into the one true way. That
stifles innovation.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions, and responses
is progressing. I.e.,
don't assume that email is the only way we communicate. Don't assume registry
passwords are protected one way or another...
Sorry - it's Friday. It's been a long week.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
to compete and we no longer have higher
bandwidth workshops to go over these ideas. So maybe this will get some others
thinking, and whether there's merit to two factor approaches to key changes.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions
.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions, and responses.
___
DNSOP
could have another hamburger.
Really, it's no big deal. (The presentation format that is, digesting poorly
cooked ground beef is a big deal.)
Ahh - here we go with food on an IETF list.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
. Otherwise, the utility is greatly limited
and we will still be talking about this in the future.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
On Mar 1, 2013, at 18:58, Tony Finch wrote:
Edward Lewis ed.le...@neustar.biz wrote:
I'm hoping to avoid yet another too-large RRset that could cause
problems in abuse situations.
Hmm, I wonder if it would be enough to put only the key tag in the CDS
RDATA, and let the parent calculate
.)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
There are no answers - just tradeoffs, decisions, and responses.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org
to be honest I might have read the draft in an earlier form, I certainly
don't recall if I did.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
There are no answers - just
algorithms regarding in what order various epp
commands are made.
paf
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
Having quickly read the -01 for Automating DNSSEC delegation trust maintenance:
I'd like to propose a twist. Comparing to X.509, a CDS record is kinda sorta
like a key signing request. For that reason I want to see an explicit
request in the RDATA and not have anything implied.
I would
Suggested change to draft-wkumari-dnsop-omniscient-as112-01.txt.
From:
AS112 Servers do not respond to AXFR (QTYPE=252) or IXFR (QTYPE=251)
requests.
To:
AS112 Servers respond to AXFR (QTYPE=252) or IXFR (QTYPE=251) with
RCODE=REFUSED.
But I am not sure if the existing is just an
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
would assert that the signer
ought to be conservative.
But - that is just an opinion of mine.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984
doesn't scale well though, as you might imagine.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
. But if they had to
always be the same, it would bi impossible to add or delete NS
records.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars
% of
TLDs fall into green? Are the grades overly harsh? Should the
TLDs be urged to work on getting to green?
At 13:55 -0400 5/10/12, Edward Lewis wrote:
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-respsize-14.txt
For kicks I ran the included perl code
. (Shown in case I
messed up something.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars
Any thoughts on whether the following would be a DNSOP document? I'm
asking DNSEXT too.
http://tools.ietf.org/html/draft-lewis-dns-undocumented-types-01
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice
this.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
the document.
I do not recommend publishing the document as is.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars
TXT records in the apex of
the zone defining anything is going to be a long hard road.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Vote for the word of the day:
Paparazzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate red tape
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Vote for the word of the day:
Paparazzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate red tape
a situation which
we don't come across in our daily activity.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Vote for the word of the day:
Paparazzi - father that constantly
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Vote for the word of the day:
Paparazzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate red tape
, is like arguing a negative which is fraught with
logic problems. This is why I wouldn't fight against CDS but just
won't dedicate time to examine it closely.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
I'm overly entertained.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Now, don't say I'm always complaining.
Wait, that's a complaint, isn't it?
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
The World Cup would be more fun if they didn't interrupt it with soccer games.
___
DNSOP mailing list
DNSOP
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
The World Cup would be more fun if they didn't interrupt it with soccer games.
___
DNSOP mailing list
DNSOP@ietf.org
https
if this isn't that clear.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Discussing IPv4 address policy is like deciding what to eat on the Titanic
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Discussing IPv4 address policy is like deciding what to eat on the Titanic.
___
DNSOP mailing list
DNSOP
distinguish a multi-homed host from two hosts at different IP
addresses, so it's up to the host to deal with it.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
of situations. There are proposed solutions that extend
DNS, some extend EPP, and sooner or later some will extend other
provisioning protocols.
