,
>
> I'm working on implementing SVCB and HTTPS in PowerDNS and I have some
> questions about the wire-format for the multi-value parameters like
> ipv{4,6}hint and alpn.
>
> When there are multiple IP addresses in a hint, in what
Hello dnsop.
Let me start a simple thought experiment - attacking the planned
scheme. It feels like I'm missing some part of the defense.
A .evil registry is using the DELEGATION_ONLY flag. They additionally
sign a different victim.evil DS set, say adding hash of a DNSKEY they
generated
