Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance
Olafur Gudmundsson <ogud@ogud.com> Mon, 10 May 2021 19:13 UTC
Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C71E23A27C4 for <dnsop@ietfa.amsl.com>; Mon, 10 May 2021 12:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJWuGujnYekz for <dnsop@ietfa.amsl.com>; Mon, 10 May 2021 12:13:16 -0700 (PDT)
Received: from smtp119.ord1d.emailsrvr.com (smtp119.ord1d.emailsrvr.com [184.106.54.119]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88EB23A27BD for <dnsop@ietf.org>; Mon, 10 May 2021 12:13:16 -0700 (PDT)
X-Auth-ID: ogud@ogud.com
Received: by smtp15.relay.ord1d.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 0E13560264; Mon, 10 May 2021 15:13:14 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <814773aa-9d50-1f93-b67-bcad96d96b1b@dotat.at>
Date: Mon, 10 May 2021 15:13:12 -0400
Cc: Benno Overeinder <benno@NLnetLabs.nl>, DNSOP Working Group <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CC689F8-D3F7-4AD4-AC90-3D9B12D4E7B4@ogud.com>
References: <bfaa3ab3-3d96-dcec-a175-5803de03d852@NLnetLabs.nl> <814773aa-9d50-1f93-b67-bcad96d96b1b@dotat.at>
To: Tony Finch <dot@dotat.at>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
X-Classification-ID: 26271bfa-f4ec-4f79-9bd2-cdb2bcf5f2d1-1-1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/L4SnrM1PMNgTHumlpzWAd-0B51k>
Subject: Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 19:13:21 -0000
I guess I support the document but would like it to say “Please do not use NSEC3 but if you have to use NSEC3 use it use these settings” The document should point how trivial it is to expose most names in NSEC3 signed zone using Graphics cards and dictionaries. Olafur > On May 10, 2021, at 1:20 PM, Tony Finch <dot@dotat.at> wrote: > > Benno Overeinder <benno@NLnetLabs.nl> wrote: >> >> https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nsec3-guidance/. > > Yes, this is a helpful document that should be adopted by dnsop. I'm happy > to review etc. > > Tony. > -- > f.anthony.n.finch <dot@dotat.at> https://dotat.at/ > Biscay: Southwest 3 to 5 increasing 5 to 7. Rough, occasionally > moderate in east, becoming very rough in west. Thundery showers. Good, > occasionally poor. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Call for Adoption: draft-hardaker-dnsop-n… Benno Overeinder
- Re: [DNSOP] [Ext] Call for Adoption: draft-hardak… Paul Hoffman
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Daniel Migault
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Vladimír Čunát
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Peter van Dijk
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Olafur Gudmundsson
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Brian Dickson
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Matthijs Mekking
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Roy Arends
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Vladimír Čunát
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Puneet Sood
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Loganaden Velvindron
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Benno Overeinder
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker