Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Mark Andrews <marka@isc.org> Fri, 23 March 2018 03:12 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11E5D126BF6 for <dnsop@ietfa.amsl.com>; Thu, 22 Mar 2018 20:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O7H6aACnkOiF for <dnsop@ietfa.amsl.com>; Thu, 22 Mar 2018 20:12:49 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF685127444 for <dnsop@ietf.org>; Thu, 22 Mar 2018 20:12:49 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 7D9103AB002 for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:12:49 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 442E7160047 for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:12:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 2CA04160067 for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:12:49 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TOa18PXREddc for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:12:49 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id ACFF8160047 for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:12:48 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 23 Mar 2018 14:12:46 +1100
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org>
Message-Id: <07E69503-7DC2-4349-9F66-5D67DC58FF57@isc.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2SxbOwNHEZJaIdqSzgfbEfcvveI>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 03:12:51 -0000

> On 23 Mar 2018, at 11:55 am, Mark Andrews <marka@isc.org> wrote:
> 
> This title of this document DOES NOT match reality.
> 
> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be
> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”.
> 
> kskroll-sentinel-<what>-<id> really needs something other
> than “kskroll” as the first field.  “root-key-sentinel-<what>-<id>”
> really more clearly matches what it does.
> 
> Any other changes that follow from these two changes"

If we want to make this generic then we need at least two sets
of labels. One set for the root so we can avoid the single label issue
and one set for other TA’s which encode the TA’s name in the query.

e.g. 
	“ta-sentinel-<what>-<id>.<ta-name>.”

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org