[dnsext] Asking for review on this errata by DNSSEC experts Re: [Errata Verified] RFC4035 (5226)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sat, 05 August 2023 07:12 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA372C15152E; Sat, 5 Aug 2023 00:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.905
X-Spam-Level:
X-Spam-Status: No, score=-11.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="JvcM8SQe"; dkim=pass (1024-bit key) header.d=cisco.com header.b="hJfwgYLm"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6F8jns7mLzQM; Sat, 5 Aug 2023 00:12:03 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E8DEC151548; Sat, 5 Aug 2023 00:11:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4270; q=dns/txt; s=iport; t=1691219481; x=1692429081; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=iwBP/4DBVkxWVBNIN8z3zirvnPHRAnnUChFpeTAEx9c=; b=JvcM8SQe9MGGePG9FQLuoKQTmix419WmAZTbVSFSzDixjFwxtmqB4/jj DktTk1Us1c3WTnAVgELomkzx9MGiE/gr+vZABb9UXBptJd8QlOKupgEik nrFKCM1qlcjBUiA5yh7ECE+2jWHl5Leobx7wlxrMvnzpHA7r8ShI6K4V3 I=;
X-IPAS-Result: A0ADAAC49M1kmJFdJa1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQCWBFgUBAQEBCwGBYCoocwJZKhJHhFGDTAOETl+IX518gSUDQhQPAQEBDQEBLgsLBAEBhEBGGIY3AiU0CQ4BAgICAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhgQBAQEBAgIBEBERDAEBKQMLAQQNASACAiMDAgQlCxQBEgQBDQUiglwBgjkjAwEQoE4BgUACiiZ6gTKBAYIJAQEGBAWybAMGgRUtAYgAAYFMg2GETScbgUlEgRUnDBCCN2+BBYFdAQGBSC0Cg0Q5gi6KAIVNBQIygjWKOQohgQgIXoFuPQINVQsLY4EXUjmBPQICEToPBQVLcxsDBwOBBRAvBwQvBx0GCRcvJQZRBy0kCRMVQASDTgqBBT8VDhGCUCICBzY4G0uCagkVDDUENxV6EC4EFBhtKARyHxoePRESGQ0DCHwdAjM8AwUDBDgKFQ0LIQYVQgMZKx1AAwtwPRQhBg4bBiUfAieeDgNygnA6UxRHPQd0GTIKklWDE0eLO6ErgS0KhAsFoRkEL6JDhjZimCkgomQshGkCBAIEBQIOAQEGgWM6gVtwFRohKgGCPFIZD44gFwIecQEIgkOFFIpldgI5AgEGAQoBAQMJi0gBAQ
IronPort-PHdr: A9a23:nZlSDBwAjbawwJ7XCzMSngc9DxPP853uNQITr50/hK0LLuKo/o/pO wrU4vA+xFPKXICO8/tfkKKWqKHvX2Uc/IyM+G4Pap1CVhIJyI0WkgUsDdTDCBjTJ//xZCt8F 8NHBxd+53/uCUFOA47lYkHK5Hi77DocABL6YAdrN+L+GYP6hMWs3Of08JrWME1EgTOnauZqJ Q6t5UXJ49ALiJFrLLowzBaBrnpTLuJRw24pbV7GlBfn7cD295lmmxk=
IronPort-Data: A9a23:3CwMvq+fwp8aQi90uCqhDrUD8n6TJUtcMsCJ2f8bNWPcYEJGY0x3n 2AdWm3Tb/yKYWLye98na4vg9hkOv5bUm4IwGVdu+CtEQiMRo6IpJzg2wmQcns+2BpeeJK6yx 5xGMrEsFOhtEjmE4E3F3oHJ9RGQ74nQLlbHILCCYnkZqTNMEn970kozw7Nh2OaEvPDga++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFJZH4rHpxdGlOjKmVi8kFWc M6YpF2x1juxEx7AkbpJmJ6jGqEBaua60QRjFhO6VoD66iWuqBDe3Y4BMPo4Lk1oqwy1kvJNk 89B7a2JZCM2a/ikdOQ1C3G0EglkNqFAvbTAO3X64IqYzlbNdD3nxPAG4EMeZNJDvL0oRzAVs 6VEdVjhbTjb7w6y6L+lW+9nhckLJ8jwN4RZsXZlpd3cJad+Hc+dGv+RjTNe9DEypslUXufjX egAdCUzd03DZ0NSfX5CXfrSm8/x1iWgLFW0smm9qaws7njP5A18zLarN8DaEvSGQ95Zn1ywp 2/a8SL+GB5yCTCE4SCO/nTpjejVkGaqHokTD7a/sPVthTV/21D/FjUsUVuf5vOGqneCVvBjc FYYohsXgIwtoRnDosbGYzW0p3uNvxg5UtVWEvEn5Azl9kYyy1vHboTjZmMfAOHKpPPaVhRxi