Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt

Peter Thomassen <peter@desec.io> Wed, 22 June 2022 11:08 UTC

Return-Path: <peter@desec.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B48D3C157B45 for <dnsop@ietfa.amsl.com>; Wed, 22 Jun 2022 04:08:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.781
X-Spam-Level:
X-Spam-Status: No, score=-3.781 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3yW-Uen8fAd for <dnsop@ietfa.amsl.com>; Wed, 22 Jun 2022 04:08:31 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A962C14CF06 for <dnsop@ietf.org>; Wed, 22 Jun 2022 04:08:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:Subject:From :References:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=DzIU4CRLAs1zcG/MRs5IV8dI+h/Q7XhjeQ/erJZ4qCw=; b=0C7JEZrXqXz2ZI7fWdVby4pRqj ChqEA8pWzF2N2HZl/HJ/J7OY1+HcD5vjqUsTsctVpGMZnHv94MQEMnocu+e5boNWC4gMRuKfaml9P nmoEPoH6hwAvd5XJPEvu5iFS/qrwgl3d/DsKU5fz28b9PwPbSNLUefV4q8t1YV1zaQjjlr9OkUlv4 3aY8zflJ97fq3WdKk34uZSov7VKMHt4P6efrV4Wy4hS4lIDoLKJACyuhcBTEpqV9buHU4rSCaDZAL e99o3WWDj6/A1vJXQwAXoC2G/rMnR7Vii+k0K0jwZU1xVgBid4QxmxqynfGatgvXNG7BaC8XaYHvD KMjc5aqQ==;
Received: from ip5f5bf78b.dynamic.kabel-deutschland.de ([95.91.247.139] helo=[192.168.179.3]) by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <peter@desec.io>) id 1o3yDk-0002VK-0c for dnsop@ietf.org; Wed, 22 Jun 2022 13:08:28 +0200
Message-ID: <9311d3d0-4454-7d12-c23b-cb30a491fbd2@desec.io>
Date: Wed, 22 Jun 2022 13:08:27 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: dnsop@ietf.org
References: <165546037411.59869.5581408796512743719@ietfa.amsl.com> <f7cd3162-166a-e919-b019-42daae1e05b0@desec.io> <43a19513-6053-c028-8385-96232315d3c7@nic.cz> <627a6aca-6d1d-3968-f095-c25802735522@desec.io>
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <627a6aca-6d1d-3968-f095-c25802735522@desec.io>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/E11BqRXMbj9Hq6Yl9TXRDa9qPY4>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2022 11:08:35 -0000

On 6/22/22 12:39, Peter Thomassen wrote:
> So I agree that strictly "replacing" Section 3 may be too much, but we should strongly discourage its use. Perhaps its enough to state that the draft "obsoletes" (or "deprecates"?) RFC 8078 Section 3?

I was thinking to write something like:

OLD:
   This document updates [@!RFC8078] and replaces its Section 3 with (#bootstrapping) of this document.

NEW:
   This document obsoletes Section 3 of [@!RFC8078] in favor of (#bootstrapping) of this document.


In doing so, I remember the Obsoletes: RFC header. Looking into it, it seems to apply to an RFC as a whole (not only to a Section, as is the case here).

I started considering what's the difference between obsoleting RFC 8078 Section 3, and the RFC as a whole. The differences would be:

- Besides Section 3 (which we want to obsolete), RFC 8078 has normative language in Section 4 (Disabling DNSSEC with Null CDS record), and in Section 5 (Security Considerations). I guess we don't want to obsolete Section 4. But if the whole RFC was obsoleted, the relevant aspects of Section 5 could be migrated to the new draft.

- RFC 8078 elevates RFC 7344 from Informational to Standards Track. Would that be "undone" by obsoleting RFC 8078? (I guess not?)

- Similarly, RFC 8078 registers the "Delete DS" algorithm. This continues to be needed. Would it collide with obsoleting the RFC?


I can imagine that having all bootstrapping-related stuff in one document (and obsoleting the former), that would make things easier to digest for readers. On the other hand, I don't know how the above situation would be best handled. Input from more experienced IETFers is appreciated.

Best,
Peter

-- 
https://desec.io/