Re: [DNSOP] Thoughts on CDS

into the one true way. That stifles innovation. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses

Re: [DNSOP] Thoughts on CDS

is progressing. I.e., don't assume that email is the only way we communicate. Don't assume registry passwords are protected one way or another... Sorry - it's Friday. It's been a long week. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

[DNSOP] Thoughts on CDS

to compete and we no longer have higher bandwidth workshops to go over these ideas. So maybe this will get some others thinking, and whether there's merit to two factor approaches to key changes. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis

Re: [DNSOP] fyi: draft-jabley-dnsext-eui48-eui64-rrtypes as AD sponsored individual sumission...

list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions

Re: [DNSOP] fyi: draft-jabley-dnsext-eui48-eui64-rrtypes as AD sponsored individual sumission...

. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses. ___ DNSOP

Re: [DNSOP] fyi: draft-jabley-dnsext-eui48-eui64-rrtypes as AD sponsored individual sumission...

could have another hamburger. Really, it's no big deal. (The presentation format that is, digesting poorly cooked ground beef is a big deal.) Ahh - here we go with food on an IETF list. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

Re: [DNSOP] CDS and the RRR model

. Otherwise, the utility is greatly limited and we will still be talking about this in the future. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468

Re: [DNSOP] General comments on draft-kumari-ogud-dnsop-cds-01

On Mar 1, 2013, at 18:58, Tony Finch wrote: Edward Lewis ed.le...@neustar.biz wrote: I'm hoping to avoid yet another too-large RRset that could cause problems in abuse situations. Hmm, I wonder if it would be enough to put only the key tag in the CDS RDATA, and let the parent calculate

Re: [DNSOP] General comments on draft-kumari-ogud-dnsop-cds-01

.) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org

Re: [DNSOP] Posted draft-livingood-negative-trust-anchors-03

to be honest I might have read the draft in an earlier form, I certainly don't recall if I did. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just

Re: [DNSOP] DS without NS in a delegation?

algorithms regarding in what order various epp commands are made. paf ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis

[DNSOP] General comments on draft-kumari-ogud-dnsop-cds-01

Having quickly read the -01 for Automating DNSSEC delegation trust maintenance: I'd like to propose a twist. Comparing to X.509, a CDS record is kinda sorta like a key signing request. For that reason I want to see an explicit request in the RDATA and not have anything implied. I would

[DNSOP] Comment on draft-wkumari-dnsop-omniscient-as112-01.txt

Suggested change to draft-wkumari-dnsop-omniscient-as112-01.txt. From: AS112 Servers do not respond to AXFR (QTYPE=252) or IXFR (QTYPE=251) requests. To: AS112 Servers respond to AXFR (QTYPE=252) or IXFR (QTYPE=251) with RCODE=REFUSED. But I am not sure if the existing is just an

Re: [DNSOP] Changes since draft-ietf-dnsop-rfc4641bis-13

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars! ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Adopted glue - what to do with RRSIG? (bind vs ods)

would assert that the signer ought to be conservative. But - that is just an opinion of mine. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984

Re: [DNSOP] Adopted glue - what to do with RRSIG? (bind vs ods)

doesn't scale well though, as you might imagine. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars

Re: [DNSOP] WGLC draft-ietf-dnsop-dnssec-key-timing-03.txt until 2012-09-14

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars! ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] draft-wouters-dnsop-secure-update-use-cases-00

. But if they had to always be the same, it would bi impossible to add or delete NS records. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars

Re: [DNSOP] I-D Action: draft-ietf-dnsop-respsize-14.txt

% of TLDs fall into green? Are the grades overly harsh? Should the TLDs be urged to work on getting to green? At 13:55 -0400 5/10/12, Edward Lewis wrote: A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsop-respsize-14.txt For kicks I ran the included perl code

Re: [DNSOP] I-D Action: draft-ietf-dnsop-respsize-14.txt

. (Shown in case I messed up something.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars

[DNSOP] Want this to be a WG doc?

Any thoughts on whether the following would be a DNSOP document? I'm asking DNSEXT too. http://tools.ietf.org/html/draft-lewis-dns-undocumented-types-01 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice

Re: [DNSOP] Batch Multiple Query Packet

this. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars! ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [I-D Action: draft-rssac-dnsop-rfc2870bis-04.txt]

the document. I do not recommend publishing the document as is. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars

Re: [DNSOP] Adding a DNS Record Type for LICENSE TO USE

TXT records in the apex of the zone defining anything is going to be a long hard road. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars

Re: [DNSOP] Sanity check

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Vote for the word of the day: Paparazzi - father that constantly takes photos of the baby Corpureaucracy - The institution of corporate red tape

[DNSOP] version inspection...Re: A new appoarch for identifying anycast name server instance

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Vote for the word of the day: Paparazzi - father that constantly takes photos of the baby Corpureaucracy - The institution of corporate red tape

Re: [DNSOP] version inspection...Re: A new appoarch for identifying anycast name server instance

a situation which we don't come across in our daily activity. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Vote for the word of the day: Paparazzi - father that constantly

Re: [DNSOP] A new appoarch for identifying anycast name server instance

-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Vote for the word of the day: Paparazzi - father that constantly takes photos of the baby Corpureaucracy - The institution of corporate red tape

Re: [DNSOP] CDS RRtype - automated KSK rollover

, is like arguing a negative which is fraught with logic problems. This is why I wouldn't fight against CDS but just won't dedicate time to examine it closely. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave

Re: [DNSOP] WGLC: draft-ietf-dnsop-dnssec-dps-framework-04.txt

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 I'm overly entertained. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org

Re: [DNSOP] watching for signature expiration in zones you don't sign

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Now, don't say I'm always complaining. Wait, that's a complaint, isn't it? ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman

Re: [DNSOP] comments on draft-savolainen-mif-dns-server-selection

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 The World Cup would be more fun if they didn't interrupt it with soccer games. ___ DNSOP mailing list DNSOP

Re: [DNSOP] comments on draft-savolainen-mif-dns-server-selection

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 The World Cup would be more fun if they didn't interrupt it with soccer games. ___ DNSOP mailing list DNSOP@ietf.org https

Re: [DNSOP] comments on draft-savolainen-mif-dns-server-selection

if this isn't that clear. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Discussing IPv4 address policy is like deciding what to eat on the Titanic

Re: [DNSOP] Split DNS problems for multi-interfaced hosts and a possible solution

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Discussing IPv4 address policy is like deciding what to eat on the Titanic. ___ DNSOP mailing list DNSOP

[DNSOP] comments on draft-savolainen-mif-dns-server-selection

distinguish a multi-homed host from two hosts at different IP addresses, so it's up to the host to deal with it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468

Re: [DNSOP] KSK rollover

of situations. There are proposed solutions that extend DNS, some extend EPP, and sooner or later some will extend other provisioning protocols. I doubt we will come to one standard practice. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

Re: [DNSOP] Ugly DNS ack

with DNS operations? I can't see...how the DNS can really be of help in this matter. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Wouldn't it be nice if all of the definitions

[DNSOP] Something you can't do with the DNS protocol

to roll them, that is SIG replaced by RRSIG at some point). It would be harder to do this (create inter-type dependencies) with established types. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave

Re: [DNSOP] FYI: DNSOPS presentation

last that long. If you don't fight the problem in the right place, you won't eradicate the issue. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 New pithy statement under

Re: [DNSOP] FYI: DNSOPS presentation

policy neutral? (One of my ten commandments: No long terms solutions for short term problems.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 New pithy statement under

Re: [DNSOP] FYI: DNSOPS presentation

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 New pithy statement under construction... ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Registration Operations Mail List

work on escrow on i...@ietf.org. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting

Re: [DNSOP] Review of draft-ietf-dnsop-rfc4641bis-02

of the AD Bit #... # Note, however, that the responses received by a security-aware stub # resolver are heavily dependent on the local policy of the # security-aware recursive name server. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis

Re: [DNSOP] automatic update of DS records

of cases) so that the registry folks don't keep coming with fire hoses and saying this won't work for us. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem

Re: [DNSOP] bar-bof - DSauto?

before figuring out the mechanism). -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] Internet Registration Bar BOF announcement

At 15:42 + 3/4/10, Tony Finch wrote: On Thu, 4 Mar 2010, Edward Lewis wrote: 1. Extensions to EPP as it exists today 2. Requirements for EPPbis 3. Requirements for the submission of DNSSEC's DS record into the registration system [...] DNSSEC generates data that must be transferred

Re: [DNSOP] automatic update of DS records

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction

Re: [DNSOP] automatic update of DS records

to the TLD the name is registered under. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] automatic update of DS records

