[DNSOP]Requesting final comments on draft-ietf-dnsop-rfc8109bis
Tim Wicinski <tjw.ietf@gmail.com> Wed, 05 June 2024 15:26 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E252CC1E722C; Wed, 5 Jun 2024 08:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0JNmepMarka; Wed, 5 Jun 2024 08:25:57 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7E65C1E6409; Wed, 5 Jun 2024 08:25:57 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-57a2f032007so7432482a12.0; Wed, 05 Jun 2024 08:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717601155; x=1718205955; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=iVyF1o5eXNRpx3+HzcaGoHm0TpTjBcaPMeLqX5Cte0U=; b=JczUxBArTrgr3yfqWVFLp1G/0gc5X/j1PfjcIfoQ1VgybASVHBGVpZK2P+BTIQleVw Hyo3IbrJgkWQLxnC7Dbiot1fay1bzLrkxr2NiiLOlkVSljuBJdfsvQPN8RzW+tPZ+wJG hJe20ypRHEgLHvwT+JuMWbzIyCiTRv/3KIvmK/OSXdATBlOf+CStl9fWuGa4G3VLNAJC RzIz3wlq7NWVgXYhHIN1ykOxWSZkTBP3KzT6ZA2FKFt2aH/blK0sioGTxyvothjT1K14 yk9VIA/lXhO7IFeW2n1KhVf+Uwoe+DerKIk+ejjAp1v3zgYzb0ajmXC+Y2tywYTESZmf sT8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717601155; x=1718205955; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=iVyF1o5eXNRpx3+HzcaGoHm0TpTjBcaPMeLqX5Cte0U=; b=jBVVuycqt515VSuJ+GEBV4ycuLrRYzUaUaOyXQslP3ZApwzKrJym8AkfKH1Scy1PK3 xOBd19zLOVG/KyyPNZIczpkEmVJHmWJl2cOJ4fzMTBqzrOmRJhEQzuEkYHWWMp8XLB46 y9dyko4QlaCP0nAPngiNE6dyqAlfr46LOnq0+eJl04w/NZc4bQ/i8YR3esW4hhN+sdm3 gUhWqNVcwUmpZrWag9BXP7ekRvHyQVM38JyarrpW3glBtu8B7tgKqfzl3wfECguGS8Hb 6/t5HITmXTFw+S7WWd2Uoj8oeHuo3xHlZMgM1qWSTeaPDCLmtQcAZrisHyKShq84oCjo yJ4Q==
X-Gm-Message-State: AOJu0YzNrO7KZR9VwUMg+FZNTOp9ztO0pYjbCNmqUQGTRu/A1mY1l/yu kT9C389MWerSox0Z3Mk2sbEVON1nCEYO7Kb7wkOlyNhHIMWeHd3V0KxPSIuEyrdBnHznna1j+Yw e6nGnQgX/XKDkfnJHih03cRUBBOfxEdss
X-Google-Smtp-Source: AGHT+IFxcMh3X+FnDs7N8s2CMo539Q98LZVmm1Ywecjb2qr+um1XJym3qP1E3jhy2JU2UB/MTS/meole3wSXD0tokro=
X-Received: by 2002:a05:6402:2153:b0:57a:2ea0:4065 with SMTP id 4fb4d7f45d1cf-57a8b67d693mr1807161a12.5.1717601155189; Wed, 05 Jun 2024 08:25:55 -0700 (PDT)
MIME-Version: 1.0
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Wed, 05 Jun 2024 11:25:44 -0400
Message-ID: <CADyWQ+HLxyAkhdYsOEQz09ByF5EtuvDMh2oAWb_tt_c7YN+59A@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b89332061a262e64"
Message-ID-Hash: 27YPERD4OPPVBVP7M2DCVBFPQRSFAGO7
X-Message-ID-Hash: 27YPERD4OPPVBVP7M2DCVBFPQRSFAGO7
X-MailFrom: tjw.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop-chairs <dnsop-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP]Requesting final comments on draft-ietf-dnsop-rfc8109bis
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DfKRXuesEil0TOEhynQgoL8QpIk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
All The chairs are requesting some final comments on draft-ietf-dnsop-rfc8109bis. As you might recall, this document has already been through WGLC and had consensus to advance, but our AD reviewed it and raised some additional questions. (Warren Kumari, “AD Review of draft-ietf-dnsop-rfc8109bis,” email to the list on 31 January.) Here are specific things we particularly want feedback on: -Discussion on the list suggested a change regarding the use of the TC bit in the context of a priming response, which appears in the -04 (current) version of the document but hasn’t been reviewed by the full WG: OLD: Note that [RFC9471] updates [RFC1035] with respect to the use of the TC bit. It says "If message size constraints prevent the inclusion of all glue records for in-domain name servers, the server must set the TC (Truncated) flag to inform the client that the response is incomplete and that the client should use another transport to retrieve the full response." Note, however, the root server addresses are not glue records, so setting the TC bit in truncated responses from the root servers is not required by [RFC9471]. NEW: Note that [RFC9471] updates [RFC1035] with respect to the use of the TC bit. It says "If message size constraints prevent the inclusion of all glue records for in-domain name servers, the server must set the TC (Truncated) flag to inform the client that the response is incomplete and that the client should use another transport to retrieve the full response." Because the priming response is not a referral, root server addresses in the priming response are not considered glue records. Thus, [RFC9471] does not apply to the priming response and root servers are not required to set the TC bit if not all root server addresses fit within message size constraints. There are no requirements on the number of root server addresses that a root server must include in a priming response. Willem's email to the list which suggests changes to section 3.3 to better explain what is signed when; the chairs feel that these changes should be incorporated into the draft as well https://mailarchive.ietf.org/arch/msg/dnsop/D2Ha-Hk2lpvvkcXx7k4RILpgaPQ/ The addition of a reference to RSSAC 0028 ( https://www.icann.org/en/system/files/files/rssac-028-03aug17-en.pdf, “Technical Analysis of the Naming Scheme Used For Individual Root Servers,” as an informative reference; it discusses the rationale for not signing root-servers.net. We liked to hear from the WG on this by Friday June 14, 2024. Thanks tim, et al
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP]Requesting final comments on draft-ietf-dn… Tim Wicinski
- [DNSOP]Re: [Ext] Requesting final comments on dra… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… A. Schulze
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Tim Wicinski
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski