IETF Logo Mail Archive

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

Tim Wicinski <tjw.ietf@gmail.com> Wed, 19 June 2024 13:37 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5000C151545; Wed, 19 Jun 2024 06:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwP6e-r8dMXO; Wed, 19 Jun 2024 06:37:06 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AE7BC14CE2C; Wed, 19 Jun 2024 06:37:06 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a6cb130027aso448443166b.2; Wed, 19 Jun 2024 06:37:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718804225; x=1719409025; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IPu4/LKIFOfhq3tMzZUo7Psj9mE4chQqq6C7h1/iIaQ=; b=e+L3uc7n+mIiJ15N5JR5GNaItCGlXwBa0rtTV7Wo8WqFRI5VCZpUu6dyeuZLg62Nmh PMZHSYFTf/VDF3qSoOUw4MvK3YzIP2837CCLz2gKplbmfdBHUoRiwwNerzP71o7QaLHy ZEl+hBvDMRIofWrvhlHGgD5Yi3bhvjd9fLn/kQ3iLNyEPtRTplpPZGeDofnkaZhPC7Mn sOw8WggDcbtv1svYoEhmkBi+r72qwRHOMfL3gSvUZzxDHGbKzXP41RXgjmlvJth7cLmq eumaenY+xV74Us8M1WwyREbEKOdfvt7kDFibB3S0vDXtqTrElm9xCjKs/faRT7zPVBrr OEoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718804225; x=1719409025; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IPu4/LKIFOfhq3tMzZUo7Psj9mE4chQqq6C7h1/iIaQ=; b=EY77V3W4vfTnpDgBIypJypGpl+X1pCX1fRoh1a2rZijh9lK44bRhXDCWlDmGvKgdod sXQhx/qFDw4KnimciODLhMd7HSdWPp8HyW9YTCJlg/QcAXLWIxhs9yA23GQw8ARSabaw EwsQFuieNf8cBukF4btaZLP3o8Bri/o8Hz5zDVzI5u3HJg1XOmldS7lrkRenmCVVUeA/ I7+kgizZKOLLIDCF1s1Ovh9RhLT7CPfZ3prYZB14D7pwav2q9io7VLh6sG5/JfAFW2we 4OeNsjHT3ASS75sFp+tHhuC+4Z+Du9CxJb9NcWfPKVDeiaPQC4hzaz7d+kebR1SteG3L nNzQ==
X-Forwarded-Encrypted: i=1; AJvYcCWFz6vonvCnTFBwIhHhwqwC9TqITBYYSEJIkXWVQAwmf5c6Iiy8dIAEG25TZ4IV82XbzpFgBUcATD/s+plle28aYz7tP1+GBHaRFZqkWCAJ3wCBMMHd
X-Gm-Message-State: AOJu0YyN1hSztJIyHy+DMT0IWMYD7B+0k+i4JZ+PWKxhRSg7AYFvSfTH YcV8UXzHoGv6TrJMSLZSah8wpBG3ElY9qsLXB2vc/BnWKo4igW0c2J4ZVnWbffIUNgA4Fk1ACds dAxLuwKHW8ejY7yj/wMjfbreE61G+Pg==
X-Google-Smtp-Source: AGHT+IE/ZQtCoCAEwU/QoZaCjXF1ztKEcnUxeceb7B0FDlvYaP2OsYTTPECDoHI2CtGgFbFg9D4m6md2pJpW752cZLA=
X-Received: by 2002:a50:930e:0:b0:57a:2763:c29b with SMTP id 4fb4d7f45d1cf-57d07ebcaedmr1776629a12.41.1718804224434; Wed, 19 Jun 2024 06:37:04 -0700 (PDT)
MIME-Version: 1.0
References: <9DE49AD4-13B4-48DC-B68C-9172CB91F5F6@icann.org> <B7C5C05C-100D-4F7A-9FA6-49126A10ED62@strandkip.nl> <41143965-0CA1-455E-8BF1-4DA8BD3FF195@icann.org>
In-Reply-To: <41143965-0CA1-455E-8BF1-4DA8BD3FF195@icann.org>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Wed, 19 Jun 2024 09:36:52 -0400
Message-ID: <CADyWQ+HQc1pS+6-Pqya_raM45TiYk5=H5wk-qJv=Hxy9ukKTTw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Content-Type: multipart/alternative; boundary="0000000000003c694e061b3e4b1f"
Message-ID-Hash: K2LEP7NERI6GMUMBAM7R7PYNK327P52L
X-Message-ID-Hash: K2LEP7NERI6GMUMBAM7R7PYNK327P52L
X-MailFrom: tjw.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Joe Abley <jabley@strandkip.nl>, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2Z0OvhidqijdouvEUZF0sbKIztA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

`To follow up on this discussion, I've talked with Paul and I'm OK with
leaving the last paragraph of section 3.3 in place.  Joe Abley has been the
only other outspoken one on this.

I have the feeling/consensus/vibes that the latest version makes the text
clearer.  We will discuss this with Warren later today with the opinion
the document is ready to passed back to him.

Please speak up if you feel otherwise

tim


On Mon, Jun 17, 2024 at 5:14 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> On Jun 17, 2024, at 13:39, Joe Abley <jabley@strandkip.nl> wrote:
> >
> > Hi Paul,
> >
> > On 17 Jun 2024, at 21:18, Paul Hoffman <paul.hoffman@icann.org> wrote:
> >
> >> The paragraph reads:
> >>
> >> If the "root-servers.net" zone is later signed, or if the root servers
> are named in a
> >> different zone and that zone is signed, having DNSSEC validation for
> the priming queries
> >> might be valuable.
> >> The benefits and costs of resolvers validating the responses will
> depend heavily on
> >> the naming scheme used.
> >>
> >> It is still accurate as it stands, does not lead to an assumption of
> what name would be signed and, more importantly, strongly indicates that
> the name that eventually gets signed might be different than
> root-servers.net. I'm not sure why we would want to remove that.
> >
> > It might be technically true (although I could still nitpick about the
> assumption that the root server names must necessarily live in a zone other
> than the root) but I don't think it's useful.
>
> I find it useful, but I see that it is also off-topic for current priming.
> Please note that the first sentence was actually part of RFC 8109, and I
> don't remember people objecting to it then.
>
> --Paul Hoffman
>
>

v2.39.1 | Report a Bug | By Email | System Status