to mark draft-ietf-dnsop-dnssec-validator-requirements as
"Parked" for the time being.
Please note this does not mean the work is of no value. Anyone interested
is welcome to continue working on the subject, and we’re happy to un-park
the draft at some later date if there’s acti
On 6/30/23 22:15, Paul Wouters wrote:
Section 13:
[...]
an attacker being able to provide a rogue trust anchor is potentially
This is not a very realistic attack.
The same section says:
On the other hand,
mishandling Trust Anchor is likely resulting in a validator unable to
Abstract (and Section 2):
Please remove the acronym DRO and just use "operator".
Section 3 (Introduction):
The first two paragraphs of the Introduction can be removed.
Section 4 (Time Recommendations)
This section repeats a lot and could be cut.
But a real issue I have is with
ons and publish a new version very soon. As
> always, comments are welcome.
>
>
> https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-ietf-dnsop-dnssec-validator-requirements.mkd
>
> Yours,
> Daniel
>
> On Thu, Jun 15, 2023 at 8:00 PM
Edward Lewis
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-06.txt
Pages : 18
Date: 2023-06-28
Abstract:
The DNS Security Extensions (DNSSEC) defines a process for validating
received data and assert them
Hi,
I have just drafted a secure transport and a security considerations
section, that I believe provide sufficient guidance to a DRO. I expect to
further review these sections and publish a new version very soon. As
always, comments are welcome.
https://github.com/mglt/draft-mglt-dnsop-dnssec
Hi Christina,
Thanks for the review and the suggestions. Please see my comments inline.
Yours,
Daniel
On Wed, Jun 14, 2023 at 11:56 AM Christian Huitema
wrote:
> I know that the feedback was due last Sunday, but here comes mine
> anyhow, after looking at the latest iteration of the draft.
>
>
Hi Florian,
Thanks for the feed back. One motivation for this document was to provide
guidance to deploy a DNSSEC resolver and implicitly encourage those not
doing it already. I think that your comment was very helpful as it clearly
indicated that we were achieving the opposite of what we were
Hi Andrew,
Thanks for the comment, the current document is much shorter than the
initial document. Regarding grammar, and linguistic issues - I am adding
explanations hard to follow - have been removed and largely rewritten from
scratch. I believe the current version addresses your concerns.
Hi Peter,
Thanks for the feedbacks. I agree that the idea of shortening the TTL based
on all TTLs of the chains may be too intrusive and not respect the
willingness of the authoritative server - which also needs to be taken into
account. One other reason we removed such recommendation was also
On 6/15/23 15:32, Viktor Dukhovni wrote:
I agree that client-side validation would be ideal. One important
aspect here is to save on the latency caused by extra queries; my
impression is that this extra cost is generally considered
prohibitive.
Not sure what you mean by "generally" (is that
On Wed, Jun 14, 2023 at 12:09:23PM -0400, Peter Thomassen wrote:
> > But the focus changes. For example, if we consider that "spoofing by
> > recursive server" is a threat, then having the recursive set bits to
> > affirm that the response is verified is not much of a protection --
> > the
: [EXT] Re: [DNSOP] Current status of
draft-ietf-dnsop-dnssec-validator-requirements
I know that the feedback was due last Sunday, but here comes mine
anyhow, after looking at the latest iteration of the draft.
The draft makes a number of recommendations, which seem all reasonable,
but what struck
Hi Christian,
On 6/14/23 11:55, Christian Huitema wrote:
In the old model, we are very concerned about third parties spoofing responses
and polluting resolver caches. In a secure transport model, the only parties
that can spoof responses are the resolvers themselves: authoritative resolvers
I know that the feedback was due last Sunday, but here comes mine
anyhow, after looking at the latest iteration of the draft.
The draft makes a number of recommendations, which seem all reasonable,
but what struck me was the weak tie between these recommendations and
the security
-- Forwarded message -
From:
Date: Sat, Jun 10, 2023 at 10:06 AM
Subject: [DNSOP] I-D Action:
draft-ietf-dnsop-dnssec-validator-requirements-05.txt
To:
Cc:
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Domain Name
Edward Lewis
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-05.txt
Pages : 14
Date: 2023-06-10
Abstract:
The DNS Security Extensions (DNSSEC) defines a process for validating
received data and assert them
On 2023-06-07 13:08 -04, Tim Wicinski wrote:
> Just a reminder we're looking for any feedback on continuing work on this
> document. The Chairs/OverLord Warren feel significant work on this
> document is needed, but that may not be relevant.
The document seems to have a rather pessimistic view
Just a reminder we're looking for any feedback on continuing work on this
document. The Chairs/OverLord Warren feel significant work on this
document is needed, but that may not be relevant.
We're wrapping this feedback up this Sunday 11 June.
(and Thanks Andrew for your comments)
tim
On
As this document’s shepherd, FWIW I think that if the document does
proceed in the WG it needs significant love and attention. The document
in its current state is not well written and it would require
significant labor to resolve its numerous grammar and linguistic issues.
It’s also very long
All,
The chairs want to thank everyone for the feedback on this document
recently. We've been in discussions with Warren and the authors about this
document, and we have some questions we'd like the working group to help us
resolve.
While this work was relevant when it was first written and
Hi Daniel,
On 5/18/23 02:26, Daniel Migault wrote:
On 5/17/23 22:01, Daniel Migault wrote:
> I agree but as far as can see the cap of the TTL with a revalidation
will only resync the resolver and the zone more often than could be expected
otherwise but does not result in the cached
Hi Peter,
Thanks for the response. I think I need to understand better how
revalidation is performed.
Yours,
Daniel
On Wed, May 17, 2023 at 4:26 PM Peter Thomassen wrote:
> Hi Daniel,
>
> On 5/17/23 22:01, Daniel Migault wrote:
> > I agree but as far as can see the cap of the TTL with a
Hi Peter,
Thanks you very much for these comments. I will look carefully how to
implement carefully these comments in our new version.
Yours,
Daniel
On Tue, May 16, 2023 at 1:08 PM Peter Thomassen wrote:
>
>
> On 5/12/23 23:09, Viktor Dukhovni wrote:
> > Repost of my belated comments in the
Hi Daniel,
On 5/17/23 22:01, Daniel Migault wrote:
I agree but as far as can see the cap of the TTL with a revalidation will not
only resync the resolver and the zone more often than could be expected
otherwise but does not result in the cached RRsets differing from those
provided by the
-ietf-dnsop-dnssec-validator-requirements
> >
> > Current versions of the draft is available here:
> >
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
> >
> > The Current Intended Status of this document is: Informational
> >
On 5/12/23 23:09, Viktor Dukhovni wrote:
Repost of my belated comments in the thread, apologies about not doing
it right the first time...
Inspired by Viktor's comments, I spent some time to give the document a
thorough review.
I'd like to support Viktor's comments on the dependent RRset
On Wed, Oct 19, 2022 at 03:21:27PM -0400, Tim Wicinski wrote:
> This starts a Working Group Last Call for
> draft-ietf-dnsop-dnssec-validator-requirements
>
> Current versions of the draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validat
> Recommendations for DNSSEC Resolvers Operators
>draft-ietf-dnsop-dnssec-validator-requirements-04
Before I dive into some paragraph-by-paragraph details, and bury the
lede, my main high-level issue is with sections 9, primarily on
substance, but also for IMHO n
Since it is in WGLC – are you able to close out the issues in Github?
(https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/issues)
Jason
From: DNSOP on behalf of Tim Wicinski
Date: Tuesday, January 24, 2023 at 21:55
To: Daniel Migault
Cc: Florian Obser , dnsop
Subject
Edward Lewis
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-04.txt
Pages : 26
Date: 2023-01-25
Abstract:
The DNS Security Extensions (DNSSEC) define a process for validating
received data and assert them
d initially, which is to
>>>> leave that to DRO with DNSSEC strong expertise and recommend to
>>>> only stay with software updates. If there are any strong feelings on just
>>>> relying on software updates and leaving 5011 to DNSSEC experts, I am also
>>
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-03.txt
Pages : 26
Date: 2023-01-24
Abstract:
The DNS Security Extensions (DNSSEC) define a process for validating
received data and assert them authentic and complete as opposed
nd to
>>>> only stay with software updates. If there are any strong feelings on just
>>>> relying on software updates and leaving 5011 to DNSSEC experts, I am also
>>>> fine to push toward such a direction.