At 19:17 + 3/2/10, Alex Bligh wrote: Ed, --On 2 March 2010 09:38:50 -0500 Edward Lewis ed.le...@neustar.biz wrote: Only in the last week did it sink into me that the problem is that we need a way to push DS records along the established registration path and not the DNS operations path

Re: [DNSOP] automatic update of DS records

.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction. ___ DNSOP mailing list DNSOP@ietf.org https

Re: [DNSOP] automatic update of DS records

be applicable for informal environments. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

didn't even get close to considering that. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

people think the opposite of regular is never? Because that's the way it is. ;) cron does not play dice with the universe. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

-3671 http://www.dnsops.gov/ === ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

At 10:39 -0500 1/21/10, Andrew Sullivan wrote: On Thu, Jan 21, 2010 at 10:14:41AM -0500, Edward Lewis wrote: So many assumptions have changed...but the idea of KSK/ZSK hasn't. Maybe this is the problem? Problem? Not everyone has an automated registration interface (making that a reason

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

are in the minority. (I.e., second level domains, third-level domains, etc...) [0] Not just EPP-using-registries. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

endorse them as functional necessities. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

At 11:38 -0800 1/21/10, Paul Hoffman wrote: At 2:17 PM -0500 1/21/10, Edward Lewis wrote: At 11:05 -0800 1/21/10, Eric Rescorla wrote: I have tried, repeatedly, to do so, but I am not an expert, nor apparently enough of an authority for you. Ekr is both; let's see if he likes my response

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

passwords, etc.) Do you also propose to roll all of these every month? If not, why not? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment

Re: [DNSOP] rfc4641bis: ZSK-roll-frequency

for running fire drills.) But where else (besides production) can you also test that ISPs get the right key into their verifiers? The Internet is an interconnected mesh of entities, no walled garden is an island... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward

[DNSOP] Timing of key changes (some things that hit me right away)

- they have to have the same TTL. RRSIGs are supposed (as in SHOULD) to be the same as the data they cover. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468

Re: [DNSOP] draft-yao-dnsop-idntld-implementation-01.txt

can handle just ZG(simp)? Or will this be taken care of at the presentation layer? I think this draft is in the early stages of documenting a needed design choice. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can

Re: [DNSOP] DLVs and ITAR

notification. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction

Re: [DNSOP] Key Management and Provisioningl was Re: .PR ...

Ok, I've about had it with the tone of this thread. At 12:17 +1000 9/12/09, Mark Andrews wrote: Actually there is blame all round. I think this is uncalled for and is detrimental to the list. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

Re: [DNSOP] Key Management and Provisioningl was Re: .PR ...

At 12:03 -0700 9/10/09, David Conrad wrote: On Sep 8, 2009, at 1:19 PM, Edward Lewis wrote: Correct me if I'm wrong, but the architecture of DNSSEC assumed (rightly or wrongly) a single hierarchical deployment model. Ok, if I must. DNSSEC does not assume a single hierarchical deployment

Re: [DNSOP] Dynamically Generated PTR, was Re: ... rDNS for IPv6...

thinking of when I worked with ENUM stuff. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're

Re: [DNSOP] Dynamically Generated PTR, was Re: ... rDNS for IPv6...

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction

Re: [DNSOP] comments about draft-morris-dnsop-dnssec-key-timing

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman

Re: [DNSOP] WGLC: DNSSEC Trust Anchor Configuration and Maintenance

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. ___ DNSOP mailing list DNSOP@ietf.org https

Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

At 9:16 -0400 4/27/09, Joe Abley wrote: Hardware Security Module is the more usual expanded form, I think? Wikipedia sides with you, Joe. Toh-may-to, Toh-ma-toh. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can

Re: [DNSOP] Key sizes was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

the KSK is any more special cryptographically. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much

Re: [DNSOP] dns data exchanged between host and local dns-sever

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. ___ DNSOP mailing list DNSOP@ietf.org

Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

. (If) They are sufficiently protected and I'll just keep the private key behind the same fortifications. So, what does an HSM add? (Really, I'd like to know...;)) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message

[DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

At 17:03 +0200 4/21/09, Florian Weimer wrote: * Edward Lewis: This comes from the observation that the contents of the database sourcing the zone (whether a commercial-like database or a vi'd file) are more critical than the private key. (If) They are sufficiently protected and I'll just

