On Wed, Aug 27, 2008 at 09:22:40AM -0700, Michael Thomas wrote:
Kevin Oberman wrote:
Date: Tue, 26 Aug 2008 16:53:24 -0400
From: Bill Bogstad [EMAIL PROTECTED]
Not sure what this will actually mean in the long run, but it's at
least worth noting.
Date: Wed, 27 Aug 2008 09:22:40 -0700
From: Michael Thomas [EMAIL PROTECTED]
Kevin Oberman wrote:
Date: Tue, 26 Aug 2008 16:53:24 -0400
From: Bill Bogstad [EMAIL PROTECTED]
Not sure what this will actually mean in the long run, but it's at
least worth noting.
On Wed, 27 Aug 2008 09:53:26 -0700
Kevin Oberman [EMAIL PROTECTED] wrote:
So the question I have is... will operators (ISP, etc) turn on
DNSsec checking? Or a more basic question of whether you even
_could_ turn on checking if you were so inclined?
As far as I can see, at least with
In a message written on Wed, Aug 27, 2008 at 10:14:48AM -0700, David Conrad
wrote:
Note that if you do turn on DNSSEC, you're going to have to make sure
the trust anchors you configure get updated. Trust anchors have a
validity period and if they're not updated before they expire
Steven M. Bellovin wrote:
On Wed, 27 Aug 2008 09:53:26 -0700
Kevin Oberman [EMAIL PROTECTED] wrote:
So the question I have is... will operators (ISP, etc) turn on
DNSsec checking? Or a more basic question of whether you even
_could_ turn on checking if you were so inclined?
As far as I can
Date: Wed, 27 Aug 2008 19:25:03 +0200
From: Jeroen Massar [EMAIL PROTECTED]
Steven M. Bellovin wrote:
On Wed, 27 Aug 2008 09:53:26 -0700
Kevin Oberman [EMAIL PROTECTED] wrote:
So the question I have is... will operators (ISP, etc) turn on
DNSsec checking? Or a more basic question
Kevin Oberman wrote:
[..]
Right. The real questions are the clients and the trust anchor -- what
root key do you support?
A distributed one. I personally don't really see an issue with
downloading a public key for every TLD out there. These keys could come
in a pack even by an OS
Jeroen Massar wrote:
Steven M. Bellovin wrote:
On Wed, 27 Aug 2008 09:53:26 -0700
Kevin Oberman [EMAIL PROTECTED] wrote:
So the question I have is... will operators (ISP, etc) turn on
DNSsec checking? Or a more basic question of whether you even
_could_ turn on checking if you were so
On Aug 27, 2008, at 10:25 AM, Jeroen Massar wrote:
Right. The real questions are the clients and the trust anchor --
what
root key do you support?
A distributed one. I personally don't really see an issue with
downloading a public key for every TLD out there. These keys could
come
in a
Just speaking of the IANA ITAR...
On Aug 27, 2008, at 10:35 AM, Kevin Oberman wrote:
How do you propose to establish the initial trust for these keys?
Current plan:
- The IANA ITAR will be reachable via HTTPS, so you could trust the CA
IANA uses for that website (don't know who that is
On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote:
Of course embedded frobs that don't
auto-update like, oh say, your favorite router could be problematic.
You have a router that supports DNSSEC that can't be made to do some
form of auto-update?
In any case, the point of my first
David Conrad wrote:
On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote:
In any case, the point of my first question was really about the
concern of false positives. Do we really have any idea what will
happen if you hard fail dnssec failures?
As far as I'm aware, there is no 'soft fail' for
Michael,
On Aug 27, 2008, at 5:15 PM, Michael Thomas wrote:
Sure, but my point is that if DNSsec all of a sudden has some
relevance
which is not the case today, any false positives are going to come
into
pretty stark relief.
Yep.
As in, .gov could quite possibly setting themselves
up
Not sure what this will actually mean in the long run, but it's at
least worth noting.
http://www.gcn.com/online/vol1_no1/46987-1.html
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf
Bill Bogstad
Date: Tue, 26 Aug 2008 16:53:24 -0400
From: Bill Bogstad [EMAIL PROTECTED]
Not sure what this will actually mean in the long run, but it's at
least worth noting.
http://www.gcn.com/online/vol1_no1/46987-1.html
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf
It will mean
15 matches
Mail list logo
