[DNSOP] TCP/UDP performances

. Regards, Daniel -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Questions regarding draft-jabley-dnssec-trust-anchor-07

? Best Regards, Daniel -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Fwd: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt

-- From: internet-dra...@ietf.org Date: Mon, Oct 21, 2013 at 9:12 AM Subject: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt To: Daniel Migault mglt.i...@gmail.com A new version of I-D, draft-mglt-homenet-dnssec-validator-dhc-options-02.txt has been

Re: [DNSOP] Fwd: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt

Hi Paul, Thanks for your comments. I also share your opinions. I add my comment in the body part. On Mon, Oct 21, 2013 at 8:16 PM, Paul Wouters p...@cypherpunks.ca wrote: On Mon, 21 Oct 2013, Daniel Migault wrote: Please find a draft that defines DHCP options to provision DNSSEC

Re: [DNSOP] Fwd: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt

ICANN website and grab the trust anchor bundle (i.e. what unbound-anchor does) and use the certificate of ICANN. See also draft-jabley-dnsop-validator-bootstrap-00. Joe -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP

Re: [DNSOP] Fwd: New Version Notification for draft-mglt-homenet-dnssec-validator-dhc-options-02.txt

6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman

Re: [DNSOP] prefetch (HAMMER_TIME) draft

@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] draft-mglt-dnsop-dnssec-validator-requirements-00.txt

-mglt-dnsop-dnssec-validator-requirements-00.txt has been successfully submitted by Daniel Migault and posted to the IETF repository. Name: draft-mglt-dnsop-dnssec-validator-requirements Revision: 00 Title: DNSSEC Validators Requirements Document date: 2014-02-13 Group: Individual Submission Pages

Re: [DNSOP] Changes to Charter

be better carried out and work with the appropriate ADs on this. This still sounds horrible. tim ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- Daniel Migault Orange Labs -- Security +33 6

[DNSOP] draft-mglt-dnsop-search-list-processing-00.txt

distinguish a name resolution that needs to be associated with a search list and 3) how a resolver should perform a resolution involving search list. Feel free to comment/review. BR, Daniel [1] http://tools.ietf.org/html/draft-mglt-dnsop-search-list-processing-00 -- Daniel Migault Orange Labs

Re: [DNSOP] draft-mglt-dnsop-search-list-processing-00.txt

...@mail.gmail.com , Daniel Migault writes: Hi folks, Please find draft-mglt-dnsop-search-list-processing-00.txt [1] This draft comes in the context of generic TLD with possible naming collision. In order to keep naming resolution stable and reliable, it describes 1) how resolver should

Re: [DNSOP] Call for Adoption: draft-bortzmeyer-dns-qname-minimisation

support for adoption. Olafur ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing

Re: [DNSOP] Call for Adoption draft-livingood-dnsop-negative-trust-anchors

Systems Consortium, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 ___ DNSOP mailing list DNSOP@ietf.org

[DNSOP] Fwd: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-02.txt

: internet-dra...@ietf.org Date: Tue, Feb 17, 2015 at 8:36 PM Subject: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-02.txt To: Daniel Migault mglt.i...@gmail.com A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-02.txt has been successfully submitted

Re: [DNSOP] relax the requirement for PTR records?

In homenet we discussed how the CPE can outsource the reverse zone to a third party. This means that we considered the reverse zone generation could be delegated to each customer by the ISP. BR, Daniel -Original Message- From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Ted

Re: [DNSOP] [Curdle] WGLC on draft-ietf-curdle-dnskey-eddsa-01

- > > - Original Message - > > From: "Ondřej Surý" <ondrej.s...@nic.cz> > > To: "Simon Josefsson" <si...@josefsson.org> > > Cc: "Daniel Migault" <daniel.miga...@ericsson.com>, "curdle"

Re: [DNSOP] Fwd: [Curdle] I-D Action: draft-ietf-curdle-dnskey-eddsa-02.txt

> CZ.NIC, z.s.p.o.-- Laboratoře CZ.NIC > Milesovska 5, 130 00 Praha 3, Czech Republic > mailto:ondrej.s...@nic.czhttps://nic.cz/ > -------- > > - Original Message - > > From: "Daniel Migau

