Re: [dnsext] [Editorial Errata Reported] RFC6840 (4191)
Jelte Jansen <jelte.jansen@sidn.nl> Wed, 03 December 2014 08:52 UTC
Return-Path: <Jelte.Jansen@sidn.nl>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EA9A1A0262 for <dnsext@ietfa.amsl.com>; Wed, 3 Dec 2014 00:52:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.098
X-Spam-Level: *
X-Spam-Status: No, score=1.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FUZZY_VPILL=1.014, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UPdvLU06eKor for <dnsext@ietfa.amsl.com>; Wed, 3 Dec 2014 00:52:30 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 752421A0217 for <dnsext@ietf.org>; Wed, 3 Dec 2014 00:52:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn_nl; c=relaxed/relaxed; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:x-originating-ip; bh=yc92b4bvfbc+CEN3hq5hkXadRAT38HOhVGt4dBuKAPM=; b=P71inf/Bi654rdJ3qjpYED2kQUaTJHtlSii09GXYn4Q2gm4Ko7fFDyP3/xmCX9cLfJmagW45vaute9qI+SW7pKDj0+FJ9lV/0YnNILQcO94jErU/AeMZxNLr4/3sUzzOA10J5seAZ/uhZVSTdIg23OI6NxtkEaYyM9eoRhM6CCE=
Received: from kahubcasn01.SIDN.local ([192.168.2.73]) by arn2-kamx.sidn.nl with ESMTP id sB38q3rW007184-sB38q3rY007184 (version=TLSv1.0 cipher=AES256-SHA bits=256 verify=CAFAIL); Wed, 3 Dec 2014 09:52:03 +0100
Received: from zen.sidnlabs.nl (94.198.152.218) by kahubcasn01.SIDN.local (192.168.2.77) with Microsoft SMTP Server (TLS) id 14.3.174.1; Wed, 3 Dec 2014 09:52:01 +0100
Message-ID: <547ECF19.5020006@sidn.nl>
Date: Wed, 03 Dec 2014 09:51:37 +0100
From: Jelte Jansen <jelte.jansen@sidn.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.2.0
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>, RFC Errata System <rfc-editor@rfc-editor.org>, weiler@tislabs.com, davidb@verisign.com, ted.lemon@nominum.com, ogud@ogud.com, ajs@anvilwalrusden.com
References: <20141202163646.E4BFC18123F@rfc-editor.org> <547E1F3F.5040400@innovationslab.net>
In-Reply-To: <547E1F3F.5040400@innovationslab.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [94.198.152.218]
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/nzMfGS42Ung98Brk7Ywcsx6BzXE
Cc: edward.lewis@icann.org, dnsext@ietf.org
Subject: Re: [dnsext] [Editorial Errata Reported] RFC6840 (4191)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 08:52:32 -0000
On 12/02/2014 09:21 PM, Brian Haberman wrote: > Despite Donald's assertion, I think this is a valid erratum and should > be marked Verified. However, I will wait for others to chime in on the > subject before doing so. > I see a few pros and cons; yes the proposed text is correct and better than the original. However, this is not the only place that 'signing the zone' is used, and used with the meaning 'signing each authoritative RRset within the zone' in the set of RFC4033-4035 (and possibly outside of those as well). But I have had people ask me what 'signing the zone' actually means, usually in the context of KSK vs ZSK (and hence, is the DNSKEY set part of 'the zone'), not necesarily in the context of algorithm downgrade protection. Then again, RFC4033 actually defines a 'signed zone' as 'A zone whose RRsets are signed and ...'. So while signing full zones in AXFRs might add confusion here, I do think it is stated correctly as it is. Then again (again), that is about whether there are signatures at all and 'signed' there doesn't mention signed by what (keys/algorithms/autographs). So I don't think the errata is necessary, but I wouldn't exactly be opposed either. Jelte
- [dnsext] [Editorial Errata Reported] RFC6840 (419… RFC Errata System
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Donald Eastlake
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Brian Haberman
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Olafur Gudmundsson
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Edward Lewis
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Samuel Weiler
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Warren Kumari
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … manning bill
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Blacka, David
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Jelte Jansen
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Jaap Akkerhuis
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Dave Lawrence
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Paul Hoffman
- Re: [dnsext] [Editorial Errata Reported] RFC6840 … Matthijs Mekking
- [dnsext] [Errata Rejected] RFC6840 (4191) RFC Errata System