IETF Logo Mail Archive

Re: [DNSOP] Is DNSSEC a Best Current Practice?

Tim Wicinski <tjw.ietf@gmail.com> Thu, 10 March 2022 19:10 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FEAC3A1B58 for <dnsop@ietfa.amsl.com>; Thu, 10 Mar 2022 11:10:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIQZd3Db0E0u for <dnsop@ietfa.amsl.com>; Thu, 10 Mar 2022 11:10:20 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8369A3A1B5F for <dnsop@ietf.org>; Thu, 10 Mar 2022 11:10:20 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id n19so11117103lfh.8 for <dnsop@ietf.org>; Thu, 10 Mar 2022 11:10:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=omDxW1vVt61k1lm77jvEH2R596m5NotTrPuO7oReKmU=; b=mFBPtCGLaVEU14HdYqzhVr8RHeAMqg7fMS+OXb3Ya9RsXJIb5tS1nERc1+96hkGQfH cwDdUw3/Kw6XZHQddhbkb8XMb3DqecGxBm0pcYmx7IIhEx/Ohjp54UMVo1WtSlr72clD j1b8Dbb+2/srnIfvfIz4HGe7/aBM5aeptq/atapsaTO5tP+PT/F12n+HBA8jXpe/uGAA gueO9v0Iqr0020kd/ggUSk0ySALZ/wU3VccfbOn/ylsDz9+MSUDCtPDvSkdrsz4UNw1n bjbbVzWPklVvu4aZg2b6Px6PBIqzRxyI//shmovu1umS7m0wdeYxAYRTDbptpKdktnQM 6cAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=omDxW1vVt61k1lm77jvEH2R596m5NotTrPuO7oReKmU=; b=FyW/L8PGdK0VOzNJYphiLXbfF+wizE7MhQf3qVHRSynZxwi1kSk625wsfNlRWtwdat bU7udmk9n8KA99bLo4RpWjhJT7GiS6dK/cNojUrXopvNS5QwaHCUn0hPHCbYgK4B6TFw DgO3pi6L9FLpiuqrpfeuEubmbC9+YxVdPZ3WyIJZVM9uVTZuvADVXjQ6I6DYnUiWf4QV 8qqI1XjNGTJCpoVS4E6RNKezzo83d5DDikzyz6mkFBen/cn/kgp9xM9SJqZdlpbEc5CN /dnHF3R77QONoIXQDS7lgqE1A/Hpw/tc0h+Vz+87+s9YjtjZvclCBMJXFtKx7jXANz8a h8PQ==
X-Gm-Message-State: AOAM531tOBXD7eS6E5ckF/Rq1C1ud7cRL0Dwo+O5DRFqChLD8FAGCsSJ nrH4Kzt42kdcK1LY4RV92U8zYaZQQhuHheKGtCI=
X-Google-Smtp-Source: ABdhPJw/kyiDqx6kGT/0TNLXBwoTc4UzNnF6MBnrc7/3eyQ4kmnCuaC9EJmvrlt7EhYcjzPHfCGti3PuDEbdTdmCMfg=
X-Received: by 2002:a05:6512:ac2:b0:448:6b44:5df9 with SMTP id n2-20020a0565120ac200b004486b445df9mr1161775lfu.230.1646939417833; Thu, 10 Mar 2022 11:10:17 -0800 (PST)
MIME-Version: 1.0
References: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org> <98EAB1A0-9746-4BAF-8865-1F28A3CBB6A4@nohats.ca>
In-Reply-To: <98EAB1A0-9746-4BAF-8865-1F28A3CBB6A4@nohats.ca>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 10 Mar 2022 14:10:06 -0500
Message-ID: <CADyWQ+GygnvrRavtLYiQ0w1p0nGwfzARWYJPuM1EDXs3u3YA2A@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Paul Hoffman <paul.hoffman@icann.org>, dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7767605d9e1f6dd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0I4MO8Luy8ppMrv496t_9hmBkyg>
Subject: Re: [DNSOP] Is DNSSEC a Best Current Practice?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 19:10:26 -0000

I like this idea also.   Warren may have some ideas but could also be
something to do in one of the area WGs.

Grinding paperwork is a necessary evil.

tim


On Thu, Mar 10, 2022 at 2:05 PM Paul Wouters <paul@nohats.ca> wrote:

> Sounds good to me.
>
> Even better if we would clarify DNSSEC is not an optional part of DNS, but
> I don’t think you are volunteering for that discussion 😀
>
> Sent using a virtual keyboard on a phone
>
> > On Mar 10, 2022, at 13:54, Paul Hoffman <paul.hoffman@icann.org> wrote:
> >
> > Greetings again. My motivation here is kinda trivial, but I've heard it
> is a common complaint. When writing a about DNSSEC, I need to reference the
> RFC. But it's three RFCs (4033, 4034, and 4035), and possibly another
> (6840). It would be awfully nice to refer to "DNSSEC" with a single
> reference like "BCP 250".
> >
> > To get there, we need to update the RFCs and say that we want an BCP.
> This is mostly a paperwork exercise, but this WG isn't terribly good at
> getting those done. Maybe we could create a short-lived WG for moving
> DNSSEC to BCP that just the DNSSEC-y people need to pay attention to. If we
> do it, that WG would not take up any new DNSSEC-related work, just spruce
> up the base RFCs.
> >
> > In the big picture, I think it would be good for the DNS to be able to
> refer to DNSSEC more easily. Thoughts?
> >
> > --Paul Hoffman_______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email