IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Joe Abley <jabley@hopcount.ca> Sun, 29 July 2018 18:50 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C14130ED9 for <dnsop@ietfa.amsl.com>; Sun, 29 Jul 2018 11:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qVdHVQU4FpXF for <dnsop@ietfa.amsl.com>; Sun, 29 Jul 2018 11:50:46 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ADDD130ED8 for <dnsop@ietf.org>; Sun, 29 Jul 2018 11:50:45 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id f8-v6so8540170ljk.1 for <dnsop@ietf.org>; Sun, 29 Jul 2018 11:50:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc:content-transfer-encoding; bh=ULSVmLTeEH7Rr5B6oP7ubCNQ4nUP6wr9ldSqkPmeoq4=; b=Rrsl0xbce7lkTZWCd+QgZaAJseb+3/nkyis46hEb6Wxnrhpyp06zvsbYZS8gTTPq74 ues2gNlSBElZcDv+LvG96UX5IRURQHxrNwUKVTz7o1Hds3/lSHAnbPh21/KfV6zI3g2a Hrq3lBkROTCf1x/dn3IeHcTH3fQQsuGCh3ch4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc:content-transfer-encoding; bh=ULSVmLTeEH7Rr5B6oP7ubCNQ4nUP6wr9ldSqkPmeoq4=; b=ZN2ZrVeVrMa2lTGkDDOvafu2n2ALFmjWizdm5O4yTDU7uzDhMOreYdRoRhS8reM9Pd MqgUY6gB0+xeqq6gpK/sHXnaR1BjH2zoXEELbDMUHh3dMFDAtwqO4sf0cc8sIuOtzKc2 1qUnXtDcF8yNUsihfhwuLe+PSpXN3ubohkTgeb7uqf6frxFS9pAhoYWgMzvvVpxZWWwg zBALXH7NEFZXpUzXuyBecHkEXOXyQFt/dLImibe5q2sJaqwkOLJiw9h/RwKHZkEP2PNA vOtqeaWcIRs1sOv44tBNGnM72Jg+U+X0OEB6zlxhGcZtHXa57TTnojZuSGfSP+9a32UC Xs2A==
X-Gm-Message-State: AOUpUlGBYdVfRVnWYmUfGMmaeEU5SUvKUFnEDVwZJcp7chVtHkwhHfKq s2m463HeYGA/cXjt42+hmApQ/yR5Wc8blU/tGZ3WRA==
X-Google-Smtp-Source: AAOMgpeusYWNXEf7hQDLkIAxPTDAuGoAqAw6CaTAxMF17KxTE5H/xu4OULsyoEi8e+dcFCvixJdDRXo5yhWX2md8fLQ=
X-Received: by 2002:a2e:5687:: with SMTP id k7-v6mr10999986lje.105.1532890243186; Sun, 29 Jul 2018 11:50:43 -0700 (PDT)
Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Sun, 29 Jul 2018 11:50:41 -0700
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <20180729155014.C8F2C20030CD40@ary.qy> <5F1A8568-02D6-4145-8ECE-59385C31DA7C@shinkuro.com>
In-Reply-To: <5F1A8568-02D6-4145-8ECE-59385C31DA7C@shinkuro.com>
Date: Sun, 29 Jul 2018 11:50:41 -0700
Message-ID: <CAJhMdTP-J8qaGQE1rTQQ6KUC0fdtHpJeztr9GaY2n-WGpYm8Pg@mail.gmail.com>
To: Steve Crocker <steve@shinkuro.com>
Cc: dnsop@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DLrW_ZW9eY2Sm8mUlDRXf9m1eSg>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2018 18:50:48 -0000

On Jul 29, 2018, at 12:19, Steve Crocker <steve@shinkuro.com> wrote:

> It feels like this discussion is based on some peculiar and likely incorrect assumptions about the evolution of root service.  Progression toward hyper local distribution of the root zone seems like a useful and natural sequence.  However, the source of the copies of the root zone will almost certainly remain robust and trusted.

I think you need to be more clear what you mean by "source".

If you mean the original entity that constructs and first makes
available the root zone (e.g. the root zone maintainer in the current
system) then what you say seems uncontentious.

If what you mean is "the place that any particular consumer if the
root zone might have found it" then I think you need to show your
working.

Resolvers currently prime from a set of trusted servers (albeit over
an insecure transport without authentication, so we could quibble
about what "trusted" means even there) but it's not obvious to me that
this is a necessary prerequisite for new approaches.

If I have a server sitting next to me that has a current and accurate
copy of the root zone and I am able to get it from there and assess
the accuracy of what I receive autonomously, why wouldn't I?


Joe

v2.23.0 | Report a Bug | By Email