>>>>
>>>> I updated the text as
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-02.txt
Pages : 26
Date: 2023-01-24
Abstract:
The DNS Security Extensions (DNSSEC) define a process for validating
received data and assert them authentic and complete as opposed
tes and leaving 5011 to DNSSEC experts, I am also
>>> fine to push toward such a direction.
>>>
>>> I updated the text as follows:
>>> * clarifying TA updates for configuration versus running instances
>>> * clarifying 5011 dot not apply for updating con
follows:
>> * clarifying TA updates for configuration versus running instances
>> * clarifying 5011 dot not apply for updating configuration - at least as
>> a primary mechanism
>> * emphasize that the non default model is only recommended for DRO with
>> DNSSEC expert
r DRO with
> DNSSEC expertise
> * adding that TA update for running resolver may be performed also by
> software update under the condition the DRO is likely to ensure a very
> recent release is run.
> * add a recommendation that when 5011 is used, the signer needs to
> implement
that when 5011 is used, the signer needs to
implement 5011 timings.
The changes can be seen there:
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/dbb75b72a1806520ac77cf04424b0f6de0df29b5
Yours,
Daniel
On Sun, Nov 27, 2022 at 7:26 AM Florian Obser
wrote:
> On 2022-11
On 15/12/2022 23.36, Daniel Migault wrote:
I don't see the part about extended errors as problematic (RFC
8914). It really seems to be getting into (open-source)
implementations and it can help with debugging in some cases,
though deploying it is probably not very important
Hi Peter and Vladimir,
The disconnect between the requirements and the recommendations effectively
reflects the misconception we had in the beginning. We have always wanted
to provide guidelines to DRO and started listing some requirements for the
software. However, the operators generally are
On Mon, Nov 28, 2022 at 6:29 AM Vladimír Čunát
wrote:
> On 25/11/2022 18.26, Daniel Migault wrote:
>
> So let me know how we came to this lines and I suspect we do share some
> similar concerns. A recurrent question and reticence we receive from MNO
> and ISPs regarding DNSSEC is that they are
On 12/15/22 15:01, Vladimír Čunát wrote:
On 15/12/2022 14.45, Peter Thomassen wrote:
In what sense is this document "informational" when it is called "validator requirements", or, conversely, in what sense does it spell out "requirements" when it is only "informational" and not "standards
On 15/12/2022 14.45, Peter Thomassen wrote:
In what sense is this document "informational" when it is called
"validator requirements", or, conversely, in what sense does it spell
out "requirements" when it is only "informational" and not "standards
track"?
The current *title* says
10/19/22 21:21, Tim Wicinski wrote:
This starts a Working Group Last Call for
draft-ietf-dnsop-dnssec-validator-requirements
Current versions of the draft is available here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
<https://datatracker.ietf.org/doc/draft-ie
On 25/11/2022 18.26, Daniel Migault wrote:
So let me know how we came to this lines and I suspect we do share
some similar concerns. A recurrent question and reticence we receive
from MNO and ISPs regarding DNSSEC is that they are really scared
about having the cache with incoherent RRsets in
On 2022-11-25 12:26 -05, Daniel Migault wrote:
> On Wed, Nov 23, 2022 at 10:29 AM Vladimír Čunát
> wrote:
>> I am surprised you would not recommend RFC 5011
>>
>> 5011 needs persistent state, a thing that resolvers/validators often don't
>> need at all otherwise (cache is safe to delete). 5011
Hi James,
Thanks for the review. Please see inline my responses as well as the
changes below:
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/074ff71844b076b6e83ba8e0134a224b5f5617f9
Yours,
Daniel
On Thu, Nov 24, 2022 at 2:07 AM James Gannon via Datatracker <
n
On Wed, Nov 23, 2022 at 10:29 AM Vladimír Čunát
wrote:
> OK, thanks. The changes are certainly improvements, in my eyes. Below
> I'll further clarify what I meant.
>
> 4033 indicates it does not make much sense to keep a RRSIG whose validity
> period has expired ( TTL > Validity period).
>
>
Reviewer: James Gannon
Review result: On the Right Track
Reviewer: James Gannon
Review Result: On the right track
As this is an early review (And also my first ietf review so please feel free
to offer feedback on its usefulness!) its a mix of general comments and some
more detailed comments on
OK, thanks. The changes are certainly improvements, in my eyes. Below
I'll further clarify what I meant.
4033 indicates it does not make much sense to keep a RRSIG whose
validity period has expired ( TTL > Validity period).
Yes, I should stress that I do agree with trimming TTL of whole
Hi Vladimir,
Thanks for the feedback and see inline my comments.
You can also find teh changes made on the PR below:
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/8238c76899bc5a40b1c5234b623ea44fd3f31c77
Yours,
Daniel
On Wed, Nov 16, 2022 at 3:51 PM Vladimír
-validator-requirements/pull/9/commits/5177f1b460db5a6db89b4c73032838441de1840b
Yours,
Daniel
On Wed, Oct 19, 2022 at 5:21 PM Brian Dickson
wrote:
>
>
> On Wed, Oct 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>>
>>
>> This starts a Working Group Last Call for
>&g
: the following part doesn't make sense to me, as signature validity
period is normally way over the TTL anyway (and it's really a bug if it
got shorter):
Section 8.1 of [RFC4033
<https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-validator-requirements-01.html#RFC4033>]
mention the a
On Wed, Oct 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>
> This starts a Working Group Last Call for
> draft-ietf-dnsop-dnssec-validator-requirements
>
> Current versions of the draft is available here:
>
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnsse
t 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>>
>>
>> This starts a Working Group Last Call for
>> draft-ietf-dnsop-dnssec-validator-requirements
>>
>> Current versions of the draft is available here:
>>
>> https://datatracker.ietf.org/doc/draft
r
> draft-ietf-dnsop-dnssec-validator-requirements
>
> Current versions of the draft is available here:
>
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
>
> The Current Intended Status of this document is: Informational
>
> Please review t
This starts a Working Group Last Call for
draft-ietf-dnsop-dnssec-validator-requirements
Current versions of the draft is available here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
The Current Intended Status of this document is: Informational
Please review
Dan York
> Filename :
> draft-ietf-dnsop-dnssec-validator-requirements-01.txt
> Pages : 23
> Date: 2022-05-13
>
> Abstract:
>The DNS Security Extensions (DNSSEC) define a process for validating
>received dat
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-01.txt
Pages : 23
Date: 2022-05-13
Abstract:
The DNS Security Extensions (DNSSEC) define a process for validating
received data and assert them authentic and complete
Edward Lewis
Dan York
Filename: draft-ietf-dnsop-dnssec-validator-requirements-00.txt
Pages : 23
Date: 2020-05-21
Abstract:
The DNS Security Extensions define a process for validating received
data and assert
;
> > As we stated in the meeting and in our chairs actions, we're going to run
> > regular call for adoptions over next few months.
> > We are looking for *explicit* support for adoption.
> >
> >
> > This starts a Call for Adoption for
> draft-mglt-dnsop-dn
; This starts a Call for Adoption for
> draft-mglt-dnsop-dnssec-validator-requirements
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/
>
I support adoption of the draft and i'm willing to review it.
>
> Please review this
hat boostrapping for the root zone should be
>> extended to other TA.
>>
>> Yep.
>>
>> > There are clearly some overlap between the two drafts and I also have
>> the impression the drafts can be merged.
>> > the following issue has been opened:
>>
ctions, we're going to run
>> regular call for adoptions over next few months.
>> We are looking for *explicit* support for adoption.
>>
>>
>> This starts a Call for Adoption for
>> draft-mglt-dnsop-dnssec-validator-requirements
>>
>> The draft is available
Moin!
On 4 May 2020, at 21:08, Tim Wicinski wrote:
This starts a Call for Adoption for
draft-mglt-dnsop-dnssec-validator-requirements
The draft is available here:
https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/
Please review this draft to see if you think
+1.
Agree with Stephane and support adoption of this draft.
Thanks
Sanjay
Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements
Stephane Bortzmeyer Wed, 06 May 2020 08:48 UTCShow
header<https://mailarchive.ietf.org/arch/browse/dnsop/>
On Mon, May 04, 2020 at
sociated with
> bootstrapping mechanism and that boostrapping for the root zone should be
> extended to other TA.
>
> Yep.
>
> > There are clearly some overlap between the two drafts and I also have
> the impression the drafts can be merged.
> > the following issue has been opened:
> &g
drafts can be merged.
> the following issue has been opened:
> https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/issues/7
Happy to help with that if it's something that the authors/working group decide
is useful.