Re: [DNSOP] Fwd: [Curdle] I-D Action: draft-ietf-curdle-dnskey-eddsa-02.txt

my understanding is that ed448 does not specify default values for the context and i have not seen in the current draft a specification of the context. Shouldn't we explicitly mention that the context is empty? Yours, daniel On Nov 16, 2016 2:44 AM, "Dick Franks" wrote: > My

Re: [DNSOP] [Curdle] WGLC on draft-ietf-curdle-dnskey-eddsa-01

This is also my understanding. but I might be wrong as well. Yours, Daniel On Thu, Nov 3, 2016 at 6:11 PM, Salz, Rich wrote: > I think the issue about signature contexts first, and mainly, came up > with TLS which generates a variety of private key material based on shared >

[DNSOP] WGLC on draft-ietf-curdle-dnskey-eddsa-01

Hi, This message starts a Working Group Last Call (WGLC) for draft-ietf-curdle-dnskey-eddsa-01. The version to be reviewed is https://tools.ietf.org/html/draft-ietf-curdle-dnskey-eddsa-01 Please send your comments, questions, and edit proposals to the WG mail list until November 16th, 2016. If

[DNSOP] draft-mglt-dnsop-dnssec-validator-requirements

/blob/master/draft-mglt-dnsop-dnssec-validator-requirements-05.xml [Ericsson]<http://www.ericsson.com/> DANIEL MIGAULT Researcher Research Ericsson 8500 Boulevard Decarie H4P 2N2 Montreal, Canada Phone +1 514 345 7900 46628 Mobile +1 514 452 2160 daniel.miga...@ericsson.com www.ericsson.com

[DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-04.txt

DNSSEC deployment on resolvers. Yours, Daniel -Original Message- From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] Sent: Monday, March 27, 2017 9:13 AM To: Edward Lewis <edward.le...@icann.org>; Daniel Migault <daniel.miga...@ericsson.com>; Dan York <y.

Re: [DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-04.txt

Hi Bob, Thanks you for the clarifications, I have updated my local copy with all your comments. Yours, Daniel [1] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements.xml On Fri, Apr 7, 2017 at 7:35 PM, Daniel Migault

Re: [DNSOP] DNSSEC validator requirements

Thank you Evan and Petr fro your comments. I thought I would be able to provide you some text this week... but I am running late. I will send you some text next week. I agree with your comments, and will make my best to address them. I also came with other requirements. Yours, Daniel On Fri,

Re: [DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-04.txt

Thanks for the review, I will update the copy on the git accordingly. Yours, Daniel On Fri, Apr 7, 2017 at 9:51 AM, Bob Harold <rharo...@umich.edu> wrote: > > On Mon, Mar 27, 2017 at 10:16 AM, Daniel Migault < > daniel.miga...@ericsson.com> wrote: > >> Hi, >

Re: [DNSOP] [Ext] comments on draft-mglt-dnsop-dnssec-validator-requirements-05

Hi, Thank you for the feed backs Scott. We will address them in the next version. The motivation for crypto deprecation is clearly to follow the crypto recommendations stated by the IETF. However, this requirement for the validator is to actually "validate" those requirements are effective. The

[DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-05.txt

-dra...@ietf.org] Sent: Wednesday, June 28, 2017 11:46 AM To: Edward Lewis <edward.le...@icann.org>; Daniel Migault <daniel.miga...@ericsson.com>; Dan York <y...@isoc.org>; y...@isoc.org <y...@isoc.org> Subject: New Version Notification for draft-mglt-dnsop-dnssec-valid

[DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-07.txt

To: Edward Lewis ; Daniel Migault ; Dan York Subject: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-07.txt A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-07.txt has been successfully submitted by Daniel Migault and posted to the IETF repository

Re: [DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-07.txt

We received positive feed back for Monday. So we will meet in the main lobby at 12:20 during the lunch break. See you there! Yours Daniel On Sat, Mar 23, 2019, 15:10 Daniel Migault wrote: > > Hi, > > We would particularly appreciate to share your thoughts and discuss the &g

