Re: [DNSOP] More keys in the DNSKEY RRset at ., and draft-ietf-dnsop-respsize-nn
Doug Barton <dougb@dougbarton.us> Wed, 15 January 2014 00:50 UTC
Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B233D1AE1B0 for <dnsop@ietfa.amsl.com>; Tue, 14 Jan 2014 16:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.54
X-Spam-Level:
X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fs_b5tJPo1Or for <dnsop@ietfa.amsl.com>; Tue, 14 Jan 2014 16:50:44 -0800 (PST)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) by ietfa.amsl.com (Postfix) with ESMTP id 9E15A1ADF47 for <dnsop@ietf.org>; Tue, 14 Jan 2014 16:50:44 -0800 (PST)
Received: from [IPv6:2001:470:d:5e7:6428:3c09:51ac:eee1] (unknown [IPv6:2001:470:d:5e7:6428:3c09:51ac:eee1]) by dougbarton.us (Postfix) with ESMTPSA id 418B722BC4 for <dnsop@ietf.org>; Wed, 15 Jan 2014 00:50:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1389747033; bh=LfX/AVgtTH8fd/3ocQbFIZmWdjSUayl3E64ZTjx20qA=; h=Date:From:To:Subject:References:In-Reply-To; b=Fo5TMXBlPAddzO2lZims6Bc0p8QEFYNblfmCyWkmN+n+clZ7bWja7SViqYCO0mLOg ZTXfMlE+CBYa3OFTtebuIKtSPgjz+TCqCfRVfvZ0f6FUdOMHn+SISehqJK3kcc41n0 Gtd0Jb4AWZdlR/0hsvbOXYnHgn8vHpL23vJsTaZ8=
Message-ID: <52D5DB58.3040103@dougbarton.us>
Date: Tue, 14 Jan 2014 16:50:32 -0800
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: dnsop@ietf.org
References: <20140114172240.GO17198@mx1.yitter.info> <C6EFA413-1FFC-4188-B98A-13C747981FBC@hopcount.ca> <20140114200849.GA17907@mx1.yitter.info> <52D5D9C8.6050902@dougbarton.us>
In-Reply-To: <52D5D9C8.6050902@dougbarton.us>
X-Enigmail-Version: 1.6
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [DNSOP] More keys in the DNSKEY RRset at ., and draft-ietf-dnsop-respsize-nn
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2014 00:50:45 -0000
On 01/14/2014 04:43 PM, Doug Barton wrote: > Other than the DS records (if any) the records associated with a given > TLD (specifically the NS records) in the root are not signed. ... obviously the glue records are not signed either of course. My point was that it's the delegation that some paranoid countries don't want removed, and DNSSEC isn't going to help that. Doug
- [DNSOP] More keys in the DNSKEY RRset at ., and d… Andrew Sullivan
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Joe Abley
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Andrew Sullivan
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… George Michaelson
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Joe Abley
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Paul Hoffman
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Doug Barton
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Doug Barton
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… George Michaelson
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Mark Andrews
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Tony Finch
- Re: [DNSOP] More keys in the DNSKEY RRset at ., a… Tony Finch