It appears that Steffen Nurpmeso said:
> |I realize that RFC 8463 says repeatedly that the base64-encoded
> |representation of an ED25519 key is 44 bytes, and that the
> |examples go for this. Still there is no wording that the entire
> |ASN.1 structure shall be thrown away.
Yeah, I should
It appears that Scott Kitterman said:
>This isn't horrible. The main reason for RFC 8463 was, in my view, as a hedge
>for some discovery that suddenly made RSA
>obsolete, which hasn't happened yet. From a standards perspective, it is
>there if needed.
Yes, that is exactly the reason I wrote
It appears that Murray S. Kucherawy said:
>-=-=-=-=-=-
>
>On Mon, Feb 5, 2024 at 1:39 PM Steffen Nurpmeso wrote:
>
>> If a graphical user interface gives you a green "ok" button to
>> click, or "red" otherwise, that is even better as in browser URL
>> lines. Then pop up a tree-view of message
It appears that Jim Fenton said:
>On 5 Feb 2024, at 14:02, Dave Crocker wrote:
>
>> On 2/5/2024 1:56 PM, Jim Fenton wrote:
>>> And you will also provide citations to refereed research about what you
>>> just asserted as well, yes?
>>
>>
>> Ahh, you want me to prove the negative. That's not
It appears that Dave Crocker said:
>> Any DKIM signer or verifier already has a state machine looking for CR
>> and LF to do header or body canonicalization. When the state machine
>> runs into a bare CR or LF, it has to do something. The only options
>> are to produce a wrong result, since
It appears that Dave Crocker said:
>The prohibition is not in DKIM. So the violation is not within DKIM.
>And why should DKIM care?
RFC 6376 says what to do with 5322 messages. It says nothing about
what to do with blobs of bytes that are sort of like but not quite
5322 messages. It even has
It appears that Murray S. Kucherawy said:
>-=-=-=-=-=-
>
>On Wed, Jan 31, 2024 at 5:44 PM Steffen Nurpmeso wrote:
>
>> But i cannot read this from RFC 6376.
>
>Sections 2.8 and 3.4.4 don't answer this?
Not really. They say what to do with CRLF but not with a lone CR or lone LF.
RFC5322 says:
It appears that Evan Burke said:
>> Insisting on using the same term for these two different cases has an
>> academic purity to it, but has already been demonstrated to be destructive
>> in practical terms, because it creates confused discussion.
>No, that's exactly backwards. The oversigning
It appears that Mike Hillyer said:
>In the interest of the rule of unforseen consequences, we're trying to avoid
>oversigning any headers that would break further downstream processing. Does
>anyone
>know of any headers that *should* be DKIM signed, but *should not* be
>oversigned?
Offhand,
It appears that Scott Kitterman said:
>On October 27, 2023 2:56:30 PM UTC, "Murray S. Kucherawy"
> wrote:
>>On Sun, Oct 1, 2023 at 1:50 AM Jan Dušátko
>>wrote:
>>
>>> I would like to ask to consider the possibility of defining a DKIM
>>> signature using Ed448. [...]
>My view is that more
In article you write:
>So, it seems like (IANAL) one way to read the situation is that the government
>is currently trying to
>get companies to forcefully take the expectation of privacy off the table for
>commonly used
>communication tools.
I
In article <396e100a-55ba-4155-a29e-92d452a45...@gmail.com> you write:
>Interesting article, cross-posted from ISOC Public Policy list
Carpenter is an interesting case, but it has nothing to do with the
Internet.
It's quite fact specific to mobile phones, which by their nature
transmit a running
Just few quick questions,
In what part of Fadi Chehad� mandate at ICANN this falls ? And who
sanctified him as representative of the Internet Community ?
He is just an employee of ICANN and these actions go way beyond ICANN's
mission and responsibilities.
ICANN has a long running fantasy that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Because we've got more than 120 working groups, thousands of
participants, and the internet is now part of the world's
communications infrastructure. I don't like hierarchy but
I don't know how to scale up the organization without it.