I support adoption of this draft, now that I've read it prop
to other TA.
There are clearly some overlap between the two drafts and I also have the
impression the drafts can be merged.
the following issue has been opened:
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/issues/7
Yours,
Daniel
On Thu, May 7, 2020 at 2:17 PM Joe Abley wrote
On 4 May 2020, at 15:08, Tim Wicinski wrote:
> This starts a Call for Adoption for
> draft-mglt-dnsop-dnssec-validator-requirements
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/
>
>
> Please
Thanks for the feed back Shumon,
I agree that we should at least clarify where the responsibilities are so
the mechanisms become more focused on smoothing the edges rather that
compensating what the other party may not do.
I also agree that fixed values might be more appropriated and the RDO
Call for Adoption for
> draft-mglt-dnsop-dnssec-validator-requirements
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/
> <https://datatracker..ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/>
On Thu, May 7, 2020 at 8:34 AM Shumon Huque wrote:
> On Wed, May 6, 2020 at 4:49 AM Stephane Bortzmeyer
> wrote:
>
>> On Mon, May 04, 2020 at 03:08:20PM -0400,
>> Tim Wicinski wrote
>> a message of 64 lines which said:
>>
>> > This starts a Call for
On Thu, May 7, 2020 at 8:34 AM Shumon Huque wrote:
> On Wed, May 6, 2020 at 4:49 AM Stephane Bortzmeyer
> wrote:
>
> The draft apparently do not mention advices on expiration slack (such
>> as val-sig-skew-min and val-sig-skew-max in Unbound). Is there a
>> consensus on (I quote Unbound
On Wed, May 6, 2020 at 4:49 AM Stephane Bortzmeyer
wrote:
> On Mon, May 04, 2020 at 03:08:20PM -0400,
> Tim Wicinski wrote
> a message of 64 lines which said:
>
> > This starts a Call for Adoption for
> > draft-mglt-dnsop-dnssec-validator-requirements
>
> I
SERVFAIL.
>
> >-Original Message-
> >From: DNSOP On Behalf Of Stephane Bortzmeyer
> >Sent: May 6, 2020 4:49 AM
> >To: Tim Wicinski
> >Cc: dnsop ; dnsop-chairs
> >Subject: [EXT] Re: [DNSOP] Call for Adoption:
> draft-mglt-dnsop-dnssec-validator-req
Call for Adoption for
> > draft-mglt-dnsop-dnssec-validator-requirements
>
> I think it is important to have such a document, because DNSSEC
> failures may seriously endanger the deployment of DNSSEC (which is
> already too low). The current draft seems a good starting point and I
>
>Sent: May 6, 2020 4:49 AM
>To: Tim Wicinski
>Cc: dnsop ; dnsop-chairs
>Subject: [EXT] Re: [DNSOP] Call for Adoption:
>draft-mglt-dnsop-dnssec-validator-requirements
>
>On Mon, May 04, 2020 at 03:08:20PM -0400,
> Tim Wicinski wrote
> a message of 64 lines wh
on which will
> force the necessary check at startup. On the other hand 2) works fine
> unless KSK roll over happens and a write error happens. This means that
> most of the time this will work fine and this is what makes it dangerous in
> my opinion.
>
> But again, I am happy to update this wi
rry the old configuration which will
force the necessary check at startup. On the other hand 2) works fine
unless KSK roll over happens and a write error happens. This means that
most of the time this will work fine and this is what makes it dangerous in
my opinion.
But again, I am happy to u
On Mon, May 04, 2020 at 03:08:20PM -0400,
Tim Wicinski wrote
a message of 64 lines which said:
> This starts a Call for Adoption for
> draft-mglt-dnsop-dnssec-validator-requirements
I think it is important to have such a document, because DNSSEC
failures may seriously endanger the depl
I would prefer the second method. I think that is what some software
already does. (BIND?)
--
Bob Harold
>
> Please inline other comments.
>
> Yours,
> Daniel
>
> [1]
> https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dns
lease inline other comments.
Yours,
Daniel
[1]
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements.mkd
[2]
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/f8ab674b12442aff6ba3c72a3ca8f795f24b2df9
file systems.
"Not updating the configuration file prevents a failed
synchronization to to the absence of write permission that are hardly
in the control of the software."
