IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-07.txt

Bob Harold <rharolde@umich.edu> Tue, 31 October 2017 21:01 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0562413F551 for <dnsop@ietfa.amsl.com>; Tue, 31 Oct 2017 14:01:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y0Am2RcQ6zoa for <dnsop@ietfa.amsl.com>; Tue, 31 Oct 2017 14:01:52 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF7A13875A for <dnsop@ietf.org>; Tue, 31 Oct 2017 14:01:52 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id m18so239502pgd.13 for <dnsop@ietf.org>; Tue, 31 Oct 2017 14:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=m2NOofcTeZ1g60KhvjFGgAP+lW+6jHSZdAvgFCT3Fdc=; b=b98KUJHkQx4fyLXkYzFif5KRy0lul66Jod/u1K1bF19xOuX5Hg3Zz5OtlFpusH7NQ/ 2CNq6dyhc+fvwA0tM5qruu9bUHW62dnSEN7Ikc4EBNS2QGaQ+GfFhg0ae/DnIEcZwnUT TAiYwMIPMTlgTM6BKjpa7egLwD1dVmgTzNQxhnDlyNj9ghV3F9PflVSQumCYhVfs9At9 RXaxON9TPOThIYziOpiZL0nJS0/vytbXjFZUtftbyuUTdtJsq8PpnQfLS5suUHdl9aTj 90u7r6svX0VQejR9BrzbanUwGZSt7bwlowObEEexkwRSlVUzcUgKOEuZPUjMOczUtdbt NeqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=m2NOofcTeZ1g60KhvjFGgAP+lW+6jHSZdAvgFCT3Fdc=; b=sB6xUvtcbN3d+ArGb6fw5h6qFj3DQ1UQVOTEjea2J4Cbeh1uLWdGy7AEx6ChcWbVe1 5/bG/W2ZQE2rqOdybAjOhDTBMsnU1Qbvz8RPR3PSapG1wtr0nnSQVeu1ffShhJPhGSSW 2TrORFMnTCWlmJ3jJ0LeHX/5M0NmZC+qAN6cOGFR0s6OtmIefdWunob/16ruxlmbaf1g kKmcMq5HSDnMhs4jjxxuaQtQHHxyNGQTCUAep/HAvLJAPT7A+qiqsRRbsANzhehkLxMq S7I92tnNKXNzaGK52zlxBXuSi4PvkAU9ZqYftj3KF1zIJ5EAUGfWI2FpSztoyh4dI86Y Z8FQ==
X-Gm-Message-State: AMCzsaXNd9OtRrIUUaA7E5bYG6GmlD3HF83hMwQRQLrG4JYcwlL1BqJ/ TGo1wE2k6gWMrvx4f3e8YFiYtcmHmrHTINf8HWiRNg==
X-Google-Smtp-Source: ABhQp+TZxg0ZZS7/hCi2QtsBFCNFjC3wL8JTdI+Q/0EP+5+CHp/WIDVAvK22eHJcDraA5jSr8r27AzJYGNuXJHwn2hA=
X-Received: by 10.98.18.18 with SMTP id a18mr3355237pfj.301.1509483711059; Tue, 31 Oct 2017 14:01:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.130.4 with HTTP; Tue, 31 Oct 2017 14:01:50 -0700 (PDT)
In-Reply-To: <150940619490.28403.7485909732104218964@ietfa.amsl.com>
References: <150940619490.28403.7485909732104218964@ietfa.amsl.com>
From: Bob Harold <rharolde@umich.edu>
Date: Tue, 31 Oct 2017 17:01:50 -0400
Message-ID: <CA+nkc8CsQShE3XOxbvv_DC_TNb3vChCqk7pG4kH-A26Cb97B1A@mail.gmail.com>
To: internet-drafts@ietf.org
Cc: i-d-announce@ietf.org, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="001a114596aa646bf2055cde100d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2HH-T-qj73MBu9Z8oYG1kiY0_kk>
Subject: Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-07.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 21:01:56 -0000

On Mon, Oct 30, 2017 at 7:29 PM, <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Domain Name System Operations WG of the
> IETF.
>
>         Title           : BULK DNS Resource Records
>         Authors         : John Woodworth
>                           Dean Ballew
>                           Shashwath Bindinganaveli Raghavan
>                           David C Lawrence
>         Filename        : draft-woodworth-bulk-rr-07.txt
>         Pages           : 16
>         Date            : 2017-10-30
>
> Abstract:
>    The BULK DNS resource record type defines a method of pattern-based
>    creation of DNS resource records based on numeric substrings of query
>    names.  The intent of BULK is to simplify generic assignments in a
>    memory-efficient way that can be easily shared between the primary
>    and secondary nameservers for a zone.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-woodworth-bulk-rr/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-woodworth-bulk-rr-07
> https://datatracker.ietf.org/doc/html/draft-woodworth-bulk-rr-07
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-woodworth-bulk-rr-07
>
>
I don't understand this section:

5.1.1. On-the-fly Signatures
 ...
   One possibly mitigation for addressing the risk of keeping the zone
   signing key online would be to continue to keep the key for signing
   positive answers offline and introduce a second key for online
   signing of negative answers.


Since every positive answer would be different, they would need a different
signature, which would need to be generated online.
Or do I not understand something?  (Is this part of the NPN solution that
was deleted?)

-- 
Bob Harold

v2.23.0 | Report a Bug | By Email