Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt

Warren Kumari <> Mon, 29 January 2018 21:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E93561201F8 for <>; Mon, 29 Jan 2018 13:11:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 85-YFziYDok7 for <>; Mon, 29 Jan 2018 13:11:33 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 265DA12EC78 for <>; Mon, 29 Jan 2018 13:11:33 -0800 (PST)
Received: by with SMTP id w50so8807448wrc.2 for <>; Mon, 29 Jan 2018 13:11:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rK9znuOa+IYH3AtBsq5Z2Z+ioKl2aJWAygKS0jfR1Ps=; b=cO2+DJDMvlN70TGAAoEPxFALeTXzaVAB0/j+UCggF52rA2m5xtB9AL9HOlfbiB0LgH cdXAZK656hWTRZFvCXO3/bra7t7JOfyg8XJ1OYez9KXlxx40EEuLNjiKPGnIY+yF7JjO kvy4S7fDAg9CZrGNsRVgMc8Ji8f1Kpjq5LwyDMxEBiPChQkJ5E5FgOXlRb1pUmvB/bBa x6ItXMswxLEupQsM2lnWcXcmSNxwKQlFJLDToWEauGS+D50De6aRpfxC8FLPKI8dUyfQ yZGV4KgeygM1Ef+VESNr3rzQfaKDdYume2Rs92MbrL1B3t8pCE9yPIXf4uRsed7UKgC7 bB0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rK9znuOa+IYH3AtBsq5Z2Z+ioKl2aJWAygKS0jfR1Ps=; b=GW75KyHpXSl0ieYtt+Qiqg1+8vkEwJzHoD/WFO9RWxYEo1REaZvzc+3XS0uHD5p/L/ VvzNdvQGzfRCChdS++U9cxyJiCUTlKFSK28oyHq09T3MlwEbSGKtJoo8BoFQsFN09TZv CdTbiluS+Ud/3ECBMMcvdaPJaM37PpjA3+4oG45syQOldk/kQQj53ohfSfPNPkm0c7Ag buQfHwpcEg0tGeDRF5FHtwUxhsXxFwSHlDs3pw6ggQlgZ/CdMM4esyM3WH5GVNwUvCdh U+G4Irx7DWnlwjDA9XG2BhcUwsYEdkanp7aI5cwCi2tKUYDTR/Ul9dgpH41FjrsOt94l /y/Q==
X-Gm-Message-State: AKwxyteAjP1Wf69PR3BNA6/fymYdQZcXd7KrV3hkCV5ddZJbtSPo2rkT 1WoZqcmpFPHVgRPxIC0i+yyMsvwehXSNQvM4dO/bQYCB
X-Google-Smtp-Source: AH8x225pMEjMsCpvVT40hZ77flL7Cr1JXgkFVaWnttzWg0HnHD8pWy/bTTz2J6jXcNQ1zppyN2rN5uxEzVInBJ5fmg0=
X-Received: by with SMTP id 21mr22400246wrw.283.1517260283312; Mon, 29 Jan 2018 13:11:23 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Mon, 29 Jan 2018 13:10:42 -0800 (PST)
In-Reply-To: <>
References: <> <>
From: Warren Kumari <>
Date: Mon, 29 Jan 2018 16:10:42 -0500
Message-ID: <>
To: Robert Story <>
Cc: dnsop <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Jan 2018 21:11:36 -0000

On Sun, Jan 28, 2018 at 8:01 AM, Robert Story <> wrote:
> On Mon 2017-11-13 18:26:02-0800 wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories. This draft is a work item of the Domain Name System
>> Operations WG of the IETF.
> I was re-reading the draft today and noticed that Vold and Vnew are
> inconsistent with Vold and Vnew with respect to non-SERVFAIL responses:
>>  o  Vleg: A DNSSEC-Validating resolver that does not implement this
>>     mechanism will respond with an A or AAAA RRSET response for "_is-
>>     ta", an A record response for "_not-ta" and SERVFAIL for the
>>     invalid name.
> Shouldn't it be "an A or AAAA RRSET" for "_not-ta"?
>>  o  nonV: A non-DNSSEC-Validating resolver will respond with an A
>>     record response for "_is-ta", an A record response for "_not-ta"
>>     and an A record response for the invalid name.
> Similarly, shouldn't all three of these be "an A or AAAA record"?
> The table following this text also only specifies "A" for responses.

Yes, you are right -- for all places where there is 'A' it should be
'A or AAAA'; how do people feel about something along the lines of:

"Throughout this document, we are using A to refer to an Address
record (either 'A' or  'AAAA') " -- having "A or AAAA" scattered all
over the document makes it now flow as nicely...


> --
> Robert Story <>
> USC Information Sciences Institute <>
> _______________________________________________
> DNSOP mailing list

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.