[dd] FYI, my drafts for discussion uploaded, was Re: Re: A generalised delegation extension mechanism
Paul Wouters <paul@nohats.ca> Wed, 22 May 2024 15:36 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dd@ietfa.amsl.com
Delivered-To: dd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04462C1D4A81 for <dd@ietfa.amsl.com>; Wed, 22 May 2024 08:36:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.43
X-Spam-Level:
X-Spam-Status: No, score=-1.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBU7GSK-g118 for <dd@ietfa.amsl.com>; Wed, 22 May 2024 08:36:43 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9633CC14F69B for <dd@ietf.org>; Wed, 22 May 2024 08:36:43 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4VkwQK2BFFz72s; Wed, 22 May 2024 17:36:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1716392201; bh=19KnogU5ohl/5WVbcQ0ADJAwb4avy89PkuRPh5pOyTU=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ji1ebRINBakL7fiH/HkI9+jjnSNtezBB9BNNodUKH0bRm4+r03SJ2DxXXkVVBOzcr k5GqPAiNqqL799vruC7LwZeCoFJknDbddUNVyL1BDB1dbfK/sTulgDIYRg2S+ngjyi ripxGrSLNtjoAWSnLxlWNW13jsiXJurHOkwugY1Y=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id NuR8R8biLtri; Wed, 22 May 2024 17:36:40 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 22 May 2024 17:36:39 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id E74BA11FEBFC; Wed, 22 May 2024 11:36:38 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id E62BA11FEBFB; Wed, 22 May 2024 11:36:38 -0400 (EDT)
Date: Wed, 22 May 2024 11:36:38 -0400
From: Paul Wouters <paul@nohats.ca>
To: Roy Arends <roy@dnss.ec>
In-Reply-To: <45920ADE-9790-40ED-9D06-6415B54980F5@dnss.ec>
Message-ID: <7162997f-3240-2905-82f1-6fb5c150bd5c@nohats.ca>
References: <788F5802-B7BB-4C18-A274-9A6BE2C23E30@dnss.ec> <45920ADE-9790-40ED-9D06-6415B54980F5@dnss.ec>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 2ZQB5HL4UYJBL7APUBDXWSI5UCWUSB3W
X-Message-ID-Hash: 2ZQB5HL4UYJBL7APUBDXWSI5UCWUSB3W
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dd@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [dd] FYI, my drafts for discussion uploaded, was Re: Re: A generalised delegation extension mechanism
List-Id: DNS Delegation <dd.ietf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dd>
List-Help: <mailto:dd-request@ietf.org?subject=help>
List-Owner: <mailto:dd-owner@ietf.org>
List-Post: <mailto:dd@ietf.org>
List-Subscribe: <mailto:dd-join@ietf.org>
List-Unsubscribe: <mailto:dd-leave@ietf.org>
On Wed, 22 May 2024, Roy Arends wrote: > The secure signal (a dedicated DNSKEY or DS type) by which resolvers expect proof of non-existent types at delegations (as we have for DS records) should not just be tied to DELEG, but should be used in all new delegation type responses. > > The document that describes this should be separate and independent of the DELEG type description. I agree, and since: >> The following is based on [1] by Petr Spacek and Peter van Dijk and conversations with Paul Wouters and Ben Schwartz (This namedropping should not be seen as endorsements for the following, but merely credit where credit is due). >> Future "parent side only” record types should not require a new signalling mechanism. (Paul Wouters insight, and I agree) I had written two drafts, after I gave a presentation at the DNSOP interim, which I had shared with some people but didn't feel ready to submit yet, but I think it would be good purely to facilitate discussion, so I just uploaded them: https://datatracker.ietf.org/doc/draft-pwouters-parental-rrtype/ (I didn't know about draft-peetterr-dnsop-parent-side-auth-types-00, my drafts adds a lot more proposal than just the scaffolding offered in the other document though) https://datatracker.ietf.org/doc/draft-pwouters-ds-uplifting/ (this draft defines an "alias DS" and a "meta-parental-rrtype-in-ds") What I was pondering about still is that while this is the technical sound way of doing things, is whether the ship already sailed and we might as well try do just do one super generic DS-overload-DELEG style record. Paul
- [dd] A generalised delegation extension mechanism Roy Arends
- [dd] Re: A generalised delegation extension mecha… Roy Arends
- [dd] Re: A generalised delegation extension mecha… Peter Thomassen
- [dd] FYI, my drafts for discussion uploaded, was … Paul Wouters
- [dd] Re: FYI, my drafts for discussion uploaded, … Peter Thomassen