Re: [DNSOP] requesting WGLC for 5011-security-considerations

Wes Hardaker <wjhns1@hardakers.net> Fri, 04 August 2017 22:08 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 112791276AF for <dnsop@ietfa.amsl.com>; Fri, 4 Aug 2017 15:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.741
X-Spam-Level:
X-Spam-Status: No, score=-2.741 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PTEH5g8oTh1 for <dnsop@ietfa.amsl.com>; Fri, 4 Aug 2017 15:08:29 -0700 (PDT)
Received: from mail.hardakers.net (unknown [168.150.236.43]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C29012708C for <dnsop@ietf.org>; Fri, 4 Aug 2017 15:08:29 -0700 (PDT)
Received: from localhost (50-1-20-198.dsl.static.fusionbroadband.com [50.1.20.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 0351A2778E; Fri, 4 Aug 2017 15:08:26 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: dnsop@ietf.org
References: <ybl4luqq05v.fsf@w7.hardakers.net> <7d425067-84ff-2471-d39a-0c3a20c0116c@pletterpet.nl>
Date: Fri, 04 Aug 2017 15:08:25 -0700
In-Reply-To: <7d425067-84ff-2471-d39a-0c3a20c0116c@pletterpet.nl> (Matthijs Mekking's message of "Thu, 20 Jul 2017 14:34:56 +0200")
Message-ID: <yblh8xn9eau.fsf@wu.hardakers.net>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0zefHOC5kEj-aV7FlvzueSdBsEw>
Subject: Re: [DNSOP] requesting WGLC for 5011-security-considerations
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 22:08:31 -0000

Matthijs Mekking <matthijs@pletterpet.nl>; writes:

> It's been a while since I have had a look at this draft, my apologies.

No worries; I'm due to publish the copy that is sitting on my disk with
updates to the math.  So *my* apologies in return.

(and the update should be a bit easier to read too)

I'll review your math proposal before publishing.  I'm not sure we agree
with your analysis yet, but will consider it carefully.

> Furthermore, this document should also give guidance on the wait time
> before a revoked DNSKEY can be removed from the zone:

(which is also in the unpublished update)

> This document should probably update RFC 7583 because it is giving a
> better definition of Itrp and Irev.

Probably true too.  Thanks for pointing that out.  I'll be honest, I've
always had a hard time reading 7583 because the acronyms fly fast a
furious and it's hard to remember which is which.

-- 
Wes Hardaker
USC/ISI