There are
of the authors of this RFC and support the change.
ADSP was basically an experiment that failed. It has no significant
deployment, and the problem it was supposed to solve is now being
addressed in other ways.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In article 6.2.5.6.2.20130920070952.0664d...@elandnews.com you write:
Hi Spencer,
I read your DISCUSS about draft-ietf-homenet-arch-10:
'Is there a useful reference that could be provided for dotless?'
Another possibility is
I would even suggest that all I-D authors, at the very least, should
need to register with the IETF to submit documents.
Oddly enough, back in the Dark Ages (i.e. the ARPANET), the DDN maintained
such a registry, and so if you Google 'NC3 ARPANET' you will see that that
was the ID
There are, in the RfC I used as an example, far more acknowledged
contributors, than authors. No addresses for those contributors are
given.
As far as I can tell, nobody else considers that to be a problem.
I have written a bunch of books and looked at a lot of bibliographic
records, and I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Asking for ORCID support in the tool set and asking for IETF endorsement
are two very different things.
Having tool support for it is a necessary first step to permitting IETF
contributors to gain experience with it. We need that experience before
Having an IETF identity is OK if all you ever publish is in the IETF. Some of
our
participants also publish at other SDOs such as IEEE, W3C, ITU, and quite a
few publish
Academic papers. Using the same identifier for all these places would be
useful, and
that single identifier is not going to
It's practically essential for academics whose career depends on
attribution of publications and on citation counts (and for the
people who hire or promote them).
Gee, several of the other John Levines have published way more than I
have. If what we want is citation counts, confuse away.
R's,
, a
psychiatrist in Cambridge MA, a composer in Cambridge UK, a car buyer
in Phoenix, and some random guy in Brooklyn, all of whom happen to be
named John Levine. Tough. Not my problem.
I also think that it's time for people to get over the someone might
spam me so I'm going to hide nonsense
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since this has turned out to be ambiguous, I have decided to instead use a
SHA-256 hash of my DNA sequence:
9f00a4-9d1379-002a03-007184-905f6f-796534-06f9da-304b11-0f88d7-92192e-98b2
How does your identical twin brother feel about this?
-BEGIN
How do I know that the sender of this message actually has the right
to claim the ORCID in question (-0001-5882-6823)? The web page
doesn't present anything (such as a public key) that could be used
for authentication.
I dunno. How do we know who brian.e.carpen...@gmail.com is? I can
tell
Why do you think that cryptographic doubt = legal doubt? I've heard
that claim many times, but I've never heard an argument for it.
Having attempted to explain technology in court as an expert witness,
I find the assertion risible.
R's,
John
Yes, they should have made that impossible.
Oh my, I _love_ this! This is actually the first non-covert use case I've
heard described,
although I'm not convinced that PGP could actually do this without message
format tweaks.
Sounds like we're on our way to reinventing S/MIME. Other than
Sounds like we're on our way to reinventing S/MIME. Other than the
key signing and distribution (which I agree is a major can of worms)
it works remarkably well.
Which sounds kind of like, Other than that Mrs. Lincoln, how was the play?
Yes, and no. PGP and S/MIME each have their own key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Believe it or not Ted Nelson had a similar idea when he invented Xanadu
Hypertext. He was obsessed by copyright and the notion that it would be
wrong to copy someone else's text to another machine, hence the need for
links.
Well, yes, but he's never
out.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
SPF is ten years old now. It would be helpful if you could give us a
list of other protocols that have had a similar issue with a TXT
record at the apex during the past decade.
I don't know of any (at least ones that are used in the global dns
namespace), and I would like to still not know of
Nobody has argued that SPF usage is zero, and the reasons for
deprecating SPF have been described repeatedly here and on the ietf
list, so this exercise seems fairly pointless.
the reasons for not deprecating SPF have been described here
and on the ietf list repeatedly ... yet
In article b4828b8f-b900-4dc1-ad3e-7e3044fb8...@isi.edu you write:
and the hotel is fully booked�.
