Hi Peter,
Thanks for the feedbacks. I agree that the idea of shortening the TTL based
on all TTLs of the chains may be too intrusive and not respect the
willingness of the authoritative server - which also needs to be taken into
account. One other reason we removed such recommendation was also
Hi Daniel,
On 5/18/23 02:26, Daniel Migault wrote:
On 5/17/23 22:01, Daniel Migault wrote:
> I agree but as far as can see the cap of the TTL with a revalidation
will only resync the resolver and the zone more often than could be expected
otherwise but does not result in the cached
Hi Peter,
Thanks for the response. I think I need to understand better how
revalidation is performed.
Yours,
Daniel
On Wed, May 17, 2023 at 4:26 PM Peter Thomassen wrote:
> Hi Daniel,
>
> On 5/17/23 22:01, Daniel Migault wrote:
> > I agree but as far as can see the cap of the TTL with a
Hi Peter,
Thanks you very much for these comments. I will look carefully how to
implement carefully these comments in our new version.
Yours,
Daniel
On Tue, May 16, 2023 at 1:08 PM Peter Thomassen wrote:
>
>
> On 5/12/23 23:09, Viktor Dukhovni wrote:
> > Repost of my belated comments in the
Hi Daniel,
On 5/17/23 22:01, Daniel Migault wrote:
I agree but as far as can see the cap of the TTL with a revalidation will not
only resync the resolver and the zone more often than could be expected
otherwise but does not result in the cached RRsets differing from those
provided by the
Hi Viktor,
Thanks for the feedbacks. Please see my comment/responses below.
Yours,
Daniel
On Fri, May 12, 2023 at 5:10 PM Viktor Dukhovni
wrote:
> On Wed, Oct 19, 2022 at 03:21:27PM -0400, Tim Wicinski wrote:
>
> > This starts a Working Group Last Call for
> > draft
On 5/12/23 23:09, Viktor Dukhovni wrote:
Repost of my belated comments in the thread, apologies about not doing
it right the first time...
Inspired by Viktor's comments, I spent some time to give the document a
thorough review.
I'd like to support Viktor's comments on the dependent RRset
On Wed, Oct 19, 2022 at 03:21:27PM -0400, Tim Wicinski wrote:
> This starts a Working Group Last Call for
> draft-ietf-dnsop-dnssec-validator-requirements
>
> Current versions of the draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validat
: Re: [DNSOP] Working Group Last Call for
draft-ietf-dnsop-dnssec-validator-requirements
All
Daniel and I noticed some weird formatting issues with his -02 draft, so he's
pushed out -03 which is just fixing some broken formatting.
Tim
On Tue, Jan 24, 2023 at 2:28 PM Tim Wicinski
mailto:tjw.i
All
Daniel and I noticed some weird formatting issues with his -02 draft, so
he's pushed out -03 which is just fixing some broken formatting.
Tim
On Tue, Jan 24, 2023 at 2:28 PM Tim Wicinski wrote:
> Thanks Daniel. We've been waiting for your updated draft.
>
> tim
>
>
> On Tue, Jan 24,
ok, I just posted the 02 version.
Yours,
Daniel
On Tue, Jan 24, 2023 at 2:28 PM Tim Wicinski wrote:
> Thanks Daniel. We've been waiting for your updated draft.
>
> tim
>
>
> On Tue, Jan 24, 2023 at 10:14 AM Daniel Migault
> wrote:
>
>> Hi,
>>
>> If you think I have addressed all comments I
Thanks Daniel. We've been waiting for your updated draft.
tim
On Tue, Jan 24, 2023 at 10:14 AM Daniel Migault wrote:
> Hi,
>
> If you think I have addressed all comments I received, if you believe that
> is not the case or if there are other comments, please let me know.
> Otherwise I
Hi,
If you think I have addressed all comments I received, if you believe that
is not the case or if there are other comments, please let me know.
Otherwise I expect to publish a new version by the end of the week.
Yours,
Daniel
On Fri, Jan 13, 2023 at 5:21 PM Daniel Migault wrote:
> Hi,
>
>
Hi,
I am just wondering if you have any further comments or thoughts or we
declare your concerns being addressed. If you think we are fine, just let
me know.
Yours,
Daniel
On Tue, Jan 3, 2023 at 7:14 PM Daniel Migault wrote:
> Hi Vladimir and Florian,
>
> Thanks for the comment regarding the
Hi Vladimir and Florian,
Thanks for the comment regarding the use of 5011, to update the
trust anchors. There are two situations where TAs need to be updated:
* 1) configuration so the server instances are started with
the up-to-date TA.
