>
> Fine. Now we need to have something actionable, e.g. set of names for
> Geoff to test.
The first test I’ve undertaken is to test two name forms in an ad campaign over
the past few days:
heres an example of the test:
xm--u82aa292f-c13-s1518066940-i
> On Feb 7, 2018, at 6:13 AM, Benno Overeinder wrote:
>
> On 07/02/2018 10:12, Warren Kumari wrote:
>> Whoops, last message was blank; finger fail.
>>
>>
>> On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote:
>>> On Wed, Feb 7, 2018 at 2:15 AM, Petr
On Wed, Feb 7, 2018 at 6:13 AM, Benno Overeinder wrote:
> On 07/02/2018 10:12, Warren Kumari wrote:
> > Whoops, last message was blank; finger fail.
> >
> >
> > On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote:
> >> On Wed, Feb 7, 2018 at 2:15 AM, Petr
On 07/02/2018 10:12, Warren Kumari wrote:
> Whoops, last message was blank; finger fail.
>
>
> On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote:
>> On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote:
>>>
>>> Fine. Now we need to have something
Whoops, last message was blank; finger fail.
On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote:
> On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote:
>>
>>
>> On 6.2.2018 17:13, Paul Hoffman wrote:
>>> On 6 Feb 2018, at 8:04, Petr Špaček wrote:
>>>
On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote:
>
>
> On 6.2.2018 17:13, Paul Hoffman wrote:
>> On 6 Feb 2018, at 8:04, Petr Špaček wrote:
>>
>>> On 6.2.2018 13:22, Tony Finch wrote:
A. Schulze wrote:
>
> Yes,
On 6.2.2018 17:13, Paul Hoffman wrote:
> On 6 Feb 2018, at 8:04, Petr Špaček wrote:
>
>> On 6.2.2018 13:22, Tony Finch wrote:
>>> A. Schulze wrote:
Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
I also prefer that longer variant.
>>>
On 6 Feb 2018, at 8:31, Joe Abley wrote:
Some other RFC numbers were clearly reserved for specific documents in
the past (e.g. see RFC 2821/2, obsoleting RFC 821/2) but perhaps those
were special cases.
It was special, and very much regretted by the RFC Editor at the time.
This badly
On 6 Feb 2018, at 11:04, Petr Špaček wrote:
> On 6.2.2018 13:22, Tony Finch wrote:
>> A. Schulze wrote:
>>
>>> Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
>>> I also prefer that longer variant.
>>
>> Yes, more friendly for
On 2/6/18 8:13 AM, Paul Hoffman wrote:
> On 6 Feb 2018, at 8:04, Petr Špaček wrote:
>
>> On 6.2.2018 13:22, Tony Finch wrote:
>>> A. Schulze wrote:
Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
I also prefer that longer variant.
>>>
On 6 Feb 2018, at 8:04, Petr Špaček wrote:
On 6.2.2018 13:22, Tony Finch wrote:
A. Schulze wrote:
Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
I also prefer that longer variant.
Yes, more friendly for web searches if someone is wondering
On 6.2.2018 13:22, Tony Finch wrote:
> A. Schulze wrote:
>>
>> Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
>> I also prefer that longer variant.
>
> Yes, more friendly for web searches if someone is wondering about weird
> queries.
Bonus points
On 2018-02-05 14:18 -0500, Geoff Huston wrote:
> I thought this was due to some concern over the wording in RFC (some
> IDN
> RFC whose number I can’t recall right now!) over a comment that the UC label
> should not contain the starting sequence " - -”
RFC5890 point 2.3.1
To facilitate
A. Schulze wrote:
>
> Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
> I also prefer that longer variant.
Yes, more friendly for web searches if someone is wondering about weird
queries.
Tony.
--
f.anthony.n.finch http://dotat.at/
Paul Hoffman:
I think Tony's idea is likely fine, but I also think
kskroll-sentinel-is-ta- is perfectly fine as well.
Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific.
I also prefer that longer variant.
Andreas
___
DNSOP
On 5 Feb 2018, at 11:18, Geoff Huston wrote:
On 5 Feb 2018, at 11:47 pm, Tony Finch wrote:
Geoff Huston wrote:
if not underscores and IF “xm—“ as a leading substring is not
acceptable for
some reason, then what label format would be acceptable for this
> On 5 Feb 2018, at 11:47 pm, Tony Finch wrote:
>
> Geoff Huston wrote:
>>
>> if not underscores and IF “xm—“ as a leading substring is not acceptable for
>> some reason, then what label format would be acceptable for this
>> measure?
>
> Maybe put the -- in
Geoff Huston wrote:
>
> if not underscores and IF “xm—“ as a leading substring is not acceptable for
> some reason, then what label format would be acceptable for this
> measure?
Maybe put the -- in the middle somewhere? e.g. is-ta-- not-ta--
Tony.
--
f.anthony.n.finch
On 04/02/2018 22:35, Petr Špaček wrote:
> Underscore is now out of the question because we know about the
> Android/Chrome problem se might test alternative labels.
I don't think that's necessarily true.
It may just mean that there's an additional set of possible responses
that the draft needs
On 02/02/2018 04:45 PM, Warren Kumari wrote:
> were **NOT** able to fetch the "underscore" record
> were able to fetch the "dashdash" record
Current Firefox 58.0.1 and old Chromium 61.0.3163.79, Linux, same
result. The system resolver does fetch _www.ksk-test.net. OK. (I can't
say I understand
>
> Now when I see that this kind of problems is real, it is probably the
> right time to ask Geoff to use his tools and get some data from large
> scale measurement...
