Re: [dnsext] [Editorial Errata Reported] RFC6672 (5297)
"Rose, Scott" <scott.rose@nist.gov> Fri, 23 March 2018 17:50 UTC
Return-Path: <scott.rose@nist.gov>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9008112DA12 for <dnsext@ietfa.amsl.com>; Fri, 23 Mar 2018 10:50:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6GXIH5damk1 for <dnsext@ietfa.amsl.com>; Fri, 23 Mar 2018 10:49:58 -0700 (PDT)
Received: from wsget2.nist.gov (wsget2.nist.gov [IPv6:2610:20:6005:13::151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BFFD124B17 for <dnsext@ietf.org>; Fri, 23 Mar 2018 10:49:58 -0700 (PDT)
Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.389.1; Fri, 23 Mar 2018 13:49:45 -0400
Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.389.1; Fri, 23 Mar 2018 13:49:54 -0400
Received: from [129.6.140.7] (7-140.antd.nist.gov [129.6.140.7]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id w2NHnVbm032257; Fri, 23 Mar 2018 13:49:32 -0400
From: "Rose, Scott" <scott.rose@nist.gov>
To: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
CC: Warren Kumari <warren@kumari.net>, Suresh Krishnan <suresh@kaloom.com>, Terry Manderson <terry.manderson@icann.org>, Olafur Gudmundsson <ogud@ogud.com>, Andrew Sullivan <ajs@anvilwalrusden.com>, dnsext@ietf.org, Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 23 Mar 2018 13:49:31 -0400
X-Mailer: MailMate (1.11r5462)
Message-ID: <382D058C-B2F4-400F-A5E1-7454FD1BC1CF@nist.gov>
In-Reply-To: <7e4b1f83-1da0-96b4-856e-804b8a3cf367@nlnetlabs.nl>
References: <20180323152454.94C77B82ED3@rfc-editor.org> <CAHw9_iJ1nJ2QJPQPtOPOzN7K+8Hx12Y=t0BQwcbp8KwjJc4+bA@mail.gmail.com> <7e4b1f83-1da0-96b4-856e-804b8a3cf367@nlnetlabs.nl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_0FAC90A0-2DFB-4A6B-9D8E-779E8AD7E971_="
X-NIST-MailScanner-Information:
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/HoiBXSnC1CpMOmFb4yN0eAGTpPc>
Subject: Re: [dnsext] [Editorial Errata Reported] RFC6672 (5297)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 17:50:02 -0000
I agree with Wouter. It is technically correct* this way. The same goes with the other errata (5298). They both should be approved, IMHO. Scott *The Best Kind of Correct On 23 Mar 2018, at 11:43, W.C.A. Wijngaards wrote: > Hi, > > Seems fine to me too. Also Pieter's (5298) which is also about > missing > out on the NSEC and RRSIG bits. They aren't actually the focus, which > is why no-one missed them I guess (together with all the omitted RRSIG > fields?), but adding NSEC and RRSIG bits is correct for a signed zone. > > Best regards, Wouter > > On 23/03/18 16:27, Warren Kumari wrote: >> [ - RFC Editor for clutter ] >> >> This *seems* correct to me, but my brain turned into jelly much >> earlier in the week -- anyone disagree with the errata? >> >> W >> >> On Fri, Mar 23, 2018 at 3:24 PM, RFC Errata System >> <rfc-editor@rfc-editor.org> wrote: >>> The following errata report has been submitted for RFC6672, >>> "DNAME Redirection in the DNS". >>> >>> -------------------------------------- >>> You may review the report below and at: >>> http://www.rfc-editor.org/errata/eid5297 >>> >>> -------------------------------------- >>> Type: Editorial >>> Reported by: Pieter Lexis <pieter.lexis@powerdns.com> >>> >>> Section: 5.3.4.1 >>> >>> Original Text >>> ------------- >>> ;; Header: QR AA RCODE=3(NXDOMAIN) >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags: do; udp: 4096 >>> >>> ;; Question >>> foo.bar.example.com. IN A >>> ;; Authority >>> bar.example.com. NSEC dub.example.com. A DNAME >>> bar.example.com. RRSIG NSEC [valid signature] >>> >>> Corrected Text >>> -------------- >>> ;; Header: QR AA RCODE=3(NXDOMAIN) >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags: do; udp: 4096 >>> >>> ;; Question >>> foo.bar.example.com. IN A >>> ;; Authority >>> bar.example.com. NSEC dub.example.com. A DNAME RRSIG NSEC >>> bar.example.com. RRSIG NSEC [valid signature] >>> >>> Notes >>> ----- >>> The NSEC record in the original text would in no case be valid as it >>> denies it's own existence and the existence of the RRSIG, while the >>> text indicates that " the validator can see that it is a BOGUS >>> reply from an attacker that collated existing records from the DNS >>> to create a confusing reply". This indicates that NSEC and RRSIG >>> should be set in the NSEC bitmap >>> >>> Instructions: >>> ------------- >>> This erratum is currently posted as "Reported". If necessary, please >>> use "Reply All" to discuss whether it should be verified or >>> rejected. When a decision is reached, the verifying party >>> can log in to change the status and edit the report, if necessary. >>> >>> -------------------------------------- >>> RFC6672 (draft-ietf-dnsext-rfc2672bis-dname-26) >>> -------------------------------------- >>> Title : DNAME Redirection in the DNS >>> Publication Date : June 2012 >>> Author(s) : S. Rose, W. Wijngaards >>> Category : PROPOSED STANDARD >>> Source : DNS Extensions >>> Area : Internet >>> Stream : IETF >>> Verifying Party : IESG >>> >>> _______________________________________________ >>> dnsext mailing list >>> dnsext@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsext >> >> >> =================================== Scott Rose NIST ITL scott.rose@nist.gov +1-301-975-8439 GV: +1-571-249-3671 ===================================
- [dnsext] [Editorial Errata Reported] RFC6672 (529… RFC Errata System
- Re: [dnsext] [Editorial Errata Reported] RFC6672 … Warren Kumari
- Re: [dnsext] [Editorial Errata Reported] RFC6672 … W.C.A. Wijngaards
- Re: [dnsext] [Editorial Errata Reported] RFC6672 … Rose, Scott