IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse

Warren Kumari <warren@kumari.net> Tue, 20 December 2016 19:38 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36683129B21 for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 11:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_wZnfivTE7O for <dnsop@ietfa.amsl.com>; Tue, 20 Dec 2016 11:38:19 -0800 (PST)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7E68129B3B for <dnsop@ietf.org>; Tue, 20 Dec 2016 11:38:19 -0800 (PST)
Received: by mail-qt0-x22a.google.com with SMTP id c47so186579915qtc.2 for <dnsop@ietf.org>; Tue, 20 Dec 2016 11:38:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QJCVP9hYb0wcTAmLWYz4TpL7Xolv71/piW6VwjcPzRo=; b=E1pA4J76BdNUry0xjLIYxBCZk0zAb0adqPeF2GZoUg+khHgsyhIAJSHwt2iH4xDObe cb06Rb6S6++LFu/USwJBu3Kg3/XjjWMx8Fn+ex30Bda2P3lSO/7yXTpAwHbsw8om2Tz6 ThBh7OHVub2npPmAQs5pVvt6s8WdmSM00vgVPiGZPqpuVU+zixAPNodq9AjZmm2AwGTr gFAHU/XLO4uw8xGoQ/aPWdIDc0danimIgQCSyT/HoQEfN4C9dq1ZwrVxxwoUg2ubC9R0 YTzVbpSQexGnDtuHo9wh77JK+4fqjwgnDnOcToslUHVBUCgKD8BZADdCTVDxG0BjOZuA imhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QJCVP9hYb0wcTAmLWYz4TpL7Xolv71/piW6VwjcPzRo=; b=hFhgZZ2u9i54L5RgKAlVMwhO5qDgs2KQ0M5J/ikho7dKLGwS0J3pu8tTTM0oTsSt/j kNcOHE8LFfRPbB8e1QndbIH/61aU1s7YEpRRFZmgZwvum+LQ/tvJ870My/5Dq8bPtFjQ AORyHPa4CJALMeXqJCGGsY/pUEEoYAjp+ZsWK+mGiKcXndx/2ki4Gg9ekJ6lMveAYUXK WCmUjBqOAyrfTWSt9GByu8VlSX1d3ZzBbk4AmPs8e843wgzwqZR4JqRm9NcU62pa4M42 +y0kaquVq5kN0OSiDVwbb8g9X1bHtpKb6SS2j6OuwORQY2KTMacMzVw8gi09+p6nHuus Mpyg==
X-Gm-Message-State: AIkVDXIu86XEwC+3FTBmzjygVDKOIKKZagr66BZgu27TGp/cGt2j3DQ3RnXdpkylzUZNHEjy/kz1SqS2+VgMMw/o
X-Received: by 10.200.44.123 with SMTP id e56mr1099443qta.122.1482262698645; Tue, 20 Dec 2016 11:38:18 -0800 (PST)
MIME-Version: 1.0
References: <CADyWQ+EJ0LO=pU-yUdEHwC3aP5KdXxsnD9kEvmmTeAoe0BxK3A@mail.gmail.com> <CAHw9_i+uwq9ofZ6hdG7Ngyz4s23F0XgiMSzazwFKw7DiTcEFDQ@mail.gmail.com> <20161220105915.xkrk5h57lqqfbsl2@nic.fr>
In-Reply-To: <20161220105915.xkrk5h57lqqfbsl2@nic.fr>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 20 Dec 2016 19:38:08 +0000
Message-ID: <CAHw9_iL-VKTVCzXydJHsWtM+LN_sr2hR_NijhMfCCS7=RUNQaw@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Content-Type: multipart/alternative; boundary="001a113bc8809df5f905441c2d01"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/15GtRjndj9Xc9YS7Hjnf1SZ90DQ>
Cc: tjw ietf <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2016 19:38:21 -0000

On Tue, Dec 20, 2016 at 5:59 AM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Tue, Dec 13, 2016 at 07:16:37PM +0000,
>  Warren Kumari <warren@kumari.net> wrote
>  a message of 132 lines which said:
>
> > The authors think that they have captured / addressed everyone's
> > comments - if we missed (or misunderstood) anything, it was
> > unintentional.
>
> One of my comments was not addressed. I would like, in section 10, see
> some details about what exactly is implemented by Unbound and Google
> Public DNS:
>
> * synthesis of NXDOMAIN from NSEC (obviously; that's the minimum)
> * synthesis of NXDOMAIN from NSEC3 (if no opt-out)
> * synthesis of NODATA from NSEC/NSEC3
> * synthesis of positive answers from wilcards+NSEC
> * all of them?
>

The Google Public DNS code is constantly evolving - I'm discussing with the
team lead to see what answers I can provide to the above....
Is this a "nice to know", or do you think it needs to hold up the WGLC? Can
/ should I just remove the section?


W

v2.23.0 | Report a Bug | By Email