* 2) a running resolver instance that has been started with
On 15/12/2022 23.36, Daniel Migault wrote:
I don't see the part about extended errors as problematic (RFC
8914). It really seems to be getting into (open-source)
implementations and it can help with debugging in some cases,
though deploying it is probably not very important
Hi Peter and Vladimir,
The disconnect between the requirements and the recommendations effectively
reflects the misconception we had in the beginning. We have always wanted
to provide guidelines to DRO and started listing some requirements for the
software. However, the operators generally are
On Mon, Nov 28, 2022 at 6:29 AM Vladimír Čunát
wrote:
> On 25/11/2022 18.26, Daniel Migault wrote:
>
> So let me know how we came to this lines and I suspect we do share some
> similar concerns. A recurrent question and reticence we receive from MNO
> and ISPs regarding DNSSEC is that they are
On 12/15/22 15:01, Vladimír Čunát wrote:
On 15/12/2022 14.45, Peter Thomassen wrote:
In what sense is this document "informational" when it is called "validator requirements", or, conversely, in what sense does it spell out "requirements" when it is only "informational" and not "standards
On 15/12/2022 14.45, Peter Thomassen wrote:
In what sense is this document "informational" when it is called
"validator requirements", or, conversely, in what sense does it spell
out "requirements" when it is only "informational" and not "standards
track"?
The current *title* says
10/19/22 21:21, Tim Wicinski wrote:
This starts a Working Group Last Call for
draft-ietf-dnsop-dnssec-validator-requirements
Current versions of the draft is available here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
<https://datatracker.ietf.org/doc/draft-ie
On 25/11/2022 18.26, Daniel Migault wrote:
So let me know how we came to this lines and I suspect we do share
some similar concerns. A recurrent question and reticence we receive
from MNO and ISPs regarding DNSSEC is that they are really scared
about having the cache with incoherent RRsets in
On 2022-11-25 12:26 -05, Daniel Migault wrote:
> On Wed, Nov 23, 2022 at 10:29 AM Vladimír Čunát
> wrote:
>> I am surprised you would not recommend RFC 5011
>>
>> 5011 needs persistent state, a thing that resolvers/validators often don't
>> need at all otherwise (cache is safe to delete). 5011
On Wed, Nov 23, 2022 at 10:29 AM Vladimír Čunát
wrote:
> OK, thanks. The changes are certainly improvements, in my eyes. Below
> I'll further clarify what I meant.
>
> 4033 indicates it does not make much sense to keep a RRSIG whose validity
> period has expired ( TTL > Validity period).
>
>
OK, thanks. The changes are certainly improvements, in my eyes. Below
I'll further clarify what I meant.
4033 indicates it does not make much sense to keep a RRSIG whose
validity period has expired ( TTL > Validity period).
Yes, I should stress that I do agree with trimming TTL of whole
Hi Vladimir,
Thanks for the feedback and see inline my comments.
You can also find teh changes made on the PR below:
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/8238c76899bc5a40b1c5234b623ea44fd3f31c77
Yours,
Daniel
On Wed, Nov 16, 2022 at 3:51 PM Vladimír
-validator-requirements/pull/9/commits/5177f1b460db5a6db89b4c73032838441de1840b
Yours,
Daniel
On Wed, Oct 19, 2022 at 5:21 PM Brian Dickson
wrote:
>
>
> On Wed, Oct 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>>
>>
>> This starts a Working Group Last Call for
>&g
Hello.
I don't know... my opinions often differ from recommendations of this
draft, but ultimately it's subjective to some degree. As feedback was
requested on IETF 115, let me highlight more significant differences in
this e-mail, though I dislike arguing about (mostly) opinions.
Nit:
On Wed, Oct 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>
> This starts a Working Group Last Call for
> draft-ietf-dnsop-dnssec-validator-requirements
>
> Current versions of the draft is available here:
>
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnsse
t 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>>
>>
>> This starts a Working Group Last Call for
>> draft-ietf-dnsop-dnssec-validator-requirements
>>
>> Current versions of the draft is available here:
>>
>> https://datatracker.ietf.org/doc/draft
the WGLC
until the authors have had a chance to review/respond to the comments
- State the opinion that the document is not ready for publication,
based on the comments
Brian
On Wed, Oct 19, 2022 at 12:22 PM Tim Wicinski wrote:
>
>
> This starts a Working Group Last Call fo
This starts a Working Group Last Call for
draft-ietf-dnsop-dnssec-validator-requirements
Current versions of the draft is available here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-validator-requirements/
The Current Intended Status of this document is: Informational
Please review
32 matches
Mail list logo