Not if you use the link on the meeting hotel page.
http://www.ietf.org/meeting/88/hotel.html
R's,
John
In article 5215cd8d.3080...@sidn.nl you write:
So what makes you think the above 4 points will not be a problem for the
next protocol that comes along and needs (apex) RR data? And the one
after that?
SPF is ten years old now. It would be helpful if you could give us a
list of other protocols
Actually, I just checked. Right now, none of them seem to publish SPF RRtype
records.
Yahoo doesn't even publish a TXT record containing SPF information. An
argument could
be made that if we really wanted to push the adoption of SPF RRtypes, getting
Google,
Yahoo and Hotmail to publish SPF
Newsgroups: iecc.lists.ietf.ietf
From: John Levine jo...@iecc.com
Subject: Re: [spfbis] prefixed names, was Last Call:
draft-ietf-spfbis-4408bis-19.txt
Summary:
Expires:
References: 5212fcef.80...@dcrocker.net
55459829-933f-4157-893a-f90552d44...@frobbit.se
5213174d.7080...@dcrocker.net
* The charter disallows major protocol changes -- removing the SPF RR type
is a direct charter violation; since SPF is being used on the Internet. ...
Uh huh.
$ dig besserwisser.org txt
;; QUESTION SECTION:
;besserwisser.org. IN TXT
;; ANSWER SECTION:
besserwisser.org.
There is nothing syntactially worng with those entries. I congratulate
people advocating SPF in TXT records while also writing parsers.
None of your TXT records are SPF records because they don't start with
the required version tag. You have two type 99 records that start
with the version tag,
AFAICT, no one is arguing that overloading TXT in the
way recommended by this draft is a good idea, rather the best arguments appear
to be that it is a pragmatic
least bad solution to the fact that (a) people often implement (poorly) the
very least they can get away
with and (b) it can take a
In article 01672754-1c4f-465b-b737-7e82dc5b3...@oracle.com you write:
I've been told, though obviously I don't know, that the costs are
proportional. I assume it's not literally a if we get
one additional person, it costs an additional $500. But I assume SM wasn't
proposing to get just one or
The anti-hijacking feature causes the confirmation email to
only go to the authors listed on the previous version of the document, so
mail was not sent to me and things are working as expected.
This behavior is not documented to the user when they submit the document
and is therefore a bug.
http://iaoc.ietf.org/documents/RPC-Proposed-SoW-2013-final.doc
I know that I should not this, but... I am a bit surprised
(disappointed) in seeing a proprietary format used here. I am not
saying that you should not use the Office suite to write it, but you
could convert it to PDF (better,
I wonder, though, if this document might have contained change bars that
nobody but people who use MS
Word would see. Opening the document up in Preview on the Mac, it's just
four or five pages of
text, with no way to evaluate what changed.
It looks fine in OpenOffice. Really.
I agree with
We have recently been asked permission to republish the TAO with a creative
commons
license, but according to counsel, the current trust agreement does not give
the
trustees the rights to do this.
- Without specific language being added to the trust agreement, we cannot
grant these
types of
Actually, verbatim translations are already allowed under the existing IETF
document license. It's other modifications that are not allowed under IETF,
but which
CC-BY would permit.
That sounds right. Someone might want to add commentary (even in English) to
the Tao,
such as to discuss local
My understanding is that Germany has reciprocal VAT agreements with a
bunch of countries so if your employer is in one of those countries it may
be able to reclaim, but since the US isn't one of them I haven't looked in
detail.
John
VAT is a European Union tax that all member states are
Ironically, this IETF everyone who stayed at the Intercontinental was walking
around
with an RFID key in their pocket the whole meeting. How many of us put them
in
faraday cages?
I put all of my cards in a faraday cage, but perhaps that's just me,
and because I carry an RFID passport card.
