IETF Logo Mail Archive

Re: [DNSOP] kskroll-sentinel and unclear results

"Wessels, Duane" <dwessels@verisign.com> Tue, 29 May 2018 23:46 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11F4F124B17 for <dnsop@ietfa.amsl.com>; Tue, 29 May 2018 16:46:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aW0LB1Ge5ygM for <dnsop@ietfa.amsl.com>; Tue, 29 May 2018 16:46:57 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F0A912EC34 for <dnsop@ietf.org>; Tue, 29 May 2018 16:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8385; q=dns/txt; s=VRSN; t=1527637616; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=Owz+clDQnRhzpJJ8TRqdpYFLOawKKcHqvwYqismkgD0=; b=MHJlZ5NyoxKj07zCrg060hWOWghVmIfW8TRCmcogXUWUCAo0mxt9Xuc2 hLB7atiJ5udNcbNg0xNCmZQPwfDOcRpEFMte7QIbFnYr89y03rIF9B+pj IeqeAUxM2sVweGMi8h8/lUhsVncndtW6fDcIbWV70LZcbR9kjuAt/IpXs Aj5k4iPgFheYKLelzQ+CwG9OR+fhsxs7i+N0trmtQvq0+T7kI/JK1hCOz blUKh1wm+j0eXQhxIaZzbdQtYInSls9a4zZRYWXyYJyhCnpki788ks7Lr MGdhE6Sm5ChZ+x7cYmljmhE0SczdmoGVA4uvZ5cBrpmERW4SxuCYe+O3F w==;
X-IronPort-AV: E=Sophos; i="5.49,458,1520899200"; d="p7s'?scan'208"; a="4535426"
IronPort-PHdr: 9a23:nQk4IRH66aTZxEXEMJoNxJ1GYnF86YWxBRYc798ds5kLTJ7yocqwAkXT6L1XgUPTWs2DsrQY07eQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDqwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6jAf90VWHBBU95RWSJfH428c4UBAekPPelaronyu1QBoACxBQWwAePi0CNEimP00KA8zu8vERvG3AslH98WvnjbrMv6NLwJUe+ryKnI1i3PZO5Y1zfg8ofIdA4urf+RVr93bMXQx1cgFxjejlqOrYzlJCiY1voTvGiB7upgTuOvi2Ehqw1rvjevwcIsh5DPi4kIxF7E8iB5z5w0Jd2+UEN7bt+kEIdQtyGHLIR6WN8tQ2ZtuCs817YIuoa7cTAXxJg73RLTdv6KfoaS7h7+VOucLy10iX1hdb6nmhq+7VKsxvD+W8S6ylpGsypIn9fWun0C1BHe7NWMROFn8Ue7wzmP0hje6uRDIU8pi6XWM4UhwrsslpoLtkTDAzP2lF32jKCIckUk/fCl5vn7bLv+u5OTN5d6hA7/PagyhMCzG/o4PRQJX2iB4eSwzqfs8lDjTLVUlP02ia/ZvIrGKsQco661Gw5V0oA95BajFzqqzcgUkWMaIF9Hdh+LlZXlNlHALfziAvqyh0ygkDJxyPDHOr3hDI/NLn/GkLr5YLl85VBTyBEozd9B45JUEaoMIOztVU/rtdzYFR45MwOyw+r9FNp90YYeVXqVAqCFKKPSrUOI5uU3LumUfoAVpTL9J+Il5/7pg385l1odcrOv3ZYMdnC4BvJmLFmDbXrrmNcBHn8AvhAiQ+zylF2CTTlTam68Xq0m/DE7EpypDYHYS4CunbyB2T20HodXZmxcDFCDD2vofZ2eW/gQcCKSPtNhkjscWLe8TY8hzhautBfhxrpmMOXU5iMYuYjk1Nhv6O2A3S01oAR9EsDV82aDQWR9mCtcXzYr2OZ/pkJzz16F+bZghfceEsZcsaBnSAA/YNTjwvdhBtTpHkrtY96PRRzuFtm5DCoqQ9Yq68EDeUdmGtqkyBvE2nz5UPcui7WXCclsoern1H/rKpM4ki6e2Q==
X-IPAS-Result: A2FxAABj5Q1b/zGZrQpcGQEBAQEBAQEBAQEBAQcBAQEBAYQmgScKg22IBI5GIYEPkzuBPTsIAyMLhD4Cgjk0GAECAQEBAQEBAgEBAoEEDII1JAEKBEssMAEBAQEBAQEBAQEBAQEBARoCDWMBAQEBAgEjVgULAgEIGCoCAgIwJQIEDgUOgxQCgXcXpUWCHIRYg2mBWQoFCQGKAT6BMwyCXYMRAoRgMIIkAphiAwYCg0WBVVCKL4tLiWyEXh+BewICAgIEBQIUgUGCC3AVZQGCGIV8ilJvjT8rgQGBGQEB
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Tue, 29 May 2018 19:46:54 -0400
Received: from BRN1WNEXCAS02.vcorp.ad.vrsn.com (10.173.152.206) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1466.3 via Frontend Transport; Tue, 29 May 2018 19:46:54 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Tue, 29 May 2018 19:46:54 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: Warren Kumari <warren@kumari.net>, dnsop <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] kskroll-sentinel and unclear results
Thread-Index: AQHT96dSnEZeIDnn70mMnEGMi57ktg==
Date: Tue, 29 May 2018 23:46:53 +0000
Message-ID: <B62A1B20-9318-4936-B1D1-A5EDC23FC877@verisign.com>
References: <A53AF3DD-205D-4A8D-82DF-3255287FAFB0@vpnc.org> <CAHw9_iLV3R8YxZdN1==FBhekrmSDx+xPm1_Xj8q_1qi0MJ6FGQ@mail.gmail.com> <607759DF-1039-4BA9-A48C-60CF54398BA5@vpnc.org>
In-Reply-To: <607759DF-1039-4BA9-A48C-60CF54398BA5@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.153.48]
Content-Type: multipart/signed; boundary="Apple-Mail=_D3D658C0-4CF6-434C-B60F-3CAC928C54EB"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5rsOuSAHFsxvMQdSxGiximyALTU>
Subject: Re: [DNSOP] kskroll-sentinel and unclear results
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 23:46:59 -0000

> On May 24, 2018, at 7:51 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> 
> On 23 May 2018, at 11:49, Warren Kumari wrote:
> 
>> 
>> ​I for one would like to see proposed text - we can decide from that if it
>> makes things clearer.
> 
> The proposed text is at
>   https://github.com/APNIC-Labs/draft-kskroll-sentinel/pull/21
> It's an omnibus change, so you might want to pick up parts, but I think as a whole it deals with the above concerns in a consistent fashion.


Paul,

I took a look at your pull request.  I like the direction this is heading, and
I like the change from "invalid" to "bogus."  It leaves me with a couple
of questions though.

Your new second paragraph of section 3 says "this entire section is about
DNS resolution systems" and "we can classify DNS resolution systems into
five distinct behavior types" but the subsequent descriptions of Vnew,
Vold, etc still talk about a single resolver?

Similarly, in Appendix A should the text be changed so that, for example,
instead of saying "Bob is not using a validating resolver" it says "None
of the resolvers in Bob's DNS resolution system are validating"?

"All of Charlie's resolvers are validating..."?

"All of Dave's resolvers implement the sentinel method..."?


Nitpick: 

  "If a client directs these three queries to a DNS	
  resolution system where the resolvers have different propertied,
  the results cannot be determined."

Should be "properties" and I'd say "cannot be reliably determined."

DW

v2.23.0 | Report a Bug | By Email