On 16 mrt 2009, at 16:34, Paul Hoffman wrote:
It feels like a lot of DNSSEC questions these days are being
answered by that's covered if you use RFC 5011. If so, then maybe
proper use of RFC 5011 (such as when to assume that a zone is
*really* being signed, not just for practice) should
Moin!
On 18.03.2009, at 17:37, TSG wrote:
Peter Koch wrote:
Dear WG,
this is to initiate a working group last call on
Requirements for Management of Name Servers for the DNS
draft-ietf-dnsop-name-server-management-reqs-02.txt
Peter - I notice that the standards don't say
Can we *please* get back to a discussion of WGLC on this ID?
The (largely ill-informed) debate about EU Data Protection Directives
can be taken somewhere else. It's not even remotely relevant to this
WG or the draft that's under consideration.
On 18.03.2009, at 17:37, TSG wrote:
Peter - I notice that the standards don't say anything about the
EU's Data Integrity Directive which in fact will effect the
On Thu, Mar 19, 2009 at 11:03:58AM +0100, Ralf Weber wrote:
I'm not sure where you get the numbers, but the EU's population is
Ralf Weber wrote:
Moin!
On 18.03.2009, at 17:37, TSG wrote:
Peter Koch wrote:
Dear WG,
this is to initiate a working group last call on
Requirements for Management of Name Servers for the DNS
draft-ietf-dnsop-name-server-management-reqs-02.txt
Peter - I notice that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also, RFC 5011 may adapt key rollover practices.
In short this means that when a key may be removed because it is
considered dead, it should stay in the zone for one RRSIG TTL more with
its REVOKED bit set before removing it from the zone. This way,
Matthijs Mekking wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also, RFC 5011 may adapt key rollover practices.
In short this means that when a key may be removed because it is
considered dead, it should stay in the zone for one RRSIG TTL more with
its REVOKED bit set before removing it
Paul Hoffman wrote:
As much as I hate to engage in threads like this, I would like to make a
factual correction.
At 11:54 AM -0700 3/19/09, TSG wrote:
By the way since I personally coined the term Trust Anchor in PKIX towards
the late-1990's
This is provably false.
I am glad you