IETF Logo Mail Archive

Re: Summary: What to do with expired signatures

Edward Lewis <lewis@tislabs.com> Tue, 12 February 2002 15:21 UTC

Received: from psg.com (exim@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14928 for <dnsext-archive@lists.ietf.org>; Tue, 12 Feb 2002 10:21:24 -0500 (EST)
Received: from lserv by psg.com with local (Exim 3.33 #1) id 16aeX3-0006fB-00 for namedroppers-data@psg.com; Tue, 12 Feb 2002 07:07:45 -0800
Received: from sentry.gw.tislabs.com ([192.94.214.100]) by psg.com with esmtp (Exim 3.33 #1) id 16aeX2-0006f5-00 for namedroppers@ops.ietf.org; Tue, 12 Feb 2002 07:07:44 -0800
Received: by sentry.gw.tislabs.com; id KAA19646; Tue, 12 Feb 2002 10:13:11 -0500 (EST)
Received: from test.netsec.tislabs.com(199.171.39.2) by sentry.gw.tislabs.com via smap (V5.5) id xma019623; Tue, 12 Feb 02 10:12:38 -0500
X-Sender: lewis@192.35.165.115
Message-Id: <v03130304b88edd960a7a@[192.35.165.115]>
In-Reply-To: <20020212144029.AC25F28EB3@as.vix.com>
References: Message from Edward Lewis <lewis@tislabs.com> of "Tue, 12 Feb 2002 09:19:33 EST." <v03130304b88ed1eb4c99@[192.35.165.115]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 12 Feb 2002 10:06:22 -0500
To: Paul Vixie <paul@vix.com>
From: Edward Lewis <lewis@tislabs.com>
Subject: Re: Summary: What to do with expired signatures
Cc: namedroppers@ops.ietf.org
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk

At 9:40 AM -0500 2/12/02, Paul Vixie wrote:
>> I think the issue is a bit more significant than an implementation detail.
>> Personally, this thread has convinced me that the servers should not edit
>> zones in any way.
>
>I was astounded that anyone here even thought that that was debatable.

I'm confused by this response.

Are you saying that this issue "is" just an implementation detail?  Or are
you saying that "servers should not edit zones" is undebateable?

>> Dynamic delete is an exception.  It is an acceptable exception in that
>> dynamic update is sufficiently independent of the action of
>> publishing/distributing data.  It is a complication of the zone loading
>> process, not the zone serving process.
>
>The zone whatting process?  I have here a server with persistent zone storate.
>All zone changes are made by RFC2136 "UPDATE" requests.  There is no "load"
>and there is no "zone file" and there is no way to map your "implied delete"
>to any process that it has.  Yet this server is entirely protocol compliant.

This is entirely philosophical:  Dynamic update accomplishes the same thing
as sending a change request to the appropriate person, editing the zone
file and reloading the zone.  The serial number is updated, and the if the
zone is signed, new signatures are produced as needed.  Dynamic update does
this much more quickly than the "old" way.  That's why I said that dynamic
update is related to zone loading.  As far as being a "complication,"
dynamic update is a new process - meaning that there are now more ways to
get data into a zone.

The fact that this is protocol compliant isn't a debate.  I was just trying
to decide if dynamic update was a symptom of middleboxness or not.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis@tislabs.com

Do you have the time to listen to me whine
About nothing and everything all at once?
-- Green Day ("Basket Case")

Opinions expressed are property of my evil twin, not my employer.



to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.40.4 | Report a Bug | By Email | System Status