Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec

Frederico A C Neves <fneves@registro.br> Thu, 21 November 2019 01:20 UTC

Return-Path: <fneves@registro.br>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 608231208EC for <dnsop@ietfa.amsl.com>; Wed, 20 Nov 2019 17:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPK0WVEEhNEP for <dnsop@ietfa.amsl.com>; Wed, 20 Nov 2019 17:20:33 -0800 (PST)
Received: from clone.registro.br (clone.registro.br [200.160.2.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83FE0120090 for <dnsop@ietf.org>; Wed, 20 Nov 2019 17:20:33 -0800 (PST)
Received: by clone.registro.br (Postfix, from userid 1000) id BA703535D1D; Wed, 20 Nov 2019 22:20:30 -0300 (-03)
Date: Wed, 20 Nov 2019 22:20:30 -0300
From: Frederico A C Neves <fneves@registro.br>
To: Shane Kerr <shane@time-travellers.org>
Cc: dnsop@ietf.org
Message-ID: <20191121012030.GP29946@registro.br>
References: <CADyWQ+Gip_1qYv8ZQBBfY3OUFxizOMVMpckQZtZRNu4JJtGnLA@mail.gmail.com> <498723c1-d8a5-2668-966b-b3bb9d7312c5@NLnetLabs.nl> <d6400cf2-90cb-2994-1f0f-e28706d6ea18@time-travellers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d6400cf2-90cb-2994-1f0f-e28706d6ea18@time-travellers.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CcBJYlYs95mikgY_fsw93XWBpIg>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 01:20:35 -0000

Shane,

On Wed, Nov 20, 2019 at 04:52:22PM +0100, Shane Kerr wrote:
> Benno and all,
> 
> Overall the document is clear and I hope helpful to organizations 
> pursuing a multi-DNS vendor setup who want to use DNSSEC (as all do, I 
> am sure).
> 
> One minor thing I noticed while looking through the document. It 
> mentions the Brazilian ccTLD as background why using a liberal rollover 
> is workable:
> 
>    In fact, testing by the .BR Top Level
>    domain for their recent algorithm rollover [BR-ROLLOVER],
>    demonstrates that the liberal approach does in fact work with current
>    resolvers deployed on the Internet.
> 
> However, the BR-ROLLOVER reference is to a presentation which discusses 
> the plans to try a liberal rollover in Brazil, but doesn't actually 
> claim that it works. Was there further published research that can 
> support this idea?

There is a presentation I gave at ICANN-63 with the rollover report.

 * ICANN 63 - Oct/2018                                                                                                  https://static.ptbl.co/static/attachments/191746/1540217948.pdf                                                         
 Audio (English): starting at 57min50s                                                                                  http://audio.icann.org/meetings/bcn63/bcn63-OPEN-2018-10-24-T0636-113-en-DNSSEC-Workshop-1-of--3.m3u 

This was previously reported at dns-operations,

https://lists.dns-oarc.net/pipermail/dns-operations/2018-October/018029.html

Besides of this I think there may be already published references of
this on works of Moritz Muller and Taejoong Chung. They greatly helped
us with the monitoring of the rollover.

> 
> Cheers,
> 
> --
> Shane
> 

Fred