IETF Logo Mail Archive

Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free

Florian Weimer <fweimer@redhat.com> Wed, 23 March 2016 21:10 UTC

Return-Path: <fweimer@redhat.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4555212D632 for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 14:10:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.932
X-Spam-Level:
X-Spam-Status: No, score=-6.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZafOFeJArDVm for <dnsop@ietfa.amsl.com>; Wed, 23 Mar 2016 14:10:42 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1F9B12D93C for <dnsop@ietf.org>; Wed, 23 Mar 2016 14:10:39 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 79AF48553D for <dnsop@ietf.org>; Wed, 23 Mar 2016 21:10:39 +0000 (UTC)
Received: from oldenburg.str.redhat.com (ovpn-204-38.brq.redhat.com [10.40.204.38]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2NLAbXD011809 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Wed, 23 Mar 2016 17:10:39 -0400
To: dnsop@ietf.org
References: <CAC=TB13r_7TPEcUeZqH6sxqKXHRn7TgFwLwdqjBxa57aqS1MZg@mail.gmail.com> <20160323130755.GA798@mx2.yitter.info> <CAC=TB10whpfc15pW-USiy3=4AC1rM-EWg72M4bzHN3CyDhWDTw@mail.gmail.com> <20160323200310.GI1450@mx2.yitter.info>
From: Florian Weimer <fweimer@redhat.com>
Message-ID: <56F3064C.90506@redhat.com>
Date: Wed, 23 Mar 2016 22:10:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160323200310.GI1450@mx2.yitter.info>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/1B-KXCqPJBZZAQ4NLP1pgRq99cQ>
Subject: Re: [DNSOP] Introducing draft-vavrusa-dnsop-aaaa-for-free
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 21:10:44 -0000

On 03/23/2016 09:03 PM, Andrew Sullivan wrote:
> I don't understand how it's a way to evaluate this claim.  DNSSEC
> includes a bit (DO) that says you're prepared to handle the additional
> data in the answer section.  Indeed, the unpreparedness of people for
> this data was just exactly the reason for the DO bit.  What isn't
> clear to me is whether people implemented that as, "Take whatever
> comes in the answer even if you didn't ask for it," or whether they're
> looking for DNSSEC data.  The latter is what DO says one is prepared
> to do.

DO was used initially for SIG and kept for RRSIG.  For an early DNSSEC
implementation, RRSIG was just another unsolicited RR type because it
could only know about SIG.  This suggests (to me at least) that
practically speaking, DO isn't strongly tied to DNSSEC.

Florian

v2.23.0 | Report a Bug | By Email