Re: [DNSOP] Key sizes was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

lingo is stuck in 1983.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much

Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

dictionary attacks, for example.) But I suppose that's far flung - I would hope an HSM does a good job at randomn number generation. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468

Re: [DNSOP] MX 0 . standard way of saying we don't do email ?

will treat that MX RR as a bad MX and reject the message instead of retrying. ...it's about SMTP... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy

Re: [DNSOP] More solicitation for feedback on dns64

, IPSEC, your choice). Just as DNSSEC does not guarantee correctness - the signer might sign an incorrectly typed record - the AD bit does not guarantee source authenticity. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar

[DNSOP] DS vs DNSKEY trust anchors, was Re: Truncation...

At 8:19 +1100 3/11/09, Mark Andrews wrote: In message a06240804c5dc2ddef...@[10.31.200.116], Edward Lewis writes: record involves less typing than a DNSKEY, I'd want to work with a DS record. Has anyone on this list ever typed in a DNSKEY or DS as a trust anchor? I would

Re: [DNSOP] Some second-hand remarks on draft-liman-tld-names-00.txt

restrictions on what is placed in the root, no algorithmic way to say thumbs up or say thumbs down. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy

Re: [DNSOP] Some second-hand remarks on draft-liman-tld-names-00.txt

-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy, if you don't want much. ___ DNSOP mailing list

Re: [DNSOP] I-D Action:draft-liman-tld-names-00.txt

manpages.5 as a domain name. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 Getting everything you want is easy, if you don't want much

Re: [DNSOP] I-D Action:draft-liman-tld-names-00.txt

not competent on this subject. At 1:55 +0100 12/2/08, Patrik Fältström wrote: #On 1 dec 2008, at 22.06, Edward Lewis wrote: # # So, when pressed to explain this to someone, is this more or less accurate?: # # With IDNs and specifically bidirectional text (referring to left to right # reading

Re: [DNSOP] Public Suffix List - Please move discussion to dnsop

to a registrant? That's not a DNS issue, that's a WhoIs/IRIS issue, if you want to pin that into a protocol. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity

Re: [DNSOP] Public Suffix List

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Public Suffix List

lie more in what happens at an ICANN meeting than an IETF meeting. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more

Re: [DNSOP] Localhost entries in zones

in the localhost(dot), not the church thing, but I know I wasn't happy with it. Thinking, thinking, no, can't recall the reason now. Maybe with time and discussion I will. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis

[DNSOP] second call ... rough draft of the minutes (ietf 71)

Aww, I didn't do *that* great of a job taking notes, did I? I mean, if you complain enough I won't be asked to do this again. At 13:36 -0400 3/26/08, Edward Lewis wrote: Comments? DNSOP WG Minutes IETF 71 @ Philadelphia, Pennsylvania, US March 11, 2008 1. WG Administration notes RFC 5138

Re: [DNSOP] WGLC: Considerations for the use of DNS Reverse Mapping

so. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. ___ DNSOP mailing list DNSOP

Re: [DNSOP] AS112 for TLDs

members?) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. ___ DNSOP mailing

Re: [DNSOP] Re: AS112 for TLDs

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think glocally. Act confused. ___ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] interop problems with getaddrinfo() address selection

THEN SHOWERS. MODERATE OR POOR BECOMING GOOD. ___ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis

Re: [DNSOP] interop problems with getaddrinfo() address selection

I stumbled across this: http://www.nanog.org/mtg-0310/pdf/wessels.pdf Look for the (unnumbered) slide Distribution of Queries to Nameservers and the ones following it. At 14:47 -0800 12/4/07, Edward Lewis wrote: I knew this came up before: http://lists.oarci.net/pipermail/dns-operations

[DNSOP] draft-ietf-dnsop-reflectors-are-evil-05.txt

. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think glocally. Act confused. ___ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Always registering the IP address of the name servers during a delegation?

*only* because collecting the IP addresses has heretofore been something we don't cotton to. (Oh, heretofore = up to now; cotton to = we approve of.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434

Re: [DNSOP] Always registering the IP address of the name servers during a delegation?

there is some strong motivation given. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think glocally. Act confused. ___ DNSOP mailing

Re: [DNSOP] WGLC for draft-ietf-dnsop-respsize-07.txt

a buffer overflow problem. I forget the exact error but still have a deep enough emotional scare to recall it was RFC 1876. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Think

<    1   2   3   4   5   >