Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-08.txt
Dick Franks <rwfranks@acm.org> Wed, 22 August 2012 19:03 UTC
Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B73921F867A for <dnsext@ietfa.amsl.com>; Wed, 22 Aug 2012 12:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.927
X-Spam-Level:
X-Spam-Status: No, score=-102.927 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pi4t-4-QNBba for <dnsext@ietfa.amsl.com>; Wed, 22 Aug 2012 12:03:12 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3C73521F84C5 for <dnsext@ietf.org>; Wed, 22 Aug 2012 12:03:12 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so1532502vbb.31 for <dnsext@ietf.org>; Wed, 22 Aug 2012 12:03:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=m2EVuKQGatImwojIcbwWzPHb5ED95MusBP/1kcQHNnU=; b=engd4mh+IOpdgndkyAw8cA9XqlZhueK2/qW/YNvaBxxilz0O+F4oxkgCUn1R1lFbcR 4MM6Yz2F5ESeEF8Qmj7COUdNfzb2JcO88vq9kBiVBB4PY/aQDpG/eHn63j1jyMVb48Ok hQZsH21fhbyhLmIv78/7gP00a/v0RqH+WUtp3ggFLyLQylkaVB7irKmM+n43itkMX8iD oE4JnMrK3VOnX9FwBU7UBJbMAcniyRgp11EjNejbrCo5SNkCzaFUY6oiTKArkR7sV4hd Q2/tDj4ph/3L+p9wPxoLAW5wOfKpB0e53CzH+i/MJbLPqdxrPoczFEPq8UCY0DTskNjS erbg==
Received: by 10.52.20.138 with SMTP id n10mr14908250vde.129.1345662191712; Wed, 22 Aug 2012 12:03:11 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.58.237.40 with HTTP; Wed, 22 Aug 2012 12:02:51 -0700 (PDT)
In-Reply-To: <2F1ECDC6-1B83-48B1-97A1-94D4861C64B6@gmail.com>
References: <20120814172215.1223.51485.idtracker@ietfa.amsl.com> <2F1ECDC6-1B83-48B1-97A1-94D4861C64B6@gmail.com>
From: Dick Franks <rwfranks@acm.org>
Date: Wed, 22 Aug 2012 20:02:51 +0100
X-Google-Sender-Auth: zenvYUN2o1Vrk_l7oDq7RUgiVjo
Message-ID: <CAKW6Ri5Naayt6QTTEB__KyCEgHiE7jfSsbzNo7o4dfyVNrj4kQ@mail.gmail.com>
To: Scott Rose <scottr.nist@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-08.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2012 19:03:14 -0000
Scott & Steve, [2, para 4] ALG-CODE is the list of assigned values of DNSSEC zone signing algorithms, DS hash algorithms, or NSEC3 hash algorithms (depending on the OPTION-CODE in use) that the client declares to be supported. The order of the code values can be arbitrary and SHOULD NOT be used to infer preference. WG seems to agree that there is no information to be gleaned from the order in which codes appear in the list. The requirement can therefore be strengthened from SHOULD to MUST. The present wording implies that the order will remain the same from one occasion to another, i.e. sorted using some (arbitrary) ordering relation. There is no requirement that it should. Suggest: ... The list of algorithm codes is unordered and MUST NOT be used to infer preference. [3, para 1] A validating end-system resolver sets the DAU, DHU and/or N3U option, or combination thereof in the OPT meta-RR when sending a query. The validating end-system resolver sets the value(s) in any arbitrary order. The validating end-system resolver MUST also set the DNSSEC-OK bit [RFC4035] to indicate that it wishes to receive DNSSEC RRs in the response. Second sentence is redundant, covered by section 2. [3.1.2] The DAU, DHU and N3U EDNS options are NOT RECOMMENDED for non- validating stub resolvers. As non-validating stub implements no algorithms at all, why does this say "are NOT RECOMMENDED" instead of "MUST NOT be used"? Dick On 14 August 2012 18:29, Scott Rose <scottr.nist@gmail.com> wrote: > New version that addresses the comments received from the -07 version. >
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Dick Franks