Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

Jay Daley <jay@nzrs.net.nz> Wed, 04 November 2009 23:33 UTC

Return-Path: <jay@nzrs.net.nz>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D94A3A6A46 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:33:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Z+uawxvZ8hZ for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:33:10 -0800 (PST)
Received: from srsomail.nzrs.net.nz (srsomail.nzrs.net.nz [202.46.183.22]) by core3.amsl.com (Postfix) with ESMTP id 860653A6A41 for <dnsop@ietf.org>; Wed, 4 Nov 2009 15:33:10 -0800 (PST)
Received: from localhost (srsomail.office.nzrs.net.nz [202.46.183.22]) by srsomail.nzrs.net.nz (Postfix) with ESMTP id 984371E003; Thu, 5 Nov 2009 12:33:30 +1300 (NZDT)
X-Virus-Scanned: Debian amavisd-new at srsomail.office.nzrs.net.nz
Received: from srsomail.nzrs.net.nz ([202.46.183.22]) by localhost (srsomail.office.nzrs.net.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQADPVUXV9YV; Thu, 5 Nov 2009 12:33:26 +1300 (NZDT)
Received: from [192.168.22.175] (unknown [192.168.22.175]) (Authenticated sender: jay) by srsomail.nzrs.net.nz (Postfix) with ESMTP id 206CF1E004; Thu, 5 Nov 2009 12:33:26 +1300 (NZDT)
Message-Id: <A7FB8915-5E5B-479A-A0EA-4E9A4AD13B16@nzrs.net.nz>
From: Jay Daley <jay@nzrs.net.nz>
To: Matthew Dempsky <matthew@dempsky.org>
In-Reply-To: <d791b8790911041345u378d9525i1cfc48251fe2d132@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 05 Nov 2009 12:33:25 +1300
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <20091104192634.GA31981@vacation.karoshi.com.> <d791b8790911041141k71066fa9nede54d5dff9394fa@mail.gmail.com> <8643905B-B73B-4D87-A1CE-F218E4BA9FD4@virtualized.org> <d791b8790911041345u378d9525i1cfc48251fe2d132@mail.gmail.com>
X-Mailer: Apple Mail (2.936)
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 23:33:11 -0000

On 5/11/2009, at 10:45 AM, Matthew Dempsky wrote:

> I'd appreciate if someone could clarify what the "large responses"
> that will preexist "actual DNSSEC usable data" that Bill Manning is
> referring to are.  It's unclear to me whether it's still technically
> DNSSEC data and hence would require a client to send DO=1, or if it
> will be something like large additional section TXT records or just
> trailing bytes.


As far as I am aware, yes it is real DNSSEC data so yes it will  
require DO=1 but the keys will be dummy keys (i.e. secret) that cannot  
be configured as trust anchors and so the signatures will be ignored.   
At the end of that phase, real keys will be used and published.

See

http://sel.icann.org/meetings/seoul2009/presentation-dnssec-workshop-lamb-28oct09-en.pdf

for more details

Jay

-- 
Jay Daley
Chief Executive
.nz Registry Services
desk: +64 4 931 6977
mobile: +64 21 678840