Re: [DNSOP] Working Group Last Call for: Message Digest for DNS Zones

Paul Vixie <paul@redbarn.org> Sun, 05 January 2020 02:39 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1A7120099 for <dnsop@ietfa.amsl.com>; Sat, 4 Jan 2020 18:39:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTcjRu0Q2Mip for <dnsop@ietfa.amsl.com>; Sat, 4 Jan 2020 18:39:10 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB10612008F for <dnsop@ietf.org>; Sat, 4 Jan 2020 18:39:10 -0800 (PST)
Received: from linux-9daj.localnet (dhcp-179.access.rits.tisf.net [24.104.150.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 9EB47B0591; Sun, 5 Jan 2020 02:39:05 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: dnsop@ietf.org
Cc: Michael StJohns <msj@nthpermutation.com>
Date: Sun, 05 Jan 2020 02:39:03 +0000
Message-ID: <2815026.5YkhiI1suB@linux-9daj>
Organization: none
In-Reply-To: <84650844-1d13-9377-c913-23dcbc76dc37@nthpermutation.com>
References: <CADyWQ+G1w9_vcU3oO9MsKcP4hTLPXKFb+xY7LJGExbAfjzsDMw@mail.gmail.com> <84650844-1d13-9377-c913-23dcbc76dc37@nthpermutation.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-zlcUcwR4UqfsKVaOBF8Q8NMD0Y>
Subject: Re: [DNSOP] Working Group Last Call for: Message Digest for DNS Zones
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 02:39:12 -0000

On Sunday, 5 January 2020 01:14:17 UTC Michael StJohns wrote:
> ...
> 
> 1) A recommendation for the maximum size of the zone (and for that
> matter the maximum churn rate). This is hinted at in the abstract, but
> missing from the body of the document.
> 2) ...
> 3) ...
> ...
> I think Experimental is fine.  I'm not sure without a clear text
> addressing my points 1,2, 13 and 15 that this is useful as a standards
> track document for general use.

i agree, and especially regarding point 1. without a block hash technique 
whereby the zonemd can be incrementally updated upon receipt of changes by 
UPDATE and IXFR (in some canonical form so that such updates are the same 
regardless of the source of the change which may be UPDATE, IXFR, or other), 
there is a broad spectrum of zone sizes and churn rates for which ZONEMD as 
specified is not applicable.

these limits should be described, and the above block hash methodology should 
be hinted at as "for future work, to eliminate those limitations."

-- 
Paul