Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

2017-01-10 Thread Ralf Weber
Moin! On 7 Jan 2017, at 23:54, Scott Schmit wrote: why you think hostile actors will do things with RPZ that they couldn't do now? > > For the very reasons that the authors want to make this an RFC -- RPZ > isn't interoperable between DNS resolvers today. Once this RFC is > published,

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread Paul Wouters
On Tue, 10 Jan 2017, Matthijs Mekking wrote: I see that IESG has approved this document, but I am still wondering this: On 01-12-16 13:20, Matthijs Mekking wrote: Hi, I read this again. I still wonder if in the case of DNSSEC Delete Algorithm it wouldn't be easier to say: In case the

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread Ólafur Guðmundsson
Yes I agree, Push a new version if Tim agrees ? Olafur On Tue, Jan 10, 2017 at 12:53 PM, Paul Wouters wrote: > On Tue, 10 Jan 2017, Matthijs Mekking wrote: > > I personally think the simplification of using all zero's is good. If >>> someone accidentally changes the wrong

[DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-05.txt

2017-01-10 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations of the IETF. Title : Managing DS records from parent via CDS/CDNSKEY Authors : Olafur Gudmundsson

[DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-06.txt

2017-01-10 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations of the IETF. Title : Managing DS records from parent via CDS/CDNSKEY Authors : Olafur Gudmundsson

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread Paul Wouters
On Tue, 10 Jan 2017, Paul Wouters wrote: Ohh, I think Matthijs actually found a bug: Fixed in 06 (I forgot the text update in 05). Thanks to Matthijs for being so persistent in bringing this up. My apologies that I did not understand your concern before. Chairs, it is up to you to decide on

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread tjw ietf
Thanks Paul, and double thanks to Matthijs for his diligence in wisely forcing this. The new version is minor, but significant. I don't feel that it needs a new WGLC, but I want to put the diff between the two versions here so folks may take a second look.

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread Matthijs Mekking
On 10-01-17 17:50, Paul Wouters wrote: > On Tue, 10 Jan 2017, Matthijs Mekking wrote: > >> I see that IESG has approved this document, but I am still wondering >> this: >> >> On 01-12-16 13:20, Matthijs Mekking wrote: >>> Hi, >>> >>> I read this again. I still wonder if in the case of DNSSEC

Re: [DNSOP] I-D Action: draft-ietf-dnsop-maintain-ds-04.txt

2017-01-10 Thread Paul Wouters
On Tue, 10 Jan 2017, Matthijs Mekking wrote: I personally think the simplification of using all zero's is good. If someone accidentally changes the wrong number in the DS record when changing parameters, it will prevent a mistaken delete request. While, the zone might still fail, at least it

Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

2017-01-10 Thread Philip Homburg
>> 1) If the traver's laptop/phone uses Heathrow Airport resolvers then Heathro >w > >>4) DNS is not really private so Google may offer their DNS services over HTTP >S >> 5) Governments may force Google to block popular sites, so users switch to >>other DNS resolvers, again over HTTPS. > >See