[1]
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dn
2020 at 3:13 PM IETF Secretariat <
> ietf-secretariat-re...@ietf.org> wrote:
>
>>
>> The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in
>> state Call For Adoption By WG Issued (entered by Tim Wicinski)
>>
>> The document is available at
Looks useful, I will review.
--
Bob Harold
On Mon, May 4, 2020 at 3:13 PM IETF Secretariat <
ietf-secretariat-re...@ietf.org> wrote:
>
> The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in
> state Call For Adoption By WG Issued (entered by Tim Wicinski)
&
The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in
state Call For Adoption By WG Issued (entered by Tim Wicinski)
The document is available at
https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements
All,
As we stated in the meeting and in our chairs actions, we're going to run
regular call for adoptions over next few months.
We are looking for *explicit* support for adoption.
This starts a Call for Adoption for
draft-mglt-dnsop-dnssec-validator-requirements
The draft is available here
rs,
Daniel
From: internet-dra...@ietf.org
Sent: Wednesday, April 29, 2020 6:22 PM
To: Daniel Migault; Edward Lewis; Dan York
Subject: New Version Notification for
draft-mglt-dnsop-dnssec-validator-requirements-09.txt
A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-09.tx
ernet-dra...@ietf.org
> Sent: Sunday, November 17, 2019 2:48 AM
> To: Edward Lewis ; Daniel Migault
> ; Dan York
> Subject: New Version Notification for
> draft-mglt-dnsop-dnssec-validator-requirements-08.txt
>
>
> A new version of I-D, draft-mglt-dnsop-dnssec-validator
; Sent: Sunday, November 17, 2019 2:48 AM
> To: Edward Lewis ; Daniel Migault <
> daniel.miga...@ericsson.com>; Dan York
> Subject: New Version Notification for
> draft-mglt-dnsop-dnssec-validator-requirements-08.txt
>
>
> A new version of I-D, draft-mglt-dnsop-dnssec-val
Version Notification for
draft-mglt-dnsop-dnssec-validator-requirements-08.txt
A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-08.txt
has been successfully submitted by Daniel Migault and posted to the IETF
repository.
Name: draft-mglt-dnsop-dnssec-validator
Hi,
Thanks for the feed backs. We discussed your feed backs at the IETF meeting
and ... delayed your response. I apology for it.
Please see my comments inline.
Yours,
Daniel
On Sun, Mar 24, 2019 at 10:41 AM S Moonesamy wrote:
> Hi Daniel,
> At 07:10 AM 23-03-2019, Daniel Migault wrote:
> >We
eak
> convenient for you ?
>
> Yours,
> Daniel
>
> -- Forwarded message -
> From: Daniel Migault
> Date: Wed, Nov 28, 2018 at 1:18 PM
> Subject: [DNSOP] FW: New Version Notification for
> draft-mglt-dnsop-dnssec-validator-requirements-07.txt
>
if there is a time
slot available to discuss them. Would Monday during the lunch break
convenient for you ?
Yours,
Daniel
-- Forwarded message -
From: Daniel Migault
Date: Wed, Nov 28, 2018 at 1:18 PM
Subject: [DNSOP] FW: New Version Notification for
draft-mglt-dnsop-dnssec-validator-requirements
To: Edward Lewis ; Daniel Migault
; Dan York
Subject: New Version Notification for
draft-mglt-dnsop-dnssec-validator-requirements-07.txt
A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-07.txt
has been successfully submitted by Daniel Migault and posted to the IETF
repository
Hi,
Thank you for the feed backs Scott. We will address them in the next
version.
The motivation for crypto deprecation is clearly to follow the crypto
recommendations stated by the IETF. However, this requirement for the
validator is to actually "validate" those requirements are effective. The
On 7/19/17, 08:49, "DNSOP on behalf of Rose, Scott (Fed)"
wrote:
>I think this draft is a good idea and should be adopted, but needs some
>improvements first.
>
Thanks for the review, the current version has items needing wider
I think this draft is a good idea and should be adopted, but needs some
improvements first.
1. In Section 4: "unsecure" should be "insecure".
2. REQ2: What should happen when there are multiple trust anchors, but only one
failed to validate? E.g. a validator has both the root and .exampleTLD
1 - 100 of 113 matches
Mail list logo