Re: [DNSOP] A conversational description of sentinel.
Joe Abley <jabley@hopcount.ca> Mon, 15 January 2018 02:08 UTC
Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D975D1200B9 for <dnsop@ietfa.amsl.com>; Sun, 14 Jan 2018 18:08:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pf24lEVXRvnK for <dnsop@ietfa.amsl.com>; Sun, 14 Jan 2018 18:08:20 -0800 (PST)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5BE7124205 for <dnsop@ietf.org>; Sun, 14 Jan 2018 18:08:19 -0800 (PST)
Received: by mail-it0-x229.google.com with SMTP id q8so3582409itb.2 for <dnsop@ietf.org>; Sun, 14 Jan 2018 18:08:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/i1ZcPX8MgOJna+i+0gQwzAatTjIfXxh+ZgJ0or7AuE=; b=nAUC7iaVsyWhkl+wgcff2Zd0ud682RnWoZi0HtSrFmXeLU6oywwExiA7Is7Z7h/aDw 9y7fCp07o4F1W0NLDgNBBN4ITISEEG9ygFO/kW+9HUgJKNmLIp0N5qx6MC7PCNN27h7e zTDX2ejrOM1kAPC+BjFwVS/r9kqTzDrxAXyHo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/i1ZcPX8MgOJna+i+0gQwzAatTjIfXxh+ZgJ0or7AuE=; b=LICkYF7zS67mnB3GjmuT2v1W5TlnbuIeIaFO81F6IlW0ff9tjb87sTndzPbCycr9TA 0Lhzc2tLFxN+jiB9TfUKD/XXnJmNTmlq8/ndYPSKy6My550mA24mJ+SWN8CI9vIgkvTg RuHaKZHh7fw7KnT6l6v3fVVrfcQP8xOwMjlSACHcv+ya1tA3ychXpMNxXZqjoSkUhu0I Wfj0+skRPuA5kJj9/iPsGHgTOVKOfBrQNc6nFZoR6fHkZeZN8V8vA6ztmUdgF6P0aQ0K danzuQsWj1bL2DoeBIba2LDJNeCwXc6pumC6wG2V8a2qQJcW0aM1lgx+9qnwskjfN9jS t7AQ==
X-Gm-Message-State: AKwxytfdYHmcvuCNfXxJHGd8s2wfvjP9LEqfYCh1G/LwlM0rPPI1j7jP /dq4wM+xAQJLesrgM6EhjFA5cg==
X-Google-Smtp-Source: ACJfBosQmebuShELm8NmTOik9PjkGKHPTu6q/3+/MsMhRiJry1+h6XS9wmJnT1Y0z5R8iG3ToYMDVw==
X-Received: by 10.36.152.139 with SMTP id n133mr89571itd.137.1515982098818; Sun, 14 Jan 2018 18:08:18 -0800 (PST)
Received: from [199.212.92.9] (135-23-173-35.cpe.pppoe.ca. [135.23.173.35]) by smtp.gmail.com with ESMTPSA id m21sm4614520itb.43.2018.01.14.18.08.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jan 2018 18:08:17 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com>
Date: Sun, 14 Jan 2018 21:08:11 -0500
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <52DC3E60-2376-4213-9C17-E2EE11D4980E@hopcount.ca>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Et5rtM0G1jHqa994KTCtuoYd7jE>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 02:08:22 -0000
Hi Warren, On 14 Jan 2018, at 20:51, Warren Kumari <warren@kumari.net> wrote: > I had a conversation with a friend earlier today, who had carefully read the document (https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/), but had not managed to understand it at all. Since this friend is bright, and really understands DNS, I figured that the document doesn't do as good a job explaining how this would be used in practice as it should. Sometimes it is easier to explain things in an informal manner, and so here is a (hopefully better) description of draft-ietf-dnsop-kskroll-sentinel). > > 2 things seemed to be causing confusion: I think the document would benefit from some explicit advice for zone administrators and some explicit requirements for validating resolvers, and having them both separated into obviously-distinct sections. An example of a specific experiment would also be useful. A careful review of some of the terminology would also probably help. At the moment the text contains contains phrases like "query name that is signed with a DNSEC signature" that I think adds to the ambiguity and confusion (query names are not signed; RRSets are signed, and the corresponding part of an RRSet to a QNAME in the sense that I think is intended is an owner name). I definitely agree that even with some prior idea of what this mechanism is trying to do (and some prior exposure to the geoffsperiments that provide context) this draft is quite hard to understand. The small handful of slides I saw Geoff present about this seemed far easier to understand than the draft, in fact. I would be happy to suggest text if that seems useful, but I haven't done that here since it seems likely that other text changes are already in the pipeline, based on reviews on this list so far. Joe
- [DNSOP] A conversational description of sentinel. Warren Kumari
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… william manning
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Ralph Dolmans
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Andrew Sullivan
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Vixie
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Mark Andrews
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Vladimír Čunát
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Patrick Mevzek
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… joel jaeggli
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Benno Overeinder
- Re: [DNSOP] A conversational description of senti… Bob Harold
- Re: [DNSOP] A conversational description of senti… Matt Larson
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- [DNSOP] Risk of using underscores for sentinel (W… Stephane Bortzmeyer
- Re: [DNSOP] Risk of using underscores for sentine… Vladimír Čunát