QDUx4KB6ShH9ezKGSjEp994uBvrYXBNRVLucxPoWufs3jUOiJs4ghSKRdF5HevkyNb0Ajr3h TuNqUDSZon/b+ZVjM1XHnie01pAQ6QlqCZpv207uUr5tmtEiHaNPdDA1LQixa8owHylZleAp mMYvMOV8foDC5qA/ATUHrRURe7yt63ebW2N6bKKI3XH32r1k5JEVd4IiAyS2G8yWir5UWazO RSK6V85CGF7bCb6BUOIX25BI516kfe/fTgUfvvVddFJKoNgbxOK+ToGWKJj9z6FraTYqolmY c3zWZ/1VR4yUP07pBLoHL11+eFwmUgDKZb7GMqTI+KPi+TOPRZ4iN4tbTOzUwzOxPnc8FWIr YkHbpriJtc2eLSWXxQ7OLU7dDgiBXM6Hpvx7cdQc4a+zsBOQgnN19e5LWsdRrFY
IronPort-HdrOrdr: A9a23:p0d0FKw1NPszbXTikAy9KrPxhuskLtp133Aq2lEZdPULSK2lfp GV8sjziyWatN9IYgBcpTnhAsO9qXO1z+8T3WGIVY3SETUOy1HYUL2KirGSjwEIeheOvNK1sJ 0BT0EQMqyKMbEXt7ee3ODaKadu/DDkytHTuQ629R4EJm0aCNAD0+4TMHf8LqQCfng/OXNPLu vk2iMonUvFRZ0QVKmGL0hAe9KGi8zAlZrgbxJDLQUg8hOygTSh76O/OwSE3z8FOgk/gIsKwC zgqUjU96+ju/a0xlv3zGnI9albn9Pn159qGNGMsM4IMT/h4zzYJLiJGofy/wzdktvfrWrCo+ O85yvI+P4DrE85S1vF4ycFHTOQlgrGpUWSkGNwykGT3vARDAhKdfapw7gpPCcwLyEbzYpBOG Uh5RPAi3IcZymw7RjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklWavoMRiKn7zPKt Meev309bJTaxeXfnrZtm5gzJilWWkyBA6PRgwHttaO2zZbkXhlxw9ArfZv1Uso5dY4Ud1J9u 7EOqNnmPVHSdIXd7t0AKMETdGsAmLATBrQOCaZIEjhFqsAJ3XRwqSHqIkd9aWvYtgF3ZEykJ POXBdRsnMzYVvnDYmU0JhC4nn2MRGAtPTWu7RjDrRCy8/BreDQQF2+oXgV4ridn8k=
X-Talos-CUID: 9a23:QJZx9W1n/g709zoCE6pm/LxfIMQlVjrX81fpH0KaNT1zROWkcHK05/Yx
X-Talos-MUID: 9a23:if0EGQUhnHX0cC/q/DnupDh4d9ZV2Ya3FV9RiswFv5eZcgUlbg==
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-8.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2023 07:11:20 +0000
Received: from rcdn-opgw-4.cisco.com (rcdn-opgw-4.cisco.com [72.163.7.165]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 3757BIVH021531 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 5 Aug 2023 07:11:19 GMT
Authentication-Results: rcdn-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.01,257,1684800000"; d="scan'208";a="5126320"
Received: from mail-mw2nam12lp2048.outbound.protection.outlook.com (HELO NAM12-MW2-obe.outbound.protection.outlook.com) ([104.47.66.48]) by rcdn-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2023 07:11:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nGvYemZkXIP9pYbkKzNH80DZ2Wi1k5zHLOEupAkvx5vVdVf5joAob/3I9WvvhJjkbLn1B/zthGjufge5bN5zfXBviLe0OH50peuN0ejXGG/ngQ3SabPOt/L2nHK1YC+97vfS9kLUja1KlFjvKXuRYekNFIBe5921hzOk3X/6sBj7cBpHA6nbS5SGzVTlkUcB4Wdrk0u3DQ8pc+Od2GmxNCQoRaBRI1RYrd3UD9dm7wMDIJj91xIR7oCOm+QIvp2tYvp4fb9iloiPjKkBk+Q9xvckL5s1JOVVxf6MPVXewJvwoOD9o3j0eLD7cA/MrYpWe0xGxQIiWdNYCB0Mk3kHCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iwBP/4DBVkxWVBNIN8z3zirvnPHRAnnUChFpeTAEx9c=; b=XUHi4UrUDrVDWmIVEd5fRfGS+qF6fo8VYSCv7Dg9hlYUeQ7oROX2uNZUEffA3r71Livgm7SR3ar4LsOEBizjyTG32r2GrVNoKHwLoSbsvCg0Wm1AFYL7fyIS/W0kBduJAmxhId3HTk4nBaB+D6liBuvEssbaS8o6r+0uSzlXiq+TkRgSIx/LBYG31ICqxAph9YtUkArRm5u6keNCYVbz5duOxhS8nmKEDwXQ/tJGyt+0EfoV6JOb0/zZmLrOJ2P6ffA5BVIdpL7Y+a4oEpd9d67fghMVytAw8RvT6H2QA/LAHdz/evhYe8uEhrKtqZzetaBR8JKtRhWqBcyf0H848A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iwBP/4DBVkxWVBNIN8z3zirvnPHRAnnUChFpeTAEx9c=; b=hJfwgYLmEnWmNeNywgvVmAzVUlof35YFEE96fnZSpMhUTPKf8Ph1JUiyJV3KoJx1g+7Wi3DBGcd2Z6gO52SVo8IN7iVVLv5ehWNvcHg1LOPeKNZj7cI7WZF1Y8Xa+m4whNIPHuy2Y4ytA34Bd8c+helehsfJ4/rASopA0+SgMoI=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by