On Fri, 17 Apr 2020 at 10:27, Olaf Kolkman wrote:
> Looking for this:
> https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml ?
>
I guess we were.
The extraneous bits appear to be remnants of DNSKEY's previous life as a
KEY RR, defined in RFC2535 3.1.2, and presumably now obsolete.
Looking for this:
https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml ?
—Olaf
PS. Haven’t looked at this code for over a decade. That last croak,
Postel principle violation?
On 16 Apr 2020, at 23:08, Dick Franks wrote:
Warren,
Comments in line
On Thu, 16 Apr 2020 at
Warren,
Comments in line
On Thu, 16 Apr 2020 at 20:31, Warren Kumari wrote:
>8
> Just checking - the DNSKEY Flags field is 16 bits, and we have so far burned:
> Bit 15 - SEP
> Bit 7 - Zone key
> Bit 8 - Revoked
> Did I miss any (I wasn't able to find a registry for this)?
>
> If not, we still
On Tue, Apr 14, 2020 at 10:39 PM Ben Schwartz
wrote:
>
> Thanks for the explanation, Paul. Overall, I agree that Powerbind seems
> low-risk, so I don't mind it being available for people who care about it.
Just checking - the DNSKEY Flags field is 16 bits, and we have so far burned:
Bit 15 -
> Il 15/04/2020 02:24 Paul Wouters ha scritto:
>
> And we might disagree about the value of enforcment. But as I tried
> to explain during the meeting, the value added is not for our little
> community of engineers that trust each other. It is for people at large
> to not need to trust some
On Tue, Apr 14, 2020 at 08:24:20PM -0400,
Paul Wouters wrote
a message of 108 lines which said:
> > I'm still not able to understand this. Suppose nic.footld puts a
> > statement for humans on their website that says ".footld promises
> > to be delegation-only".
>
> First, this approach
Hello everyone,
my impression from yesterday is that authors of Powerbind draft assume that
everyone else has an idea how DNSSEC Transparency should be implemented, and
this makes discussion much harder because IMHO this assumption does not hold.
Could authors elaborate on proposed DNSSEC
The DS record doesn’t have a flag field. If you want to add flags or otherwise
extend DS records it requires new DS algorithms that encode the flags/extensions
inside the digest field. Its incrementally doable and has implications for all
future DS algorithms. That said this proposal doesn’t
a bit in the parent (DS RRset) to say this delegation point is itself
delegation-only would be more interesting. perhaps a way to assure compliance
with a contract, thus preventing any ambiguity along the lines of
"sitefinder".
but a bit in the apex (DNSKEY RRset) is still interesting, as a
On Tue, 14 Apr 2020, Ben Schwartz wrote:
The point of powerbind is to specifically state "I'm delegation only".
Without knowledge of that, you end up having to log everything, per your
own conclusion, because there is no way to know if its a delegation-only
zone.
I'm
> On 15 Apr 2020, at 09:34, Ben Schwartz
> wrote:
>
>
>
> On Tue, Apr 14, 2020, 6:16 PM Wes Hardaker wrote:
> Ben Schwartz writes:
>
> > If I understand correctly, the Powerbind draft is designed to reduce
> > the amount of data that must be logged in order to verify appropriate
> > use
On Tue, Apr 14, 2020, 6:16 PM Wes Hardaker wrote:
> Ben Schwartz writes:
>
> > If I understand correctly, the Powerbind draft is designed to reduce
> > the amount of data that must be logged in order to verify appropriate
> > use of a DNSKEY "K" for a delegation-only zone. I'm trying to
Ben Schwartz writes:
> If I understand correctly, the Powerbind draft is designed to reduce
> the amount of data that must be logged in order to verify appropriate
> use of a DNSKEY "K" for a delegation-only zone. I'm trying to compare
> the amount of logging required with and without
13 matches
Mail list logo
