IETF Logo Mail Archive

Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16

Samuel Weiler <weiler@watson.org> Mon, 12 March 2012 21:24 UTC

Return-Path: <weiler@watson.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FBF521F87C8 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 14:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.428
X-Spam-Level:
X-Spam-Status: No, score=-2.428 tagged_above=-999 required=5 tests=[AWL=0.171, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5srtz67CLJR for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 14:24:07 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id EA38C21F8981 for <dnsext@ietf.org>; Mon, 12 Mar 2012 14:24:06 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id q2CLO6VL043625; Mon, 12 Mar 2012 17:24:06 -0400 (EDT) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id q2CLO502043621; Mon, 12 Mar 2012 17:24:05 -0400 (EDT) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Mon, 12 Mar 2012 17:24:05 -0400
From: Samuel Weiler <weiler@watson.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <4A30B716-F051-41F5-B237-29C6397289A5@vpnc.org>
Message-ID: <alpine.BSF.2.00.1203121719510.39342@fledge.watson.org>
References: <20120120054939.GD4365@mail.yitter.info> <20120120142243.GE4944@mail.yitter.info> <4F2967EF.8070502@nlnetlabs.nl> <4A30B716-F051-41F5-B237-29C6397289A5@vpnc.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Mon, 12 Mar 2012 17:24:06 -0400 (EDT)
Cc: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 21:24:07 -0000

On Wed, 1 Feb 2012, Paul Hoffman wrote:

> 5.10 is long, scary, and useless for most environments because most 
> environments will have just one trust anchor.

It is long and scary.  Earlier discussion on list discarded several 
ways of helping with that.  David and I came up with a new one: we 
stuck most of the text in an appendix.  It's still long, but maybe it 
will now be less scary.  I think this change is purely editorial; if 
we need to back it out later, we can.  Please let us know if you like 
it.

> 5.6 (setting the DO bit in replies) suggests resolvers should "be 
> liberal in what they accept". That's a bit vague. Instead, say ... 
> "Because some implementations ignore this rule on sending, the rule 
> for receivers is now that they MUST NOT expect the DO bit to be set 
> as it was sent."

We have added normative language.  I know Andrew was uneasy with that, 
having only heard from three of us (you, me, and David Blacka), but I 
continue to contend that this is the clearer way to say what we were 
saying anyway.  Andrew, if you need to flag this in the proto 
write-up, feel free.

-- Sam

v2.39.1 | Report a Bug | By Email | System Status