SA1PR11MB7697.namprd11.prod.outlook.com (2603:10b6:806:33a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.47; Sat, 5 Aug 2023 07:11:15 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dc05:918:8bd8:b07a]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::dc05:918:8bd8:b07a%6]) with mapi id 15.20.6652.021; Sat, 5 Aug 2023 07:11:15 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Mark Andrews <marka@isc.org>, RFC Errata System <rfc-editor@rfc-editor.org>, "dnsdir@ietf.org" <dnsdir@ietf.org>
CC: "peter.van.dijk@powerdns.com" <peter.van.dijk@powerdns.com>, "roy.arends@telin.nl" <roy.arends@telin.nl>, "sra@isc.org" <sra@isc.org>, "mlarson@verisign.com" <mlarson@verisign.com>, "massey@cs.colostate.edu" <massey@cs.colostate.edu>, "scott.rose@nist.gov" <scott.rose@nist.gov>, "dnsext@ietf.org" <dnsext@ietf.org>
Thread-Topic: Asking for review on this errata by DNSSEC experts Re: [dnsext] [Errata Verified] RFC4035 (5226)
Thread-Index: AQHZx2wFafq9vew+ik2SxMzOtb0mKw==
Date: Sat, 05 Aug 2023 07:11:15 +0000
Message-ID: <1B5D0B11-9930-4D7B-ABC5-0AEDA3A4553F@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.75.23072301
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|SA1PR11MB7697:EE_
x-ms-office365-filtering-correlation-id: 47397273-0ebe-4e0e-edd9-08db95832870
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gs9rb05xkjr5FaQ6vdTbemo7eOY43NP2ixPaqdWFLILBrqAt2Ct1tJ6dpfLCOxmlJEWZrquVcf+WiIkQ/AJxU/rxtu4xLYHSA9P5Un9pHng7c0dLT2qh0vvtHODNt7Tav9SMAewGVbILtbApMmL5vC+RkzlYw1SbHKFa2Dt3c+NnjMWRrh4xOb9HoGwdi+LHrEWAU2rBG/dm0aHtkwxAW4L1z4Ay3LG8N4RXN/VvKWpdegCo6lMi57AHOSwtQNOkEnUdxNYM6mvzu1FqdgpQWwbLsguDiRX9p0wRWwTZ+FHp0ieo+hSnoZ7Tszv/uYNlw/jGAPA6JhRXaqfDHtKy5PjT2vcN89cuYOdxAWqPs6wKd4O6w7j3Zb8Oq9oUGYLRptcEX4Yz8hm7sFPf6mHFi4PFQkfdwLTs19uhbZ8yXpDrIaV53qsarRPbPeVrVKZq1TUqGTPA0CRZvILlWs+SS8LR1WS7Rvc/+GuqVUw0nbqYm7zhmtZ+C7A7A0vN1EdHL9Ty7Fc2z85pWfyZpt+HWn/3Vax63jsfh4M31AwE5FJWvK/fI8+tW4p97cwRLt6jmdGIa+qSmVev276WmbGPG/LlN/oJI9aWpk3zFxy/Mf7DrYGYO43Ny2iqcRv74UsCnKYgyDhktYpSgaasp3sx1fcXcTbUVf3IvSfn7/ehhEtwM4QON/urO/xJLLyJ2HX6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(376002)(346002)(39860400002)(396003)(366004)(1800799003)(186006)(451199021)(15650500001)(41300700001)(6486002)(966005)(6512007)(71200400001)(122000001)(38100700002)(66574015)(83380400001)(6506007)(2616005)(53546011)(316002)(110136005)(54906003)(33656002)(38070700005)(86362001)(478600001)(2906002)(66446008)(66476007)(91956017)(66556008)(4326008)(36756003)(76116006)(66946007)(64756008)(7416002)(8676002)(8936002)(5660300002)(66899021)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: i7FqocQ6vWJDA3B8AahGx0Edfjr2EjvCmfmAgin/zxJRL259rrEaGnuKKqDZX34L7ChgmD0kwShd1o05zUPbc8drswco7rUjnmcCO06Mj4fj4iL+KIKjP+dfrMHaAAVgT8TDQ+P12qRbwyhdVzoDwDSluwsZZ85LgIHr01JDUhFZGm+jCRXcUh48Bp1PWrqi1k4iQoOtE4Sr0edkH+/pdQ5WF/+kKYS6hkEZR6P/rZ/iHQeq0nbAHRoXsQ4dEk4FYcRW9SKeF4n8EDOg5lH7Hf9/KVBmfAMzWZ+TXc8B1XqwuLcfVHDR+zU/8rlvINR0crGiZRkulhvRuKUhpqFW1wCCWR8NWnAbDAEXPfYXGOub6Q4L/zSXAzELT7IkB2nSjpsTytwjUab2SYy98/PwV76gdEbxq7XBJkWUMNu10yMZvDkEj2d1lADR3+ASbhcbhu2D08aQ2sbaFoTt3+AzE/D4EjFCGk7RM+MWLraCKy/HZs/6RR/E5m/zyKFe208tHsgULUaQK8PU0deYDPr0dTlFG7fb97JbjM/5T0J6UM+QEzCAzE/Au5ZHv/nVlOl+rMMyP0bLwAqaXOcJTywvsGdL2OpF+6LyCYUTfTyhCnn42ZVjCdLEZixjpe6tpi2rp0/cfPEMT40wiZHY2Xu4OW/hHoI+7NPJSfaNTIQ9UJ/mz3d/k3GNU5kg9F/C/dhL66hN8K9IIOTgi2jv/TsG7IEOV0kxVw5r+YpYOrJHbQhXWj9dDdIEBiheavpegVS1qN7YGHQ3lH3t+pDIP3dblh9yft5wEEkO0UiCdpz/IG9OdGvz0W3BkP+a+oMLlfa5ODTscx0hbmBIJHeCG90QcnDyO/SaCTwijdYYnG7W3oZkwsxIDAaEhUuGcs6313zBtDy2Tf7iKjsjzqgtCXt85DXx9r4Fddcx0VL6sSJtYKS0sRirCALZgn+nM2r0P5Gx1F/Q+MMZLjSg0ZNt6ReDP5iEZKPEff6ipQdpsSfnPWSVxUQGbXaeH2dyqzzZeMKL78wtIOwz+3ETKbuGzNMqxoc0uuA+t9K0hZZItOK+Unisoj7QC1XaoLUnwJGw2klg+158vpoGoHsFqg3MYVp158Ue5asGc/MvCvqPMR3JSF6UFCDZoYn/Bz3e+ozzLYHGHatxzvjwbTMMSFN56qzDG1RfOpINDVwqYvFIc0FvRongAnS4gN/SMbzEkvUQiX4MkhZl0nMZcRYcMRCCpaXuzu6ekkywa793+15xKantHoca+4Hwx79cMtdTAd4lhBzHBRfoMq7052hCEGbOBOfMDrOIuv1Hx/JUFKXkCG0t6VYOJu1HJr+e/MeZCZ+xl05eJCMNDImqt8aekS+TTe9qHxZDyZlSP8+Q3gsmj6SA3F9vP2EY9UYKBrwRxpyvxfEw8ViCUHgBIkb3wk6ONhrpqdftWvtdbThWV3x5B2DUe4JVnZkQpxQXLEYYmFg4E8wHPY7Blfor99djrXwmaB+kLlQUc5Po8mOL9LMFA1P8yWVg9gSdlgMJZFh5g7Grxm96xchvOXSiMMZpPxZmhqwvS2V3v0We6gX4h4lbkftRVJxPJbr1x1nyaaz2kkymIRXO87b8Sck+EuseuWdw/He3lTPhVts+7ly1Di50fb54BCNhHPfZEyjz9TUmG7lpmZZS
Content-Type: text/plain; charset="utf-8"
Content-ID: <12402D6F3C1905439E867CBFF731D37E@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 47397273-0ebe-4e0e-edd9-08db95832870
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2023 07:11:15.4284 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IfZed3ItgYZcINzmhfYlgICJQxFFoiOUhYr3uiB6kYEVG/V5qFuWpRzaqL/u2y4K/Trs9JiLT3B0dSjbqJgNpw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB7697
X-Outbound-SMTP-Client: 72.163.7.165, rcdn-opgw-4.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/1bPTww2CumoUmQlnpNPtjuxiSNg>
X-Mailman-Approved-At: Mon, 07 Aug 2023 11:03:16 -0700
Subject: [dnsext] Asking for review on this errata by DNSSEC experts Re: [Errata Verified] RFC4035 (5226)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2023 07:12:07 -0000

Mark, thanks for your review. Happy to correct the errata after verification.