[DNSOP] Fwd: FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-07.txt

if there is a time slot available to discuss them. Would Monday during the lunch break convenient for you ? Yours, Daniel -- Forwarded message - From: Daniel Migault Date: Wed, Nov 28, 2018 at 1:18 PM Subject: [DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements

Re: [DNSOP] Fwd: FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-07.txt

Hi, Thanks for the feed backs. We discussed your feed backs at the IETF meeting and ... delayed your response. I apology for it. Please see my comments inline. Yours, Daniel On Sun, Mar 24, 2019 at 10:41 AM S Moonesamy wrote: > Hi Daniel, > At 07:10 AM 23-03-2019, Daniel Migault wrote:

[DNSOP] FW: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-08.txt

Hi, Please find our draft that provides recommendations for DNSSEC resolvers Operators. Any comment is appreciated! Yours, Daniel -Original Message- From: internet-dra...@ietf.org Sent: Sunday, November 17, 2019 2:48 AM To: Edward Lewis ; Daniel Migault ; Dan York Subject: New

[DNSOP] commenting draft-ietf-dnsop-svcb-httpssvc-01

Hi, I read draft-ietf-dnsop-svcb-httpssvc-01. Please find find some comments (with my questions) below I had while reading linearly the document. I hope this will help. Yours, Daniel section 1.1 _8765._baz.api.example.com. 7200 IN SVCB 0 svc4-baz.example.net. In my opinion, the mechanism

Re: [DNSOP] New draft on delegation revalidation

ons in the past. > > > Do you have any plans to look at the behavior of the large public >> > resolvers? >> >> That's a good idea, to answer this one, we need to configure the >> scenarios again. Let me get back to you once I manage to get

Re: [DNSOP] Call for Adoption: draft-pwouters-powerbind

; > Yes, for sure! Happy to do that. > > Half done. Either tonight or tomorrow. > -- > Wes Hardaker > USC/ISI > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Mi

[DNSOP] Fw: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-09.txt

rs, Daniel From: internet-dra...@ietf.org Sent: Wednesday, April 29, 2020 6:22 PM To: Daniel Migault; Edward Lewis; Dan York Subject: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-09.txt A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-09.tx

Re: [DNSOP] New draft on delegation revalidation

Thanks, that will be appreciated. I will make sure the two documents are synchronised. Yours, Daniel On Mon, May 4, 2020 at 8:20 AM Shumon Huque wrote: > On Wed, Apr 29, 2020 at 11:57 AM Daniel Migault > wrote: > >> Hi, >> >> I discovered this draft during the inte

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

correct text is: This introduces a potentially huge vector for configuration errors, due to human intervention as well as potential misunderstanding of ongoing operations. Others grammar and language issues have also been corrected. > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [EXT] Re: Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

gt; >Also, the draft has many, it seems, grammar / language > >problems. ("This introduces a potentially huge vector for > >configuration errors, but due to human intervention as well as > >potential misunderstanding of ongoing operations.") > > > > > >___ > >DNSOP mailing list > >DNSOP@ietf.org > >https://www.ietf.org/mailman/listinfo/dnsop > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"

a8f795f24b2df9#diff-c7cc8f0bdd4d7cce2082828d70d2bf35> Contribute to mglt/draft-mglt-dnsop-dnssec-validator-requirements development by creating an account on GitHub. github.com From: Bob Harold Sent: Monday, May 4, 2020 4:29 PM To: Daniel Migault Subject: Fwd

Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"

#diff-c7cc8f0bdd4d7cce2082828d70d2bf35 On Tue, May 5, 2020 at 11:52 AM Daniel Migault wrote: > Hi Bob, > > Thanks for the comments. The new version of the file is available here [1] > and diff can be seen at [2]. > > I propose the following text. Does it clarify t

Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"

__________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

adoption ends: 18 May 2020 >> >> Thanks, >> tim wicinski >> DNSOP co-chair >> >> ___ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > ___

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

ted on. > > Tim > (speaking as a chair) > > On Thu, May 7, 2020 at 3:42 PM Joe Abley wrote: > >> Hi Daniel, >> >> On 7 May 2020, at 15:39, Daniel Migault wrote: >> >> > Thanks for putting the reference of that draft. I have always thought >> that t

