Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Fri, 08 July 2016 21:56 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0AF812D8A9; Fri, 8 Jul 2016 14:56:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vgfU1er7powY; Fri, 8 Jul 2016 14:56:55 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF2712D0E8; Fri, 8 Jul 2016 14:56:53 -0700 (PDT)
Received: from [10.0.1.4] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u68LucWN077330 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 8 Jul 2016 16:56:38 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.4]
From: Ben Campbell <ben@nostrum.com>
To: Wes Hardaker <wjhns1@hardakers.net>
Date: Fri, 08 Jul 2016 16:56:37 -0500
Message-ID: <7A3FCC93-B4C1-4695-B8C6-22C8972A7844@nostrum.com>
In-Reply-To: <0lfurjyg6o.fsf@wjh.hardakers.net>
References: <20160706222617.26800.68512.idtracker@ietfa.amsl.com> <0lfurjyg6o.fsf@wjh.hardakers.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5hIB08hEhHz7D7ZQM3JGTeFYpXw>
Cc: tjw.ietf@gmail.com, dnsop@ietf.org, draft-ietf-dnsop-dnssec-roadblock-avoidance@ietf.org, dnsop-chairs@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 21:56:57 -0000
Thanks for the response. Discussion inline, with things that appear to be addressed removed. Ben. On 8 Jul 2016, at 16:26, Wes Hardaker wrote: > "Ben Campbell" <ben@nostrum.com> writes: [...] > >> - 1.2, 2nd paragraph: Is "full non-support" effectively different >> from >> "non-support" in this context? > > CHanged to "Detecting complete lack of support", which I hope works > for you? It answers my question. But don't the described tests detect degrees of non-supportness? > >> Do we have reason to expect the github project to be maintained for >> the >> life of the RFC? > > I wondered about including such a URL. I doubt github or olafur will > ever drop the repository, however. I'm okay if the answer is "yes" or even "we hope so"; I just want to make sure people thought about it. > >> - 3.1.1 et. al. : Do we have reason to believe the dnssec-tools.org >> domain will be maintained for the life of the RFC? > > I think for some of the tests we may be able to use the root of the > DNS > instead. However, in some cases we need specific data types. > > I have no intention of ever dropping the signing of dnssec-tools.org, > and my co-workers have backup responsibility for it and the means to > sign it should I get thrown in jail by the protocol police, eg. (repeat previous comment) > [...] > >> -8: Seems like there could be more to say about the potential >> consequences about the “fail or proceed without security” >> decision in 6 >> and 6.1. > > I think the world is very much at a loss as to the best thing to do in > that case. And is likely very case specific. Military installations > tend to be a bit more strict about continuing through to a > unacceptable > security certificate, eg. I'm not sure we can enumerate every > context, > but rather say each local policy will need to do what is appropriate > for them. > I think it would be useful to say _that_. (as in "here's a security consideration people need to, well, consider") > -- > Wes Hardaker > Parsons
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Wes Hardaker
- [DNSOP] Ben Campbell's No Objection on draft-ietf… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Wes Hardaker
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Wes Hardaker