What is the view of the DNS directorate members on this errata (see below or at https://www.rfc-editor.org/errata/eid5226) ? I.e., I would appreciate a quick look by several DNS directorate members + original authors.

Thanks, in advance.

-éric


On 05/08/2023, 03:46, "Mark Andrews" <marka@isc.org <mailto:marka@isc.org>> wrote:


This is incorrect. DNSSEC aware resolvers make NS queries to determine the parent nameservers. Non DNSSEC resolvers accept the response from the child zone. 


-- 
Mark Andrews


> On 5 Aug 2023, at 01:52, RFC Errata System <rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>> wrote:
> 
> The following errata report has been verified for RFC4035,
> "Protocol Modifications for the DNS Security Extensions". 
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid5226 <https://www.rfc-editor.org/errata/eid5226>
> 
> --------------------------------------
> Status: Verified
> Type: Technical
> 
> Reported by: Peter van Dijk <peter.van.dijk@powerdns.com <mailto:peter.van.dijk@powerdns.com>>
> Date Reported: 2018-01-04
> Verified by: Eric Vyncke (IESG)
> 
> Section: 3.1.4.1
> 
> Original Text
> -------------
> The need for special processing by a security-aware name server only
> arises when all the following conditions are met:
> 
> o The name server has received a query for the DS RRset at a zone
> cut.
> 
> o The name server is authoritative for the child zone.
> 
> o The name server is not authoritative for the parent zone.
> 
> o The name server does not offer recursion.
> 
> Corrected Text
> --------------
> The need for special processing by a security-aware name server only
> arises when all the following conditions are met:
> 
> o The name server has received a query for the DS RRset at a zone
> cut.
> 
> o The name server is authoritative for the child zone.
> 
> o The name server is not authoritative for any zone above the
> child's apex.
> 
> o The name server does not offer recursion.
> 
> Notes
> -----
> The original text is ambiguous in the face of an authoritative server having zones C.B.A. and A. but not B.A., and could cause DS queries for C to return a NODATA at C's apex, instead of the desired referral to B. which would allow resolution to continue correctly.
> 
> --------------------------------------
> RFC4035 (draft-ietf-dnsext-dnssec-protocol-09)
> --------------------------------------
> Title : Protocol Modifications for the DNS Security Extensions
> Publication Date : March 2005
> Author(s) : R. Arends, R. Austein, M. Larson, D. Massey, S. Rose
> Category : PROPOSED STANDARD
> Source : DNS Extensions
> Area : Internet
> Stream : IETF
> Verifying Party : IESG
> 
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org <mailto:dnsext@ietf.org>
> https://www.ietf.org/mailman/listinfo/dnsext <https://www.ietf.org/mailman/listinfo/dnsext>