Re: [DNSOP] commenting draft-ietf-dnsop-svcb-httpssvc-01

be highly appreciated. Yours, Daniel [1] https://tools.ietf.org/html/draft-mglt-add-rdp-00#section-8.2 On Mon, Mar 9, 2020 at 9:27 PM Ben Schwartz wrote: > > > On Thu, Feb 27, 2020 at 11:48 AM Daniel Migault > wrote: > >> Hi, >> >> I read draft-ietf-dnsop-svcb-h

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

s vendor to get them to use an inception > offset. > So, the skew issue ideally needs to be addressed on both sides (and it > might > be reasonable to mention that in this draft). > > Shumon. > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-mglt-dnsop-dnssec-validator-requirements

r documenting these kinds of things > then I am overjoyed. Perhaps there is an opportunity to merge that existing > work from 2011 with this effort. > > > Joe > _______ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mail

Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"

On Tue, May 5, 2020 at 2:53 PM Bob Harold wrote: > > On Tue, May 5, 2020 at 12:02 PM Daniel Migault > wrote: > >> Hi Bob, >> >> I apology the previous email has just been sent unexpectedly. >> >> Thanks for the comments. The new version of th

Re: [DNSOP] Call for Adoption: draft-andrews-dnsop-glue-is-not-optional

> DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-huque-dnsop-ns-revalidation

n ends: 8 June 2020 > > Thanks, > tim wicinski > DNSOP co-chair > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-belyavskiy-rfc5933-bis

rationale is here. > > -Ekr > > >> As another side note, would be nice to have a link to the IANA sections >> updated in the IANA Considerations Section. >> >> >> Paul >> > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

see this adopted by the WG so that the GOST document can > proceed forward. I'm also quite interested to hear input from developers > about how they feel affected by the different options for documentation of > algorithms for DNSSEC. > > --Paul Hoffman___

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Hi, Thanks for your questions, please see inline some clarifications. Yours, Daniel On Fri, Dec 25, 2020 at 3:27 PM Paul Hoffman wrote: > On Dec 24, 2020, at 10:28 AM, Daniel Migault wrote: > > > > Hi, > > > > As the DNS is a global shared resource and its reli

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

> > That would leave the registry with the strict requirements and allow items > to get code points. > > Too simple an answer? > > tim > > > On Fri, Dec 25, 2020 at 10:53 PM Olafur Gudmundsson wrote: > >> >> >> On Dec 25, 2020, at 3:27 PM, Paul Hoffman

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

On Wed, Dec 30, 2020 at 10:22 PM Paul Wouters wrote: > On Dec 30, 2020, at 22:11, Daniel Migault wrote: > > > >  > > > > If I understand clearly the comment, it seems to say that TLS ( for > example ) is using RFC Required and that DNSSEC should do the same. Qu

Re: [DNSOP] [Ext] IETF meeting prep and what

fman > > _______ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance

__ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC

the document is *not* ready for publication, please >> speak out with your reasons. >> >> This starts a two week Working Group Last Call process, and ends on: 18 >> August 2021 >> >> thanks >> tim >> > ___

Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC

Hi, As Paul H. mentioned to me the document is in the last call, I am providing my comments to the last call mailing list. I feel that my comments mostly concern the security consideration sections. Yours, Daniel On Wed, Sep 15, 2021 at 10:41 AM Daniel Migault wrote: > Hi, > > I

Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC

Hi Vladimir, Thanks for the feedback. Please see my responses inline. On Wed, Sep 15, 2021 at 1:45 PM Vladimír Čunát wrote: > On 15/09/2021 16.41, Daniel Migault wrote: > > Outside experimentation, especially for national algorithms, this will > > lead to nations having t

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-validator-requirements-01.txt

e from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : Recommendations for DNSSEC Resolvers Operators > Authors : Daniel Migault >

