RE: Last Call: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard
"Levon Esibov" <levone@Exchange.Microsoft.com> Tue, 13 June 2000 23:00 UTC
Received: from psg.com (psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA24493 for <dnsext-archive@lists.ietf.org>; Tue, 13 Jun 2000 19:00:40 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 3.13 #1) id 131z7n-0004na-00 for namedroppers-data@psg.com; Tue, 13 Jun 2000 15:25:35 -0700
Received: from [147.28.4.2] (helo=roam.psg.com) by psg.com with esmtp (Exim 3.13 #1) id 131z7m-0004nS-00 for namedroppers@ops.ietf.org; Tue, 13 Jun 2000 15:25:34 -0700
Received: from randy by roam.psg.com with local (Exim 3.12 #1) id 131z7r-0001IO-00 for namedroppers@ops.ietf.org; Tue, 13 Jun 2000 16:25:39 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: RE: Last Call: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard
Date: Tue, 13 Jun 2000 13:46:34 -0700
Message-ID: <19398D273324D3118A2B0008C7E9A5690AD71B21@SIT.platinum.corp.microsoft.com>
From: Levon Esibov <levone@Exchange.Microsoft.com>
To: iesg@ietf.org
Cc: namedroppers@ops.ietf.org
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
I'd like to recommend to replace the text fragment from Section 3 "By default, a principal MUST NOT be permitted to make any changes to zone data; any permissions MUST be enabled though configuration." by the following text "By default, a principal SHOULD NOT be permitted to make any changes to zone data; any permissions SHOULD be enabled through configuration." I believe the decision on the default configuration should be left to implementers. The deployment experience of Beta Windows 2000 demonstrated difficulties that administrators experienced in configuration of the zones for the dynamic updates. It was found that the default configuration that satisfied majority of customers is to allow all the authenticated principals to create new names in a zone, but prohibit any unauthorized principals from modifying the existing records. This is the default configuration of the Windows 2000 DNS server. I apologize that I didn't notice the issue during the workgroup last call. Levon From: The IESG [mailto:iesg-secretary@ietf.org] Sent: Friday, June 02, 2000 5:34 AM To: IETF-Announce: ; Cc: namedroppers@ops.ietf.org Subject: Last Call: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard The IESG has received a request from the DNS Extensions Working Group to consider Simple Secure Domain Name System (DNS) Dynamic Update <draft-ietf-dnsext-simple-secure-update-01.txt> as a Proposed Standard. This will replace/obsolete RFC2137, currently a Proposed Standard. The IESG will also consider Domain Name System Security (DNSSEC) Signing Authority <draft-ietf-dnsext-signing-auth-01.txt> as a Proposed Standard, updating RFC2535 The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send any comments to the=20 iesg@ietf.org or ietf@ietf.org mailing lists by June 16, 2000. Files can be obtained via http://www.ietf.org/internet-drafts/draft-ietf-dnsext-simple-secure-upda te-01.txt http://www.ietf.org/internet-drafts/draft-ietf-dnsext-signing-auth-01.tx t to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body.
- Re: Last Call: Simple Secure Domain Name System (… Edward Lewis
- Re: Last Call: Simple Secure Domain Name System (… Thomas Narten
- RE: Last Call: Simple Secure Domain Name System (… Brian Wellington
- RE: Last Call: Simple Secure Domain Name System (… Levon Esibov
- RE: Last Call: Simple Secure Domain Name System (… Edward Lewis
- Re: Last Call: Simple Secure Domain Name System (… Thomas Narten
- Re: Last Call: Simple Secure Domain Name System (… Olafur Gudmundsson
- Re: Last Call: Simple Secure Domain Name System (… Donald E. Eastlake 3rd
- RE: Last Call: Simple Secure Domain Name System (… Harald Tveit Alvestrand
- Re: Last Call: Simple Secure Domain Name System (… Terry Lambert
- RE: Last Call: Simple Secure Domain Name System (… Levon Esibov