I doubt we will come to one standard practice.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
with DNS operations? I can't see...how the DNS can really be of
help in this matter.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Wouldn't it be nice if all of the definitions
to roll them, that is
SIG replaced by RRSIG at some point). It would be harder to do this
(create inter-type dependencies) with established types.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave
last that long.
If you don't fight the problem in the right place, you won't
eradicate the issue.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
New pithy statement under
policy neutral?
(One of my ten commandments: No long terms solutions for short term
problems.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
New pithy statement under
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
New pithy statement under construction...
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
work on escrow on i...@ietf.org.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting
of the AD Bit
#...
# Note, however, that the responses received by a security-aware stub
# resolver are heavily dependent on the local policy of the
# security-aware recursive name server.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
of cases) so that the registry folks
don't keep coming with fire hoses and saying this won't work for us.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem
before
figuring out the mechanism).
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
At 15:42 + 3/4/10, Tony Finch wrote:
On Thu, 4 Mar 2010, Edward Lewis wrote:
1. Extensions to EPP as it exists today
2. Requirements for EPPbis
3. Requirements for the submission of DNSSEC's DS record into the
registration system
[...]
DNSSEC generates data that must be transferred
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction
to the
TLD the name is registered under.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
At 19:17 + 3/2/10, Alex Bligh wrote:
Ed,
--On 2 March 2010 09:38:50 -0500 Edward Lewis ed.le...@neustar.biz wrote:
Only in the last week did it sink into me that the problem is that we
need a way to push DS records along the established registration path and
not the DNS operations path
.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
___
DNSOP mailing list
DNSOP@ietf.org
https
be applicable for
informal environments.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
didn't even get
close to considering that.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
people think the opposite of regular is never?
Because that's the way it is. ;)
cron does not play dice with the universe.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction
-3671
http://www.dnsops.gov/
===
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
At 10:39 -0500 1/21/10, Andrew Sullivan wrote:
On Thu, Jan 21, 2010 at 10:14:41AM -0500, Edward Lewis wrote:
So many assumptions have changed...but the idea of KSK/ZSK hasn't.
Maybe this is the problem?
Problem?
Not everyone has an automated registration interface (making that a
reason
are
in the minority. (I.e., second level domains, third-level domains,
etc...)
[0] Not just EPP-using-registries.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem
endorse them as functional necessities.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
At 11:38 -0800 1/21/10, Paul Hoffman wrote:
At 2:17 PM -0500 1/21/10, Edward Lewis wrote:
At 11:05 -0800 1/21/10, Eric Rescorla wrote:
I have tried, repeatedly, to do so, but I am not an expert, nor apparently
enough of an authority for you. Ekr is both; let's see if he likes my
response
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction
passwords, etc.) Do you also
propose to roll all of these every month? If not, why not?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment
for running fire drills.)
But where else (besides production) can you also test that ISPs get
the right key into their verifiers? The Internet is an
interconnected mesh of entities, no walled garden is an island...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward
- they have
to have the same TTL. RRSIGs are supposed (as in SHOULD) to be the
same as the data they cover.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
can handle just
ZG(simp)? Or will this be taken care of at the presentation layer?
I think this draft is in the early stages of documenting a needed
design choice.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can
notification.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction
Ok, I've about had it with the tone of this thread.
At 12:17 +1000 9/12/09, Mark Andrews wrote:
Actually there is blame all round.
I think this is uncalled for and is detrimental to the list.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
At 12:03 -0700 9/10/09, David Conrad wrote:
On Sep 8, 2009, at 1:19 PM, Edward Lewis wrote:
Correct me if I'm wrong, but the architecture of DNSSEC assumed (rightly or
wrongly) a single hierarchical deployment model.
Ok, if I must. DNSSEC does not assume a single hierarchical deployment
thinking of when I worked with ENUM stuff.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
___
DNSOP mailing list
DNSOP@ietf.org
https
At 9:16 -0400 4/27/09, Joe Abley wrote:
Hardware Security Module is the more usual expanded form, I think?
