On Thu, Mar 2, 2023 at 2:10 AM Paul Vixie
wrote:
> >
> > Address lookup functions typically invoked by applications won't see
> > a practical impact from this indistinguishability. For a non-
> > existent name, the getaddrinfo() function for example will return a
> > value of
On 3/2/23 00:14, Joe Abley wrote:
We are not talking about lies. Referring to these kinds of negative responses
as lies is confusing and unhelpful. They are signed responses, and the point of
signing them is that they are verifiably true.
I think "lies" refers to an assumption that a single
On Thu, Mar 2, 2023 at 1:42 AM Florian Obser
wrote:
>
> I might not be caffeinated enough yet, but I think the next domain name
> in section 5 should be \000.ent1.example.net:
>
> ent1.example.net. 3600 IN NSEC \000.ent1.example.net. RRSIG
> NSEC ENT
>
I'm the one who wasn't
Florian Obser wrote on 2023-03-01 22:42:
I might not be caffeinated enough yet, but I think the next domain name
in section 5 should be \000.ent1.example.net:
ent1.example.net. 3600 IN NSEC \000.ent1.example.net. RRSIG NSEC ENT
In section 6, calling getaddrinfo() return values
I might not be caffeinated enough yet, but I think the next domain name
in section 5 should be \000.ent1.example.net:
ent1.example.net. 3600 IN NSEC \000.ent1.example.net. RRSIG NSEC ENT
In section 6, calling getaddrinfo() return values exit codes is a bit
odd, maybe this will do?
gih> for what its worth I would like to chime in and support George's
gih> view. The technique is NOT a lie per se.
I'll "me too" this with George and Geoff.
Figuring out a more efficient way to do what is ultimately wanted
(crypographically provable denial of existence) that works better than
Hi George,
On Wed, Mar 1, 2023 at 17:40, George Michaelson wrote:
> My opposition is philosophical and practical.
>
> the philosophical part, is that this is a SIGNED ASSERTION by the zone
> authority. I don't think anything the zone authority says under a
> signature should be called a lie,
for what its worth I would like to chime in and support George’s
view. The technique is NOT a lie per se. It's a stretch (well
its the opposite of “stretch” - its a “compression”) of the
intended contents of the denial of existence response, but it is not
a lie as I see it. I would be far more
My opposition is philosophical and practical.
the philosophical part, is that this is a SIGNED ASSERTION by the zone
authority. I don't think anything the zone authority says under a
signature should be called a lie, because the basis of verification is
that its exactly what was intended to be
Hi folks,
We've posted a new draft describing the former "Black Lies" mechanism
for authenticated denial, now renamed as "Compact Lies".
https://datatracker.ietf.org/doc/draft-huque-dnsop-compact-lies/
We are hoping to discuss it here and at IETF116, and see if there is
interest in adopting
10 matches
Mail list logo