>
> Underscore is now out of the question because we know about the
> Android/Chrome problem se might test alternative labels.
On Fri, Feb 2, 2018 at 4:41 AM, Petr Špaček wrote:
> On 2.2.2018 09:32, Mark Andrews wrote:
>> This isn’t about whether name servers load A records with non LDH names
>> as they all can.
>>
>> The real question is do the name lookup api’s in the web browsers barf
>> on non
On 2.2.2018 09:32, Mark Andrews wrote:
> This isn’t about whether name servers load A records with non LDH names
> as they all can.
>
> The real question is do the name lookup api’s in the web browsers barf
> on non IDN, non LDH names since that is the mechanism being proposed
> for people to
On 02/02/2018 08:32, Mark Andrews wrote:
> The real question is do the name lookup api’s in the web browsers barf
> on non IDN, non LDH names since that is the mechanism being proposed
> for people to test this.
+1 - that's my concern too.
The browsers that refuse to accept an underscore
This isn’t about whether name servers load A records with non LDH names
as they all can.
The real question is do the name lookup api’s in the web browsers barf
on non IDN, non LDH names since that is the mechanism being proposed
for people to test this.
Mark
> On 2 Feb 2018, at 6:50 pm, Petr
On 2.2.2018 07:55, A. Schulze wrote> Paul Hoffman:
>> My preference is #1 because, in general, a label starting with _ has
>> been meant for infrastructure, and that's what these labels are.
>> Others might like #2 so they don't have to add configuration to BIND
>> (and maybe other authoritative
Paul Hoffman:
My preference is #1 because, in general, a label starting with _ has
been meant for infrastructure, and that's what these labels are.
Others might like #2 so they don't have to add configuration to BIND
(and maybe other authoritative servers).
just checked, my NSD and
On 1 Feb 2018, at 16:48, Geoff Huston wrote:
I’ve reviewed the (lengthening) thread on this draft, but while I
saw posted objections to the use of “xm—" as the initial part of
the left-most label here, I did not see any concrete alternate
proposals. So on the assumption that I must’ve missed
rather than a conversational description, could someone perhaps produce
a flow chart or pascal-style flow diagram of each actor's decision tree?
i am lost.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
> On 2 Feb 2018, at 7:56 am, Paul Hoffman wrote:
>
> On 1 Feb 2018, at 12:20, Geoff Huston wrote:
>
>> What about if the sentinel spec proposes to use a left-most label of the
>> form(s):
>>
>>xm—-is-ta-[key]
>>
>> and
>>
>> xm—-not-ta-[key]
>>
>>
>> would
On 1 Feb 2018, at 12:20, Geoff Huston wrote:
What about if the sentinel spec proposes to use a left-most label of
the form(s):
xm—-is-ta-[key]
and
xm—-not-ta-[key]
would this form of hostname be a reasonable way forward?
This was discussed in a different thread in the WG a few
On Fri, Feb 02, 2018 at 07:20:45AM +1100, Geoff Huston wrote:
> What about if the sentinel spec proposes to use a left-most label of the
> form(s):
>
> xm—-is-ta-[key]
>
> and
>
>xm—-not-ta-[key]
>
>
> would this form of hostname be a reasonable way forward?
Only if you want to
> On 26 Jan 2018, at 3:17 am, Paul Hoffman wrote:
>
> On 25 Jan 2018, at 7:36, Warren Kumari wrote:
>
>> On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch wrote:
>>> Isn't this going to cause problems with software that checks hostname
>>> syntax?
>
> Yes.
On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch wrote:
> (catching up on old messages)
>
> Warren Kumari wrote (and I liberally snipped):
>>
>> I publish this in my a zone:
>>
>> _is-ta-12345.example.com. 600 IN A 192.0.2.1
>>
(catching up on old messages)
Warren Kumari wrote (and I liberally snipped):
>
> I publish this in my a zone:
>
> _is-ta-12345.example.com. 600 IN A 192.0.2.1
> _is-ta-12345.example.com. 600 IN RRSIG A
>
> I now tell users to please browse to
On Mon, Jan 15, 2018 at 7:22 AM william manning
wrote:
> your wrote,: "In the real world, the user will not be expected to figure
> this out [...] -- a bit of JS on www.example.com will do the 3 fetches
> and report "You'll be just fine", "You will have issues, call
Hi Warren, all,
On 15-01-18 02:51, Warren Kumari wrote:
> The (new) rules:
> A: If the qname starts with _is-ta, and the included keyid is *NOT* in
> the trust store, the resolver changes the answer to a SERVFAIL
> (otherwise things proceed normally).
> B: If the qname starts with _not-ta and the
On 15 Jan 2018, at 07:22, KenM wrote:
> I think its a bit sad that for the DNS to work, one now needs to run http[s]
> and JS. So much for stand alone protocols. Now if you could show how this
> works without JS or HTTP, then we might be getting somewhere.
We
your wrote,: "In the real world, the user will not be expected to figure
this out [...] -- a bit of JS on www.example.com will do the 3 fetches and
report "You'll be just fine", "You will have issues, call your ISP and get
them to install the new key" or "Sorry, cannot tell. Call your ISP and
Hi Warren,
On 14 Jan 2018, at 20:51, Warren Kumari wrote:
> I had a conversation with a friend earlier today, who had carefully read the
> document
> (https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/), but
> had not managed to understand it at all.
Hi all,
I had a conversation with a friend earlier today, who had carefully read
the document
(https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/)
, but had not managed to understand it at all
.
Since
this friend is bright, and really understand
s
DNS, I figured that the
41 matches
Mail list logo