Wikipedia sides with you, Joe.
Toh-may-to, Toh-ma-toh. ;)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can
the KSK is any more special cryptographically.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
___
DNSOP mailing list
DNSOP@ietf.org
. (If) They are sufficiently
protected and I'll just keep the private key behind the same
fortifications. So, what does an HSM add?
(Really, I'd like to know...;))
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message
At 17:03 +0200 4/21/09, Florian Weimer wrote:
* Edward Lewis:
This comes from the observation that the contents of the database
sourcing the zone (whether a commercial-like database or a vi'd file)
are more critical than the private key. (If) They are sufficiently
protected and I'll just
lingo is stuck in 1983.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much
dictionary attacks, for example.)
But I suppose that's far flung - I would hope an HSM does a good job
at randomn number generation.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
will treat that MX RR as a bad MX and reject the message instead
of retrying.
...it's about SMTP...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy
, IPSEC, your choice).
Just as DNSSEC does not guarantee correctness - the signer might sign
an incorrectly typed record - the AD bit does not guarantee
source authenticity.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar
At 8:19 +1100 3/11/09, Mark Andrews wrote:
In message a06240804c5dc2ddef...@[10.31.200.116], Edward Lewis writes:
record involves less typing than a DNSKEY, I'd want to work with a DS
record.
Has anyone on this list ever typed in a DNSKEY or DS as a
trust anchor? I would
restrictions on what
is placed in the root, no algorithmic way to say thumbs up or say
thumbs down.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy, if you don't want much.
___
DNSOP mailing list
manpages.5 as a domain name.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStarYou can leave a voice message at +1-571-434-5468
Getting everything you want is easy, if you don't want much
not competent on this subject.
At 1:55 +0100 12/2/08, Patrik Fältström wrote:
#On 1 dec 2008, at 22.06, Edward Lewis wrote:
#
# So, when pressed to explain this to someone, is this more or less accurate?:
#
# With IDNs and specifically bidirectional text (referring to left to right
# reading
to a registrant?
That's not a DNS issue, that's a WhoIs/IRIS issue, if you want to pin
that into a protocol.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Never confuse activity
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
lie more in what happens at an ICANN
meeting than an IETF meeting.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more
in the localhost(dot), not the church thing,
but I know I wasn't happy with it.
Thinking, thinking, no, can't recall the reason now. Maybe with time
and discussion I will.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
Aww, I didn't do *that* great of a job taking notes, did I? I mean,
if you complain enough I won't be asked to do this again.
At 13:36 -0400 3/26/08, Edward Lewis wrote:
Comments?
DNSOP WG Minutes
IETF 71 @ Philadelphia, Pennsylvania, US
March 11, 2008
1. WG Administration notes
RFC 5138
so.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.
___
DNSOP mailing list
DNSOP
members?)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Never confuse activity with progress. Activity pays more.
___
DNSOP mailing
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Think glocally. Act confused.
___
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
THEN SHOWERS. MODERATE OR POOR
BECOMING GOOD.
___
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
I stumbled across this:
http://www.nanog.org/mtg-0310/pdf/wessels.pdf
Look for the (unnumbered) slide Distribution of Queries to
Nameservers and the ones following it.
At 14:47 -0800 12/4/07, Edward Lewis wrote:
I knew this came up before:
http://lists.oarci.net/pipermail/dns-operations
.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Think glocally. Act confused.
___
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
*only* because collecting the IP addresses has heretofore
been something we don't cotton to.
(Oh, heretofore = up to now; cotton to = we approve of.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434
there is some strong motivation given.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Think glocally. Act confused.
___
DNSOP mailing
a buffer overflow problem. I forget the
exact error but still have a deep enough emotional scare to recall it
was RFC 1876.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar
Think
301 - 400 of 408 matches
Mail list logo