Agreed. One minor downside was needing an additional flight. It seems AB who
handles about a third of the traffic rather than Lufthansa that handles about
one
fifth, was not the best choice where a 6 hour layover extended an hour on the
tarmac
in a hot plane.
With any luck, the next time we
In article m2li4ew2nk.wl%ra...@psg.com you write:
Ironically, this IETF everyone who stayed at the Intercontinental was
walking around with an RFID key in their pocket the whole meeting.
How many of us put them in faraday cages?
one. i made it a habit
Two. I have a wallet with a built-in
If there is a serious drive to discontinue the weekly posting
summary - I strongly object.
As far as I can tell, one person objects, everyone else thinks it's fine.
Seems like rough consensus to me.
R's,
John
At last week's very successful Berlin meeting, the finances were
thrown of whack by the late discovery that the IETF had to pay 19%
German VAT on the registration fee. At the IAOC session they said
that about half of that is likely to be reclaimed from VAT paid, but
the net amount is still a
Venue was great, food options here and in the city were great,
all-around great experience. Let's come again!
Agreed. Great meeting overall, venue worked well, plenty of places
to eat and stay within reasonable distance, and suitable distractions
for those half days when you don't have any
-1 on doing it during the winter speaking as a Californian who doesn't
even own a winter coat
I expect you could get a very nice one at KaDeWe.
In article 6462.1375450...@sandelman.ca you write:
-=-=-=-=-=-
Many countries let you claim VAT paid as you leave.
Only on goods you export, not on hotels and meals.
I hope the IETF can figure out how to more efficiently reclaim the VAT
it pays on European expenses so the whole thing is a
In article 51e368f9.70...@dougbarton.us you write:
On 07/12/2013 02:40 PM, John R Levine wrote:
Point your browser at http://dk/ or http://tm/ and see what happens.
As John points out, the ccTLDs are already doing this. ICANN has no
authority to tell the ccTLDs NOT to do it, thus restricting
I guess I'm missing something. How exactly is having a gTLD going to bring in
the Big Bucks? Do people actually type addresses into the address bars on
their browsers any more, or do they just type what they're looking for into
the search bar?
Let's just say you're not allowed to ask that
domains are going to be dotless and three of the biggest dotless domains
are going to be called .apple and .microsoft and .google and they are going
I've read the applications for .apple, .microsoft, and .google. None
of them propose to use dotless names, only the usual 2LDs. At this
pont
It seems that the rules might be somewhat similar all over europe:
http://www.tmf-vat.com/vat/german-vat.html
You would think so, which leads to the question about what's different
in Berlin from Paris and Prague and Maastricht.
R's,
John
I'm trying to submit and I-D, and I'm not getting the usual
confirmation mail. My mail logs show nothing, no attempts, no
failures. It worked the last time I tried it on Sunday. (Yes,
I gave it a working address.)
Anyone else seeing this?
R's,
John
In article 51cf38eb.3080...@dougbarton.us you write:
On 06/29/2013 05:28 AM, Noel Chiappa wrote:
From: j...@mercury.lcs.mit.edu (Noel Chiappa)
Yet.
PS: I probably should have added a :-) to that. Sorry, it's early, the
brain's not firing on all cylinders yet, and I was so
I think this is the correct strategy, BUT, I see as a very active participant
in ICANN
(chair of SSAC) that work in ICANN could be easier if some more technical
standards where
developed in IETF, and moved forward along standards track, that ICANN can
reference.
As a concrete example, the EPP
So, if wg discussion has been ordered mute by the wg chairs because
some wg participants believe the group-think consensus is good enough,
can those objections again be raised in IETF LC or are they set in stone?
If that were ever to happen, I don't see why not.
In the recent cases I've seen
The move appears to be related to new, restrictive
regulations the Argentine government has imposed on currency exchanges.'
According to the Telegraph, 'The new regulations required anyone wanting
to change Argentine pesos into another currency to submit an online
request for permission
I think this is a summary of the issues people have mentioned that
discourage participation from LDCs, in rough order of importance.
