fsebugoutzone.org:9999

       Post B4R4eCAjf1ElPHov8C by paul_ipv6@infosec.exchange
 (DIR) More posts by paul_ipv6@infosec.exchange
 (DIR) Post #B4Qoem0SpZoLHKGmDw by bortzmeyer@mastodon.gougere.fr
       2026-03-20T00:11:27Z
       
       0 likes, 0 repeats
       
       Good morning, Shenzhen:! Seventh and last day of #IETF125 https://www.ietf.org/meeting/125/Today, we are going to break/save/restore the #DNS with the new delegation system, DELEG. Also, security area general meeting.
       
 (DIR) Post #B4QtZcNJiE8ljKJtp2 by bortzmeyer@mastodon.gougere.fr
       2026-03-20T01:06:33Z
       
       0 likes, 0 repeats
       
       DELEG working group (changing completely the #DNS delegation). Last big issue: how should a new server reply to an old client, when the server has only DELEG records and no NS records?#IETF125
       
 (DIR) Post #B4QtmySEvu3ryMzWS0 by bortzmeyer@mastodon.gougere.fr
       2026-03-20T01:08:58Z
       
       0 likes, 0 repeats
       
       Doing some painting at #IETF125
       
 (DIR) Post #B4QviXkIUeBFt3S7HM by bortzmeyer@mastodon.gougere.fr
       2026-03-20T01:30:34Z
       
       0 likes, 0 repeats
       
       So, when an old resolver (not knowing DELEG) queries a new server for a domain which has only DELEG (and no NS records), what the answer should be? NXDOMAIN? SERVFAIL? Synthesis of some NS? #DNS #IETF125
       
 (DIR) Post #B4R4eCAjf1ElPHov8C by paul_ipv6@infosec.exchange
       2026-03-20T02:03:13Z
       
       0 likes, 0 repeats
       
       @bortzmeyer if we&#39;re going to continue to allow older code to still work (i suspect there are still bind4 servers somewhere still answering queries), synthesizing NS seems the least icky way forward.
       
 (DIR) Post #B4R4eDIDUgocsmKPQm by bortzmeyer@mastodon.gougere.fr
       2026-03-20T03:10:38Z
       
       0 likes, 0 repeats
       
       @paul_ipv6 But it is not always possible (for instance DELEGing to servers on non-53 ports).
       
 (DIR) Post #B4R74DSjgZ7wqWm7zU by bortzmeyer@mastodon.gougere.fr
       2026-03-20T03:37:43Z
       
       0 likes, 0 repeats
       
       Now, SAAG meeting (Security Area Open Meeting, basically examining possible future security work).There are many IETF working groups in the Security Area... #IETF125
       
 (DIR) Post #B4R7PWGKyz7nEc8NZA by bortzmeyer@mastodon.gougere.fr
       2026-03-20T03:41:36Z
       
       0 likes, 0 repeats
       
       Among the funny questions: at what point will ML-DSA and ML-KEM no longer regarded &quot;Post-Quantum Cryptography&quot; but just plain &quot;Cryptography&quot;? Before or after IPv6 world domination?#IETF125
       
 (DIR) Post #B4R8nmtws4Uvk9nWnQ by bortzmeyer@mastodon.gougere.fr
       2026-03-20T03:57:12Z
       
       0 likes, 0 repeats
       
       A proposal to run #BGP over #TLS. Obvious issue: we don&#39;t want to use the classical PKI (because it would create a chicken-and-egg problem for IP).A BGP-specific PKI, with short-lived certificates including the AS number of the BGP speaker and new introducers. (Not using the RPKI.)#IETF125
       
 (DIR) Post #B4RA4UGfVGgipUx45I by bortzmeyer@mastodon.gougere.fr
       2026-03-20T04:11:25Z
       
       0 likes, 0 repeats
       
       A talk about the new chinese commercial cryptographic algorithms program at #IETF125 (ping @shaft &quot;commercial&quot; as in &quot;no State secrets&quot;Current algorithms are ZUC, SM2, SM3, SM4, SM9... (All of them ISO standards.) https://en.wikipedia.org/wiki/ZUC_stream_cipher https://en.wikipedia.org/wiki/SM9_(cryptography_standard)Some are in IANA registries (for instance for TLS) See RFC 8998Now asking for post-quantum alternatives. (Formal announcement one year ago.) https://niccs.org.cn/niccs/index.html You can still submit a poposal!
       
 (DIR) Post #B4RAOjDXdAsyzE8mwq by bortzmeyer@mastodon.gougere.fr
       2026-03-20T04:15:05Z
       
       0 likes, 0 repeats
       
       An interesting point is that the chinese challenge is open internationaly. Foreigners are encouraged to apply. (Unlike what Russia did for GOST.)Apparently (but the speaker refused to answer) the proposal has to be new. Do not submit ML-KEM.#IETF125
       
 (DIR) Post #B4RBO8H35MkCMY3qSW by bortzmeyer@mastodon.gougere.fr
       2026-03-20T04:26:08Z
       
       0 likes, 0 repeats
       
       Now, a bit of SciFi: securing communications in space (related to working groups like tiptop or dtn).Prevent the aliens from modifying packets?Not obvious to do with asynchronous communications (common in space).#IETF125
       
 (DIR) Post #B4RBtaHV0NlCCdGjtA by bortzmeyer@mastodon.gougere.fr
       2026-03-20T04:31:51Z
       
       0 likes, 0 repeats
       
       #IETF125For once, there was no cats on the slides:
       
 (DIR) Post #B4RUyQwd2nczp4X6aO by shaft@piaille.fr
       2026-03-20T07:54:41Z
       
       0 likes, 1 repeats
       
       @bortzmeyer OpenSSL 4.0 will support RFC 8998: signature algorithm sm2sig_sm3, key exchange group curveSM2, and (non part of the RFC) post-quantum group curveSM2MLKEM768
       
 (DIR) Post #B4RhR79SuanqHeync8 by camille@mastodon.libre-entreprise.com
       2026-03-20T10:25:11Z
       
       0 likes, 0 repeats
       
       @bortzmeyer why not using SCIOṄ instead ?
       
 (DIR) Post #B4Ri1aT9O4zndSZwhc by bortzmeyer@mastodon.gougere.fr
       2026-03-20T10:31:21Z
       
       0 likes, 0 repeats
       
       @camille They have the best marketing, sure.