Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-13.txt
Warren Kumari <warren@kumari.net> Thu, 07 June 2018 13:27 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10CC6130EF4 for <dnsop@ietfa.amsl.com>; Thu, 7 Jun 2018 06:27:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iduDD_NDkiGV for <dnsop@ietfa.amsl.com>; Thu, 7 Jun 2018 06:27:40 -0700 (PDT)
Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 217F0130EEC for <dnsop@ietf.org>; Thu, 7 Jun 2018 06:27:40 -0700 (PDT)
Received: by mail-wr0-x22a.google.com with SMTP id e18-v6so1613573wrs.5 for <dnsop@ietf.org>; Thu, 07 Jun 2018 06:27:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8YvKbRBx0hlN1Xi5sXqvyDcL+/aT1FnKMOp87mMcXPw=; b=xxOlTtnwOLpsf4Z+2xY20k0ku21tM+DDH32sQpkVZzTaHS231EPfe1k5AoYt4vTBbu Za+dOw9p3l1OL4v7KsXoWLedzOhdm9rc41jPUB7RQJPe1DuBLevx5TxU/sFZGKS2swjY u6dPANE/2aIX7wi8f8A12x0CKvA6QJsJDLflsya3rPAuqOhxauzhEXl+Ah6ELcBKCdsg 0lDtqhVMNyEpJf+jU2BzT1bA8FuA+16YRiInzywEdjGAs2XtuHqOqKHAgAnfmuh1Gb2d UPB6eBz6JZi1JBUAzDUBdSmZdZ8QWTja9ljLZkfzbbvwwuJ0/kq5YuL++z4vp3q2Vse/ csfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8YvKbRBx0hlN1Xi5sXqvyDcL+/aT1FnKMOp87mMcXPw=; b=FBTle3bZmKpFzZXQIMj8/tqCr9U+tipriS5nA1vJj41qYQBbW4gUxGfTKZx50QGDF/ TAu8tKq9pO7o+WLhcPaC7mXsvHp+s/tHmKtjXk5v8d+G2I/I4lwk4jXI1kqSHGTcsjp3 CHyNAeLqIWgxDuA+bcMzQrj/3ulcZu5ZTv773c7eVmbIdWFBtb0LpNTam72wfmrBgjuD +bVub1iYasYSiVA5zbTp3UTXHkJi5ivjTSFORl/Kb2E6fg57tD9lTp5CsfahNlyMjaxa UzjmIFH++A5L+zRIHYECOkRVJU8fDcIjpP9yVcmc1ogGTh5AVmv8S2XgVPYxT/cldlgR 89Fw==
X-Gm-Message-State: APt69E1iYNtMyZcgF/S3Ph+8z76kt+5w0B/+XIE6B55JFaDEoAk632QB KW3gCYBBF3YhvBxMjSVeONhZfrIcSxjK1NCeBi55jftOXhE=
X-Google-Smtp-Source: ADUXVKLVUNFOM5G6tP7551pYXPxyHLjRFNPgPASLl6BqRC6aY6f+KuCYDYUsNyUihdvQQzsAKrATiqyZX1nbY5Zw3U4=
X-Received: by 2002:adf:ba01:: with SMTP id o1-v6mr1824154wrg.249.1528378058451; Thu, 07 Jun 2018 06:27:38 -0700 (PDT)
MIME-Version: 1.0
References: <152819337498.18034.6334780236325693774@ietfa.amsl.com> <CA+nkc8AmaDrAcLpSqRNDQK9eYJFzPML9Kge_5j_GiZ2eGGNwXQ@mail.gmail.com>
In-Reply-To: <CA+nkc8AmaDrAcLpSqRNDQK9eYJFzPML9Kge_5j_GiZ2eGGNwXQ@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 07 Jun 2018 09:27:02 -0400
Message-ID: <CAHw9_iLQacDjhp615bYvp_r=PLfpuhOpQAMSVnQ+0jgkPOP1Ng@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000041b82a056e0d3f3e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/C867ZQH9O7kFFvYTEuZ-6iPngS0>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-13.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 13:27:45 -0000
Thank you! As these are nits I just went ahead and integrated them -- https://github.com/APNIC-Labs/draft-kskroll-sentinel/commit/ba6794afbb585664841e9e8500ae719092f21fe2#diff-9030ca57bd3260a4a1010c41307b185c Thanks again, W On Tue, Jun 5, 2018 at 12:16 PM Bob Harold <rharolde@umich.edu> wrote: > > On Tue, Jun 5, 2018 at 6:09 AM <internet-drafts@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Domain Name System Operations WG of the >> IETF. >> >> Title : A Root Key Trust Anchor Sentinel for DNSSEC >> Authors : Geoff Huston >> Joao Silva Damas >> Warren Kumari >> Filename : draft-ietf-dnsop-kskroll-sentinel-13.txt >> Pages : 20 >> Date : 2018-06-05 >> >> Abstract: >> The DNS Security Extensions (DNSSEC) were developed to provide origin >> authentication and integrity protection for DNS data by using digital >> signatures. These digital signatures can be verified by building a >> chain of trust starting from a trust anchor and proceeding down to a >> particular node in the DNS. This document specifies a mechanism that >> will allow an end user and third parties to determine the trusted key >> state for the root key of the resolvers that handle that user's DNS >> queries. Note that this method is only applicable for determining >> which keys are in the trust store for the root key. >> >> [ This document is being collaborated on in Github at: >> https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most >> recent version of the document, open issues, etc should all be >> available here. The authors (gratefully) accept pull requests. RFC >> Editor, please remove text in square brackets before publication. ] >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-13 >> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-13 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-13 >> >> > Looks good. > A few nits: > > 4.1. Test Scenario and Objective > > "loose" -> "lose" > > > 4.3. Test Procedure > "The sentinel detection process test a DNS resolution environment with > three query names:" > > Perhaps "tests" is better grammer? > "The sentinel detection process *tests* a DNS resolution environment with > three query names:" > > -- > Bob Harold > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-… Warren Kumari
- [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sent… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-… Paul Hoffman
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-… Bob Harold