[dnsext] Updates to draft-ietf-dnsext-dnssec-algo-signal draft as a result of IESG review
Ted Lemon <Ted.Lemon@nominum.com> Sat, 11 May 2013 15:25 UTC
Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EC4D21F90FD for <dnsext@ietfa.amsl.com>; Sat, 11 May 2013 08:25:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KzsBecfBR9DM for <dnsext@ietfa.amsl.com>; Sat, 11 May 2013 08:25:38 -0700 (PDT)
Received: from exprod7og121.obsmtp.com (exprod7og121.obsmtp.com [64.18.2.20]) by ietfa.amsl.com (Postfix) with ESMTP id 8909921F90BB for <dnsext@ietf.org>; Sat, 11 May 2013 08:25:38 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob121.postini.com ([64.18.6.12]) with SMTP ID DSNKUY5i8bOY1Je4HLLyFFP3a8CzL3kY3UUv@postini.com; Sat, 11 May 2013 08:25:38 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 4E15C1B8053 for <dnsext@ietf.org>; Sat, 11 May 2013 08:25:37 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 4394819005D; Sat, 11 May 2013 08:25:37 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.02.0318.004; Sat, 11 May 2013 08:25:30 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: "dnsext@ietf.org Group" <dnsext@ietf.org>
Thread-Topic: Updates to draft-ietf-dnsext-dnssec-algo-signal draft as a result of IESG review
Thread-Index: AQHOTlvEBXdp6nQNbEuty8FlVsj2Dg==
Date: Sat, 11 May 2013 15:25:28 +0000
Message-ID: <8D23D4052ABE7A4490E77B1A012B63077517C4EF@mbx-01.win.nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <302C5A93F939B142B9B4E22C2D9260F6@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Pete Resnick <presnick@qti.qualcomm.com>
Subject: [dnsext] Updates to draft-ietf-dnsext-dnssec-algo-signal draft as a result of IESG review
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 May 2013 15:25:44 -0000
During IESG review some subtle issues were raised with the DNSSEC algorithm signaling draft that resulted in an RFC editor note being added to the document. I'm writing this note to apprise the working group of the changes that were made. My expectation is that the working group will not see any of these changes as substantially changing the document in a way that would influence the outcome of the last call, but they are not merely editorial, so it seemed appropriate to give the working group a shot at them. The complete editor's note is here: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-signal/writeup/ The particular change to which I want to draw your attention relate to the question of what it means for a resolver to be a validating resolver. The document as submitted by the working group allowed for the possibility that a validating resolver might not set the DO bit; this then led to an ambiguity in section 5 about the processing of the three new options. The text as submitted by the working group said that the server doesn't process the options if the DO bit isn't set. The question was raised: what if a validating resolver doesn't set the DO bit for a particular query? Don't we still care, in principle, what algorithms it supports? The clarifying change is the change to section 3.1.1: a validating stub resolver is now defined for the purposes of the document as one that sets the DO bit. The actual piece of software running on the host may sometimes set the DO bit and sometimes not, but we only _treat_ it as a validating resolver if it does. If this sounds like an interesting point to you, please check out the editor's note and see how it affects the draft. If we don't hear any substantive objection by midweek, I will release the document for publication with the editor's note as is. There are a number of editorial changes in the editor's note as well; the changes that pertain to this question are specifically those that address 3.1.1 and 3.2.1.