Re: [dnsext] Possible DNSSECbis clarifications
"Marc Lampo" <marc.lampo@eurid.eu> Mon, 28 March 2011 12:58 UTC
Return-Path: <marc.lampo@eurid.eu>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 52DDC3A681A for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 05:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.15
X-Spam-Level:
X-Spam-Status: No, score=-1.15 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3xa9Kj6n-FX for <dnsext@core3.amsl.com>; Mon, 28 Mar 2011 05:58:01 -0700 (PDT)
Received: from barra.eurid.eu (mx.eurid.eu [212.190.206.103]) by core3.amsl.com (Postfix) with ESMTP id 891D93A67DA for <dnsext@ietf.org>; Mon, 28 Mar 2011 05:58:01 -0700 (PDT)
X-ASG-Debug-ID: 1301317177-5cfb54bc0001-uIE7UK
Received: from zimbra.eurid.eu (zcs-master.vt.eurid.eu [10.19.100.121]) by barra.eurid.eu with ESMTP id A0lIFdwuTCd3mtoz; Mon, 28 Mar 2011 14:59:37 +0200 (CEST)
X-Barracuda-Envelope-From: marc.lampo@eurid.eu
X-ASG-Whitelist: Client
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.eurid.eu (Postfix) with ESMTP id 68C48E4060; Mon, 28 Mar 2011 14:54:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at techmail.eurid.eu
Received: from zimbra.eurid.eu ([127.0.0.1]) by localhost (zimbra.eurid.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V19PPTqCbqAL; Mon, 28 Mar 2011 14:54:15 +0200 (CEST)
Received: from zimbra.eurid.eu (zimbra.eurid.eu [10.19.100.120]) by zimbra.eurid.eu (Postfix) with ESMTP id 554D9E4050; Mon, 28 Mar 2011 14:54:15 +0200 (CEST)
From: Marc Lampo <marc.lampo@eurid.eu>
To: 'Joe Abley' <jabley@hopcount.ca>
References: <4D9042DA.30002@ogud.com> <00a701cbed28$64d1b1d0$2e751570$@lampo@eurid.eu> <EBB9E54E-15F1-46B0-81CB-4B2C7B47D598@hopcount.ca>
In-Reply-To: <EBB9E54E-15F1-46B0-81CB-4B2C7B47D598@hopcount.ca>
Date: Mon, 28 Mar 2011 14:54:15 +0200
X-ASG-Orig-Subj: RE: [dnsext] Possible DNSSECbis clarifications
Message-ID: <018401cbed48$0b8a6ac0$229f4040$@lampo>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraConnectorForOutlook/5.0.3064.18)
Thread-Index: AcvtPtD6teqbaHhBQEqC732QxR3qIAACK17g
Content-Language: en-za
X-Originating-IP: [172.20.5.39]
X-Barracuda-Connect: zcs-master.vt.eurid.eu[10.19.100.121]
X-Barracuda-Start-Time: 1301317177
X-Barracuda-URL: http://172.20.1.190:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at eurid.eu
Cc: dnsext@ietf.org, 'Olafur Gudmundsson' <ogud@ogud.com>
Subject: Re: [dnsext] Possible DNSSECbis clarifications
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 12:58:02 -0000
In my opinion, the use of the second SOA to indicate the zone did not change (at sender side) since the zone transfer started is more important (then the indication of the end of the zone transfert). I agree that, if there is a record following that "last SOA", that SOA is obviously not the last one of the zone transfert. Which brings us to the question : Where to put that RRSIG(SOA), knowing that potentially the SOA may change between start and end of AXFR. (in which case the receiving name server must refuse just downloaded zone and attempt AXFR again) Marc -----Original Message----- From: Joe Abley [mailto:jabley@hopcount.ca] Sent: 28 March 2011 01:54 PM To: Marc Lampo Cc: dnsext@ietf.org; 'Olafur Gudmundsson' Subject: Re: [dnsext] Possible DNSSECbis clarifications On 2011-03-28, at 11:07, Marc Lampo wrote: > I think "b) both times". > Motivation. > While the second SOA might serve as an indicator of "end of zone > transfer", It's not the end of the transferred zone if there's an RRSIG following it, surely. Joe
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- [dnsext] Possible DNSSECbis clarifications Olafur Gudmundsson
- Re: [dnsext] Possible DNSSECbis clarifications Masataka Ohta
- Re: [dnsext] Possible DNSSECbis clarifications George Barwood
- Re: [dnsext] Possible DNSSECbis clarifications Mark Andrews
- Re: [dnsext] Possible DNSSECbis clarifications Antoin Verschuren
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff
- Re: [dnsext] Possible DNSSECbis clarifications Joe Abley
- Re: [dnsext] Possible DNSSECbis clarifications Marc Lampo
- Re: [dnsext] Possible DNSSECbis clarifications Miek Gieben
- Re: [dnsext] Possible DNSSECbis clarifications Mark Andrews
- Re: [dnsext] Possible DNSSECbis clarifications Michael Graff