IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Warren Kumari <warren@kumari.net> Fri, 23 March 2018 12:23 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6F211201F8 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 05:23:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ck3Y7K-PrSg1 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 05:22:59 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2389124235 for <dnsop@ietf.org>; Fri, 23 Mar 2018 05:22:58 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id l16so3197323wmh.3 for <dnsop@ietf.org>; Fri, 23 Mar 2018 05:22:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=F9ta8xGImTDgMxde2P3wVVF2VFLI2MH8TvEXGvAVE4c=; b=Wit89nxJwbtPGs+fps7Y0MX4Xg9tUo2NKeb91j6obeQIl1x6V3pu+u20fwgEU+/YKt 1NWuIpwIdDoOiQIiB7pxxqVXBYveUbqGLI6Mp3EhR1+mYYcQQO2OPUsIdljC7xqf1qcb ocUHu7I0Kf3kUZFpd44wQgX4nhDwFzXSaIi4kQ1g04JVM9a6JAyZ5ZM/qBIsuIugpfB9 bUslwsi1DFkWQNh1VWDwgj5cKk3eXrTntq3YDFQQrKrN5mHE741ynqNZlTHbcmLdUuec TUYDcYlhoJnFmnnrHPBTQxnZdk+ML589oj1eBQJfY3nkp8MkVrlUrppL+xlj5RlT7E90 uqEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=F9ta8xGImTDgMxde2P3wVVF2VFLI2MH8TvEXGvAVE4c=; b=eCv+dShGDdhDsYGbWLe0iWSKXSkBcjdeALA3+cBlaGtmcNJdGxObu88mz+eGLQ2+Py 80fMXVe9A+3chDlISpmk4sxeumZ8SIJDqMgJGloL6G4DwjRRCjpb9a2PFDvy0xMzEwUJ QIuEtgOUZIDSfadOOfVM6nro1+/RBmjntDYSM+lH1UsNQtuxEtXP538H+fJQJDSQBdet xM/eaJFx670Qs3kGVUIJ995GyCbbRRebsOhYWbnCtNmHCklO9lt5yJAYVUT9XIcL/9PV 6ebJyEaQTcCL0QYIPNciH76Ke3FBWEeAhlLClllyupb5qkv3eoI9DuPeDfS3KMvq767P ZGWQ==
X-Gm-Message-State: AElRT7EkWCw1BjlNm/oZgr8R/aWvDtLj+FZ9h8ruOGAgbAae4rwzwOlP KWblpJQE+ClK37qteT9ElT+W4E2dobPQ3ARCSFRAtfiKSgw=
X-Google-Smtp-Source: AG47ELtC04/jEHUwq8PyCoTlIFY9ndpe30iSClEfXHQaWueIdjMAkKM37AieiqwIBd1WXkvtsKRQG6Os0sg3toFRbsI=
X-Received: by 10.28.124.22 with SMTP id x22mr6308155wmc.71.1521807776750; Fri, 23 Mar 2018 05:22:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.226.76 with HTTP; Fri, 23 Mar 2018 05:22:16 -0700 (PDT)
In-Reply-To: <CA011081-234B-4D9D-A400-EE637141CDEC@isc.org>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <CA011081-234B-4D9D-A400-EE637141CDEC@isc.org>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 23 Mar 2018 12:22:16 +0000
Message-ID: <CAHw9_i+EYXLtK+iexYMdOzggPiiwiz=QTpeZbWOCfpCJR+g6JA@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CdpVlfd3vOtFsYRUzRVJmzvJ3nE>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 12:23:02 -0000

On Fri, Mar 23, 2018 at 10:28 AM, Mark Andrews <marka@isc.org> wrote:
> Also Section 3.1 is not specific enough to implement.  QNAME needs a
> qualifier (current or original).
>
> The leftmost label of the QNAME is either "kskroll-sentinel-is-ta-
>       <key-tag>" or "kskroll-sentinel-not-ta-<key-tag>"

This was too terse for me to parse.

The check is: Does the left most label in the query name match
"kskroll-sentinel-is-ta-<key-tag>" where <key-tag> is as unsigned
decimal integer (as described in [RFC4034], section 5.3), zero-padded
to five digits (for example, a Key Tag 42 would be represented in the
label as 00042).

So, kskroll-sentinel-is-ta-19036.example.com would match, as would
kskroll-sentinel-is-ta-20326.example.com, as would
kskroll-sentinel-is-ta-00042.example.net.
The question is not kskroll-sentinel-is-ta-original.example.com.

I really don't understand your question -- please help.
W



> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email