* People aren't aware the IETF exists, or what it does, or that it has
an open participation model
* People don't read and write English well enough to be
Feh. There is no winter in Vancouver. On the other hand there are
salmon and steelhead.
I distinctly remember a meeting in Vancouver where certain attendees
were complaining about the winter weather, with temperatures plunging
below zero* and snow drifting 1 to 2*.
The specific complaint was
My question is about whether we would be there during the peak season,
and when exactly is that season?
I gather you're in Ottawa. Here's Air Canada's calendar rules for
their lowest fare to EZE:
ORIGINATING CANADA -
PERMITTED 01JAN THROUGH 08JUL OR 06AUG THROUGH 16SEP
OR 01OCT
I suspect that if the meeting is approved, the food in Buenos Aires
will be more interesting than it was in Adelaide, at least for many of
us. The locals speaking English might also be more understandable. :-)
If you like steak or pizza and lots of pretty good red wine, the food
in Buenos
On May 23, 2013, at 7:44 PM, Melinda Shore melinda.sh...@gmail.com wrote:
So the question is why we aren't seeing more drafts, reviews, and
discussions from people in Central and South America,
Language?
Possibly, but we get quite a lot from parts of Asia where I'd think
the language issue
.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
-motorola.html
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some inconvenience, therefore all
DNSBLs suck forever. I could say similar things about buggy PC
implementations of TCP/IP, but I think a few things have changed since
then, in both cases.
Quoting Nathaniel Borenstein [1]:
One man's blacklist is another's denial-of-service attack.
Email reputation services have a bad reputation.
They have a good enough reputation that every non-trivial mail system
in the world uses them. They're not all the same, and a Darwinian
process has
That said, I did at one point have to exercise my diplomatic skills when I got
forwarded a customer (nameless
here for evermore) question about whether support for RFC 3514 was on our
roadmap.
Think of it as free market intelligence on your customer base.
Of course we've only had April 1 RFCs
In practice, the /64 prefix of the IPv6 address has very much the same
administrative properties as the /32 value of the IPv4 address.
You would hope so, but I know hosting places that give their customers
a /128 in a shared /64. They claim that their routers make this hard
to fix. I don't know
As a result, it is questionable whether any IPv6 address-based reputation
system can be successful (at least those based on voluntary principles.)
It can probably work for whitelisting well behaved senders, give or take
the DNS cache busting issues of IPv6 per-message lookups.
Since a bad guy
In article 51489888.6050...@internet2.edu you write:
I want my badge to have my name and a small screen showing the room I
just came from.
I want the screen to show the room I'm going to next. And it should
be upside down so I can read it.
In article 5148d415.1000...@internet2.edu you write:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/19/13 20:38, Michael Richardson allegedly wrote:
Actually, I'd just settle for a badge that wasn't always
backwards.
It costs a lot more to get lanyards that attach at two corners.
If our
It would also allow some crows-sourcing of corrections and additions to
the raw minutes...
CAW CAW CAW CAW !!!
In article 5142fe8f.1020...@dcrocker.net you write:
Review of:Architectural Considerations on Application Features in
the DNS
I-D: draft-iab-dns-applications-07
Reviewed by: D. Crocker
I had similar comments to Dave's on earlier versions of this draft,
and although
If the disk goes bad so as to provoke a misread of a sector, post
write, the file is effectively corrupted. If this happens with git,
the checksum calculated on write will fail to match, and the
corruption is detected.
If you're worried about that (not totally unreasonable on modern
disks)
consuming if each iteration has to go from the editor to the
author and back, If the document has a co-author who's working on it
all along, the rewriting could happen as the document was developed,
leaving only a final check for the copy editor.
--
Regards,
John Levine, jo...@iecc.com, Primary
8.10 Hotel Booked Beyond 100% Capacity. Hotel agrees not to
relocate any conference attendee holding a guaranteed
reservation only after it has relocated any other guests
required to be relocated.
