IETF Logo Mail Archive

Re: [DNSOP] SIG(0) useful (and used?)

Tom Pusateri <pusateri@bangj.com> Wed, 20 June 2018 14:59 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8549130F13 for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 07:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJYqBnSc5JzB for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 07:59:39 -0700 (PDT)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45B9E130DF3 for <dnsop@ietf.org>; Wed, 20 Jun 2018 07:59:39 -0700 (PDT)
Received: from [10.46.144.157] (unknown [209.59.114.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id 30ACBFB9; Wed, 20 Jun 2018 10:59:36 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <6C8533C2-6510-4A0E-A7EA-50EB83E43A7D@isc.org>
Date: Wed, 20 Jun 2018 10:59:36 -0400
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6B764CF2-FC1F-4B55-B4A3-F49729847DCF@bangj.com>
References: <6C8533C2-6510-4A0E-A7EA-50EB83E43A7D@isc.org>
To: Ondřej Surý <ondrej@isc.org>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7z3barInPI1rtComP3VXQnVRSUY>
Subject: Re: [DNSOP] SIG(0) useful (and used?)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 14:59:41 -0000


> On Jun 19, 2018, at 4:48 PM, Ondřej Surý <ondrej@isc.org> wrote:
> 
> 
> Do people think the SIG(0) is something that we should keep in DNS and it will be used in the future or it is a good candidate for throwing off the boat?
> 
> Ondrej

As far as I can tell, SIG(0) is the only mechanism in DNS to ensure the question you asked is being answered as well as ensuring that all of the responses from the server are included.

DNSSEC will tell you the answer you get is correct but it could be a to a different question or be incomplete.

This would seem to be an important tool in the toolbox as we move forward into more private and secure DNS.

Tom

v2.23.0 | Report a Bug | By Email