donttellmypeers
No user record in our sample, but donttellmypeers has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but donttellmypeers has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
> they wouldn't have done NSEC3 Anecdotally, NSEC3 was known at its inception to be insufficient but done anyway to hush privacy advocates.
> But when you get the records, you don't get the signatures; you just get a single bit in the header that says "I pinky swear that I checked the signatures". Clients absolutely do get RRSIGs (and relevant NSEC/NSEC3)…
Well it looks like they are in this instance and neither they nor you have done anything to suggest otherwise. TLS and WebPKI have great usability for webservers but non-webservers cannot even approach being as smooth…
Generally services not found directly at A/AAAA records for a name are found via another record that contains a hostname (HTTPS/SVCB, SRV, etc) at a leaf node below the name. So `_xmpps-server._tcp.example.net` might…
I don't know how to put this in a more palatable way but you're looking at the world from the confines of a webdevs point of view. Can you really not imagine that there's any other protocol on the internet than HTTP?…
> What you ultimately want is to make sure you're communicating with the correct other party. And the way to achieve this is TLS with certificates, validated via the WebPKI. That really only works well for web servers.…
It's pretty easy to say what people back in the 90s should have been working on in retrospect. The zeitgeist around privacy only really changed in the late 2000s if I recall. Shortly afterward DNSCurve appeared and…
That's an answer to a different question. I asked if they let you put a DNSKEY RR in the RRset they serve. (To be clear: I'm not asking if they will import private keys and sign with them or anything like that, just if…
Does Route53 let you manage the DNSKEY RRset (so you can add a DNSKEY to the set yourself) or do they have some sort of facade you have to interact with instead?
Is that a dig at the DoH crowd? My comment wasn't suggesting a HTTP background is necessary for someone to help move the DNS ecosystem forward.
> If dnssec usage was wide spread we might reach some decent maturity with the tools and protocols, but I can't see that happening any time soon. DNSSEC's lack of maturity is a symptom of DNS itself not having a healthy…