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

-25 12:26 -05, Daniel Migault wrote: > > On Wed, Nov 23, 2022 at 10:29 AM Vladimír Čunát < > vladimir.cunat+i...@nic.cz> > > wrote: > >> I am surprised you would not recommend RFC 5011 > >> > >> 5011 needs persistent state, a thing that resolvers/

Re: [DNSOP] RFC9103 -- extended key usage

e Works Inc, Ottawa and Worldwide > > > > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

On Mon, Nov 28, 2022 at 6:29 AM Vladimír Čunát wrote: > On 25/11/2022 18.26, Daniel Migault wrote: > > So let me know how we came to this lines and I suspect we do share some > similar concerns. A recurrent question and reticence we receive from MNO > and ISPs r

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

from the misconception / misreading that the > words from the draft name are also in the title. -- Of course, the name is > irrelevant. > > Thank you for clarifying, Vladimír! > > Best, > Peter > > -- > https://desec.io/ > > _______

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

bit on UDP. > Validators will need to ensure their local environment can reliably get > any critical DNSSEC records (notably DNSKEY) over UDP, or reliably get > responses with TC=1 if overly large responses cannot be sent over UDP due > to answers not

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

needing to worry about those 5011 disadvantages. (occasional = > 5011 defaults to requiring 30 days of overlap) > > > Oh! sure for the TA. My understanding of the text is that it recommends 5011 for running instances, but that new instances are configured with up-to-date TA that in most cases are updated by software update. So yes I agree and will check this appears clearly. > --Vladimir > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Dnsdir early review of draft-ietf-dnsop-dnssec-validator-requirements-01

requesting a review from a current > DRO > operator to gain some domain specific feedback that may catch some > operational > concerns that I may have overlooked. > We did have such reviews - of course more such reviews are welcome. I can only agree with you. > > > >

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

also agree that this could be implemented with a series of software releases. I have the impression that in general MNO tend to prefer a stand alone mechanism as they are constantly deploying releases, but I am happy to hear more on that. --Vladimir | knot-resolver.cz > _

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

Hi, I am just wondering if you have any further comments or thoughts or we declare your concerns being addressed. If you think we are fine, just let me know. Yours, Daniel On Tue, Jan 3, 2023 at 7:14 PM Daniel Migault wrote: > Hi Vladimir and Florian, > > Thanks for the comment

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

Hi, If you think I have addressed all comments I received, if you believe that is not the case or if there are other comments, please let me know. Otherwise I expect to publish a new version by the end of the week. Yours, Daniel On Fri, Jan 13, 2023 at 5:21 PM Daniel Migault wrote: >

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

ok, I just posted the 02 version. Yours, Daniel On Tue, Jan 24, 2023 at 2:28 PM Tim Wicinski wrote: > Thanks Daniel. We've been waiting for your updated draft. > > tim > > > On Tue, Jan 24, 2023 at 10:14 AM Daniel Migault > wrote: > >> Hi, >> >> If

[DNSOP] Fwd: I-D Action: draft-ietf-dnsop-dnssec-validator-requirements-05.txt

System Operations (DNSOP) WG of the IETF. Title : Recommendations for DNSSEC Resolvers Operators Authors : Daniel Migault Edward Lewis Dan York Filename: draft-ietf-dnsop-dnssec-validator-requirements-05.txt Pages

Re: [DNSOP] Current status of draft-ietf-dnsop-dnssec-validator-requirements

document with minimum requirements (correct > > time, stuff like that) and take it from there. > > > >> > >> We're wrapping this feedback up this Sunday 11 June. > >> > >> (and Thanks Andrew for your comments) > >> > >> tim > > > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Current status of draft-ietf-dnsop-dnssec-validator-requirements

-validator-requirements/blob/master/draft-ietf-dnsop-dnssec-validator-requirements.mkd Yours, Daniel On Thu, Jun 15, 2023 at 8:00 PM Daniel Migault wrote: > Hi Christina, > > Thanks for the review and the suggestions. Please see my comments inline. > > Yours, > Daniel > &

Re: [DNSOP] Current status of draft-ietf-dnsop-dnssec-validator-requirements

-validator-requirements-06 Yours, Daniel On Thu, Jun 22, 2023 at 4:27 PM Daniel Migault wrote: > Hi, > > I have just drafted a secure transport and a security considerations > section, that I believe provide sufficient guidance to a DRO. I expect to > further review these secti

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

operations around the TTL ( like Hammer for example ). This discussion also pushes us to avoid implementing non standard mechanisms - or at least to be careful. Yours, Daniel On Fri, May 19, 2023 at 5:18 AM Peter Thomassen wrote: > Hi Daniel, > > On 5/18/23 02:26, Daniel Miga

Re: [DNSOP] Current status of draft-ietf-dnsop-dnssec-validator-requirements

__ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Current status of draft-ietf-dnsop-dnssec-validator-requirements

his feedback up this Sunday 11 June. > > > > (and Thanks Andrew for your comments) > > > > tim > > -- > In my defence, I have been left unsupervised. > > _______ > DNSOP mailing list > DNSOP@ietf.org > https://www.i

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

one DRO to > > take advantage of more recent cryptographic. While currently not > >being widely used, a DRO MAY share information with authoritative > >server in the hope that future deployment of authoritative servers > >will be able to leverage it. [RFC6975] provides the ability for a > >DNSSEC validator to announce an authoritative server the supported > >signature schemes. However, a DNSSEC validator is not able to > >determine other than by requesting and monitoring DNSKEY RRsets as > >well as RRSIG. These RRsets are received by enabling DNSSEC > >validation by default which is obviously the case for DNSSEC > >validator. > > This looks like a poor translation from something other than English... > Unclear where this is going. > > The intention was that DRO can advertise their support of recent algorithms, so they can give authoritative servers more confidence in deploying them. > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

Hi Peter, Thanks for the response. I think I need to understand better how revalidation is performed. Yours, Daniel On Wed, May 17, 2023 at 4:26 PM Peter Thomassen wrote: > Hi Daniel, > > On 5/17/23 22:01, Daniel Migault wrote: > > I agree but as far as can see the

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-validator-requirements

EC validator may play an important role > in sharing this information with the authoritative server or domain > name owner. > > I'm not sure I agree with this. It's probably not a good idea if all > validating resolvers start contacting a specific domain owner. > > good point we need maybe to be more specific, thought I expected the contact to be between organization as opposed to be on a per request. > Section 13: > RUNTIME: * DRO SHOULD regularly discover MTU > > I'm no expert here; does this really need regular checks, or is there a > value that's generally considered safe? If regular checking is done, how > frequently would be reasonable? > > yes. We need to check the frequency, but I am unsure we will have a specific number. Let's check. > Section 15: > Providing inappropriate information can lead to misconfiguring the > DNSSEC validator, and thus disrupting the DNSSEC resolution service. > > Not sure what "providing inappropriate information" means here. > > This is a bad sentence I think we meant information that will taken into account for the configuration. > RRSet that were > cached require a DNSSEC resolution over the Internet > > when queried. > > An attacker may ask the DNSSEC validator to consider a rogue KSK/ZSK, > thus hijacking the DNS zone. > > How so? > > An attacker (cf. Section 7) can advertise a "known insecure" KSK or > ZSK is "back to secure" > > How so? > > The intent was to list attack goals, not the attack itself, but maybe we can be more specific. > -- > https://desec.io/ > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [EXT] Re: Followup Working Group Last Call for draft-ietf-dnsop-dnssec-bootstrapping

rg > https://www.ietf.org/mailman/listinfo/dnsop > > ___________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-bootstrapping

l nameserver IPs as RDATA. This prevents people from >> adding the DNS hoster without permission. >> >> The parent can check all incoming NS records via their EPP system for >> a match of "_cds" and do its "trigger" work. It could even suppress >> actually including the special NS record in the parent zone but if it gets >> published there is no real harm. Once DNSSEC is enabled by the Registry, >> the DNS hoster can remove its special NS record and use CDS for further >> updates, or the CDS nul record to delete all DS records. >> >> Paul >> >> ___ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Secdir last call review of draft-ietf-dnsop-multi-provider-dnssec-04

Reviewer: Daniel Migault Review result: Has Nits Hi, Reviewer: Daniel Migault Review result: Has Nits I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit