Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt
Andrew Sullivan <ajs@anvilwalrusden.com> Tue, 09 July 2013 01:40 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E107921F8651 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2013 18:40:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.84
X-Spam-Level:
X-Spam-Status: No, score=-0.84 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRGO48H20Oyz for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2013 18:40:03 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 221F121F9A38 for <dnsop@ietf.org>; Mon, 8 Jul 2013 18:40:02 -0700 (PDT)
Received: from mx1.yitter.info (c-75-69-155-67.hsd1.nh.comcast.net [75.69.155.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 8A5698A031 for <dnsop@ietf.org>; Tue, 9 Jul 2013 01:40:00 +0000 (UTC)
Date: Mon, 08 Jul 2013 21:39:58 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20130709013958.GD20597@mx1.yitter.info>
References: <33496ED6-4D88-485B-8369-566B2A1FC7C0@frobbit.se> <CE0080AE.B7C0%bdickson@verisign.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CE0080AE.B7C0%bdickson@verisign.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2013 01:40:09 -0000
On Mon, Jul 08, 2013 at 06:49:53PM +0000, Dickson, Brian wrote: > > Thoughts? My immediate thought is, "What problem is this trying to solve?" In the DNSSSEC case, the problem is that you're trying not to break the chain of trust, and you need a mechanism that is cryptographically securable to make the communication. This is made harder in some sense by the fact that the DS and DNSKEY RRsets are authoritative on different sides of the zone cut. In the NS case, because the child side RRset is the really authoritative one, that's the one that generally gets cached. Since both sides of the cut have the same RRTYPE, and since only one of the RRsets can be cached, you end up with only one such set and it's the one that gets used. It's it possible to bollocks this so that resolution fails? Yes. But that's not a result of disagreement between two different RRsets, so in this case having the additional communication path (especially inside the DNS) is less necessary. Best, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [DNSOP] Fwd: New Version Notification for draft-k… Warren Kumari
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Wouters
- Re: [DNSOP] Fwd: New Version Notification for dra… Wes Hardaker
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthijs Mekking
- Re: [DNSOP] New Version Notification for draft-ku… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ku… Edward Lewis
- Re: [DNSOP] New Version Notification for draft-ku… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ku… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-ku… Matthijs Mekking
- Re: [DNSOP] New Version Notification for draft-ku… Warren Kumari
- [DNSOP] draft-hardaker-dnsop-csync-00.txt versus … Antoin Verschuren
- Re: [DNSOP] draft-hardaker-dnsop-csync-00.txt ver… Wes Hardaker
- Re: [DNSOP] New Version Notification for draft-ku… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-ku… John Dickinson
- Re: [DNSOP] New Version Notification for draft-ku… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-ku… Patrik Fältström
- Re: [DNSOP] New Version Notification for draft-ku… Dickson, Brian
- Re: [DNSOP] New Version Notification for draft-ku… Patrik Fältström
- Re: [DNSOP] New Version Notification for draft-ku… Andrew Sullivan
- Re: [DNSOP] New Version Notification for draft-ku… Antoin Verschuren
- Re: [DNSOP] New Version Notification for draft-ku… Antoin Verschuren
- Re: [DNSOP] New Version Notification for draft-ku… Patrik Fältström
- Re: [DNSOP] New Version Notification for draft-ku… Antoin Verschuren
- Re: [DNSOP] New Version Notification for draft-ku… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-ku… Dickson, Brian
- Re: [DNSOP] New Version Notification for draft-ku… Edward Lewis
- Re: [DNSOP] New Version Notification for draft-ku… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-ku… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-ku… Antoin Verschuren
- Re: [DNSOP] New Version Notification for draft-ku… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-ku… John Dickinson
- Re: [DNSOP] New Version Notification for draft-ku… Jim Lahey
- Re: [DNSOP] New Version Notification for draft-ku… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ku… Tim Wicinski