Description:
DNS standards activities, including IETF. (Moderated)
|
|
|
DNSKEY / multiprecision number format?
|
| |
[ Note: Post was moderated. ] I'm wondering how the exponent and modulus are stored in a DNSKEY record for RSASHA1. RFC3110 just makes some vague references to where things go, but does not define their precise format: exponent length 1 or 3 octets (see text) exponent as specified by length field... more »
|
|
|
draft-ietf-dnsext-dnssec-rsash a256-05
|
| |
... signature = ( 00 | 01 | FF* | 00 | prefix | hash ) ** e (mod n) => this is the standard PKCS 1 v1.5 padding so why not get the right text from it? b) we should request the *minimum* number of 'FF's fulfilling the condition. => with the "equals" we no more need minimum (or maximum).... more »
|
|
|
a note on the discussion about DNSCurve and DNSSEC
|
| |
Thank you Roy, for your excellent message. WG: the chairs think this is an excellent path to follow. The chairs encourage the creators of DNScurve to bring any documentation or requirements to the working group for either formal or informal discussion. Olafur & Andrew
|
|
|
Mailing list change
|
| |
We have added the text "[dnsext]" to be inserted into the subject line. This is to clearly identify that this mailing list is the discussion list for DNSEXT working group in the IETF. Thus it adheres to the IETF terms and conditions for mailing lists. [link] =D3lafur
|
|
|
Time-line for forgery resilience phase #2
|
| |
The WG has had 2 months to learn about the issues and kick ideas around. At this point the discussion has reach the point of diminishing returns. The discussion needs to become more focused! The chairs propose following plan to make progress: 0. Discussion on namedroppers on ideas without drafts comes to an end.... more »
|
|
|
Some notes on DNSCurve
|
| |
On Wed, Sep 03, 2008 at 08:58:38PM -0500, Jon A. Solworth <solwo...@rites.uic.edu> wrote a message of 63 lines which said: ...There are several reasons: 1) djb did not take the trouble to publish anything looking like a specification (even with a very broad definition of "specification"). 2) djb is well known for some good ideas and a complete lack of human... more »
|
|
|
The Birthday Defense
|
| |
On Tue, Sep 02, 2008 at 12:48:46PM +0100, George Barwood <george.barw...@blueyonder.co. uk> wrote a message of 53 lines which said: ...Several have already been mentioned on that list. gov.fr a-dns.pl _nicname._tcp.de
|
|
|
DJB about NSEC3
|
| |
DJB writes: DNSSEC reduces existing confidentiality by publishing the complete list of "secured" DNS records. This publication is integrated into the DNSSEC protocol; it is independent of classic "zone transfers" and cannot be disabled by administrators. The "NSEC3" variant of DNSSEC attempts to... more »
|
|
|
deprecating dangerous bit patterns and non-TC non-AXFR
|
| |
...It seems to me that we have the classic problem of responses written for servers based on certain conditions leaving the clients to try and figure out what that response really meant. What is really needed is a document that says the response X will happen under the following list of circumstances, and response Y will happen under these other... more »
|
|
|
