Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec
Frederico A C Neves <fneves@registro.br> Thu, 21 November 2019 01:20 UTC
Return-Path: <fneves@registro.br>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 608231208EC for <dnsop@ietfa.amsl.com>; Wed, 20 Nov 2019 17:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPK0WVEEhNEP for <dnsop@ietfa.amsl.com>; Wed, 20 Nov 2019 17:20:33 -0800 (PST)
Received: from clone.registro.br (clone.registro.br [200.160.2.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83FE0120090 for <dnsop@ietf.org>; Wed, 20 Nov 2019 17:20:33 -0800 (PST)
Received: by clone.registro.br (Postfix, from userid 1000) id BA703535D1D; Wed, 20 Nov 2019 22:20:30 -0300 (-03)
Date: Wed, 20 Nov 2019 22:20:30 -0300
From: Frederico A C Neves <fneves@registro.br>
To: Shane Kerr <shane@time-travellers.org>
Cc: dnsop@ietf.org
Message-ID: <20191121012030.GP29946@registro.br>
References: <CADyWQ+Gip_1qYv8ZQBBfY3OUFxizOMVMpckQZtZRNu4JJtGnLA@mail.gmail.com> <498723c1-d8a5-2668-966b-b3bb9d7312c5@NLnetLabs.nl> <d6400cf2-90cb-2994-1f0f-e28706d6ea18@time-travellers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <d6400cf2-90cb-2994-1f0f-e28706d6ea18@time-travellers.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CcBJYlYs95mikgY_fsw93XWBpIg>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 01:20:35 -0000
Shane, On Wed, Nov 20, 2019 at 04:52:22PM +0100, Shane Kerr wrote: > Benno and all, > > Overall the document is clear and I hope helpful to organizations > pursuing a multi-DNS vendor setup who want to use DNSSEC (as all do, I > am sure). > > One minor thing I noticed while looking through the document. It > mentions the Brazilian ccTLD as background why using a liberal rollover > is workable: > > In fact, testing by the .BR Top Level > domain for their recent algorithm rollover [BR-ROLLOVER], > demonstrates that the liberal approach does in fact work with current > resolvers deployed on the Internet. > > However, the BR-ROLLOVER reference is to a presentation which discusses > the plans to try a liberal rollover in Brazil, but doesn't actually > claim that it works. Was there further published research that can > support this idea? There is a presentation I gave at ICANN-63 with the rollover report. * ICANN 63 - Oct/2018 https://static.ptbl.co/static/attachments/191746/1540217948.pdf Audio (English): starting at 57min50s http://audio.icann.org/meetings/bcn63/bcn63-OPEN-2018-10-24-T0636-113-en-DNSSEC-Workshop-1-of--3.m3u This was previously reported at dns-operations, https://lists.dns-oarc.net/pipermail/dns-operations/2018-October/018029.html Besides of this I think there may be already published references of this on works of Moritz Muller and Taejoong Chung. They greatly helped us with the monitoring of the rollover. > > Cheers, > > -- > Shane > Fred
- [DNSOP] Working Group Last Call for draft-ietf-dn… Tim Wicinski
- Re: [DNSOP] Working Group Last Call for draft-iet… Benno Overeinder
- Re: [DNSOP] Working Group Last Call for draft-iet… Brian Dickson
- Re: [DNSOP] Working Group Last Call for draft-iet… Paul Ebersman
- Re: [DNSOP] Working Group Last Call for draft-iet… Paul Hoffman
- Re: [DNSOP] Working Group Last Call for draft-iet… Henderson, Karl
- Re: [DNSOP] Working Group Last Call for draft-iet… Shane Kerr
- Re: [DNSOP] Working Group Last Call for draft-iet… Bob Harold
- Re: [DNSOP] Working Group Last Call for draft-iet… Frederico A C Neves
- Re: [DNSOP] Working Group Last Call for draft-iet… Shumon Huque
- Re: [DNSOP] Working Group Last Call for draft-iet… Shumon Huque
- Re: [DNSOP] Working Group Last Call for draft-iet… Matthijs Mekking