[DNSOP] How does NSEC record(s) prove the Name Error?

Hi Folks, I have a very basic question about NSEC record in DNSSEC validation: How does NSEC record(s) prove the Name Error? In [RFC 4035 5.4. Authenticated Denial of Existence](https://datatracker.ietf.org/doc/html/rfc4035#section-5.4), it says: >o If the requested RR name matches the

Re: [DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

On Tue, Oct 26, 2021 at 01:09:00PM -0700, Erik Kline via Datatracker wrote: > Erik Kline has entered the following ballot position for > draft-ietf-dnsop-dns-tcp-requirements-13: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and

[DNSOP] Erik Kline's Yes on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

Erik Kline has entered the following ballot position for draft-ietf-dnsop-dns-tcp-requirements-13: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

[DNSOP] CFP for DINR 2021 workshop-Nov. 16 for early DNS research

We failed to send out a reminder, unfortunately, so we're extending the submission date to this Friday (29 Oct 2021 11:59:59pm PDT). As a reminder: they're expected to be short abstracts about things you wish to discuss or research you're working on -- IE, it shouldn't be a huge effort to

[DNSOP] Intdir telechat review of draft-ietf-dnsop-dns-tcp-requirements-13

Reviewer: Ron Bonica Review result: Ready Looks well thought out. No glaring problems. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Fwd: Domain Name System Operations (dnsop) WG Virtual Meeting: 2021-10-26

Late reminder for the DNSOP interim meeting this afternoon (in 2 minutes). -- Benno Forwarded Message Subject: [DNSOP] Domain Name System Operations (dnsop) WG Virtual Meeting: 2021-10-26 Date: Fri, 15 Oct 2021 15:39:40 -0700 From: IESG Secretary To: IETF-Announce CC:

Re: [DNSOP] [Gen-art] Genart last call review of draft-ietf-dnsop-dns-tcp-requirements-12

Dan, thank you for your review and thank you all for the following discussion. I have entered a Discuss ballot for this document based on my own review. Lars > On 2021-9-1, at 13:12, Dan Romascanu via Datatracker wrote: > > Reviewer: Dan Romascanu > Review result: Ready with Issues > > I am

[DNSOP] Lars Eggert's Discuss on draft-ietf-dnsop-dns-tcp-requirements-13: (with DISCUSS and COMMENT)

Lars Eggert has entered the following ballot position for draft-ietf-dnsop-dns-tcp-requirements-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please

[DNSOP] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt

Dear DNSOP and DNSSEC bootstrapping aficionados, This draft introduces automatic bootstrapping of DNSSEC delegations. It uses an in-band method for DNS operators to publish information about the zones they host, per-zone and with authentication. With this protocol, DS provisioning can happen

[DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

Robert Wilton has entered the following ballot position for draft-ietf-dnsop-dns-tcp-requirements-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

On 26/10/2021 12.10, Roy Arends wrote: I have a slide ready to discuss the issue that DNS Query Name Minimization brings… A minimised query can’t be distinguished from a full query, so it may not be clear what name caused an issue. The current thinking (but will be discussed later today) is to

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

Hi Petr, > On 26 Oct 2021, at 11:02, Petr Špaček wrote: > > On 26. 10. 21 11:14, Vladimír Čunát wrote: >> Hello. >>> DNS Error reporting SHOULD be done using DNS Query Name Minimization >>> [RFC7816 ] to improve >>> privacy. >> It's just a detail

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

On 26/10/2021 12.02, Petr Špaček wrote: We need to consider & document interaction between Query Name Minimization and NXDOMAIN processing as per RFC 8020. If minimization & RFC 8020 are on default then it might very easily happen that most of _er subtrees (which are presumably empty) will be

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

> On 26 Oct 2021, at 10:14, Vladimír Čunát wrote: > > Hello. > > >> DNS Error reporting SHOULD be done using DNS Query Name Minimization >> [RFC7816 ] to improve privacy. > > It's just a detail and "SHOULD" isn't strong, but I expect it might

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

On 26. 10. 21 11:14, Vladimír Čunát wrote: Hello. DNS Error reporting SHOULD be done using DNS Query Name Minimization [RFC7816 ] to improve privacy. It's just a detail and "SHOULD" isn't strong, but I expect it might be worth elaborating

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

Hello. DNS Error reporting SHOULD be done using DNS Query Name Minimization [RFC7816 ] to improve privacy. It's just a detail and "SHOULD" isn't strong, but I expect it might be worth elaborating here.  The name used in the reporting query adds

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-catalog-zones-04.txt

Dear dnsop, This draft describes a mechanism for automatic provisioning of zones among authoritative name servers by way of distributing a catalog of those zones encoded in a regular DNS zone. This version of the draft is the result of thorough review and discussion with the goal of getting it

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

Hi, On 26-10-2021 01:56, Roy Arends wrote: On 20 Oct 2021, at 14:14, libor.peltan wrote: Hi all, although for me, as an implementer of an auth server, it's not too important, I'd like to ask for clarification regarding the foreseen reporting domain(s) setup in the (usual) case of many