I tried reading the sentence above several times and have
concluded it isn't me -- it
- Each of the confirming bodies (the ISOC Board for the IAB, the
IAB for the IESG, and the IESG for the IAOC) could make a
public statement at the beginning of each year's nominations
process that they will not confirm a slate unless it
contributes to increased
So I guess one still has to keep track of daylight savings.
I've been trying to explain this to people for years, that I cannot
tell when their meeting is if they will not tell me what time zone
they're using.
It turns out most people don't actually know what time zone they're
using (no, San
is much increased.
Florida will be at UTC-4 (which we call EDT) as of early Sunday
morning, so a meeting at noon in Florida any day of IETF 86 will
be at 0800 UTC.
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading
There should be an immutable requirement that any alternative format
MUST NOT increase the size by more than a factor of two compared to
ASCII text.
So you're saying you're unalterably opposed to the RFC editor providing
PDF, HTML, epub, mobipocket, and every other format that people actually
use
I'd be willing to deal with an embargo for draft-ietf-*, but don't see at all
why it extends
to other drafts.
We have software. Embargo drafts for WGs that are actually meeting
during the preceding week, leave the others alone.
On 1/27/13 10:07 AM, tglassey wrote:
So... we probably need a IPv6 update for BCP5 (RFC1918), doesnt that
make sense?
My understanding is people have been using ULAs (RFC 4193) for this type
of functionality.
That's certainly one option.
The other is just to apply for some IPv6 address space
Do none of you know what the phrase a modest proposal refers to?
No, but I'm sure that this will be a Great Leap Forward.
Additionally, I can't understand why each line is terminated with
CRLF, why use two characters when one will do.
Microsoft-OS text editors. Seriously.
My, what a bunch of parvenus. SIP got it from SMTP, SMTP got it from
Telnet. Back in the 1960s we all used CRLF because on a
mechanical model
But some people feel we need a more formal specification language
that goes beyond key point compliance or requirements definition,
and some are using 2119 words in that role and like it.
Having read specs like the Algol 68 report and ANSI X3.53-1976, the
PL/I standard that's largely written
Oh, if you were considering a visit to one of the nearby theme parks,
check out their latest hi-tech innovation:
http://www.nytimes.com/2013/01/07/business/media/at-disney-parks-a-bracelet-meant-to-build-loyalty-and-sales.html
yeah, I know, but I gotta say to the IEEE SERIOUSLY?
Apparently the IEEE folks love it, have been there before.
Look at the reviews on Tripadvisor or Google, and for the most part
they're quite positive. We're an odd group, much more price sensitive
than most conventioneers, and way more
So if you don't attend IEEE, quit your whining: at least you won't have
to eat he same hotel food for 2 weeks in a row...
You don't have to eat there. Check out the reviews of this restaurant
across the street:
https://plus.google.com/118141773512616354020/about
Good... but how to get there?
If you plan to do anything more than spend the whole trip at the
meeting hotel, you need a car. Orlando is a cheap rental town, it's
not hard to rent something for $100 total for five days.
Cape Canaveral and Cocoa Beach are only an hour away for people who
think
Is there an IETF standard format for handling inline quote replies?
It's defined in the same RFC that specifies the setting of the
Reply-To: header in mailing lists.
? :-(
No, just hand out copies of this:
http://www.edwardtufte.com/tufte/books_pp
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
Shall we move on?
Sure. Since we agree that there is no way to pay for the extra costs
involved in meeting in places where there are insignificant numbers of
IETF participants, it won't happen, and we're done.
That was simple, wasn't it?
and willing to join IETF mailing lists, why does the
location of the meeting matter?
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
I find this logic circular. There is more participation from Americans
(people from US) so more meetings are held there and so more people
from US attend.
Anyone in the world with an e-mail address can participate in and
contribute to the IETF. I did stuff on mailing lists for years before
I
I don't think that thoes Canada and US participants are paying for
the attendance, but their organisations, ...
In many cases, you are mistaken.
1 - 100 of 371 matches
Mail list logo