[DNSOP] signing glue and additional data
Jim Reid <jim@rfc1035.com> Sat, 16 January 2010 13:25 UTC
Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C79CC3A68FB for <dnsop@core3.amsl.com>; Sat, 16 Jan 2010 05:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.055
X-Spam-Level:
X-Spam-Status: No, score=-3.055 tagged_above=-999 required=5 tests=[AWL=-0.456, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mzh3z+FG0Nye for <dnsop@core3.amsl.com>; Sat, 16 Jan 2010 05:25:31 -0800 (PST)
Received: from hutch.rfc1035.com (hutch.rfc1035.com [195.54.233.70]) by core3.amsl.com (Postfix) with ESMTP id 8FE853A68AD for <dnsop@ietf.org>; Sat, 16 Jan 2010 05:25:31 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jim) by hutch.rfc1035.com (Postfix) with ESMTPSA id CD760154283B; Sat, 16 Jan 2010 13:25:25 +0000 (GMT)
From: Jim Reid <jim@rfc1035.com>
To: George Barwood <george.barwood@blueyonder.co.uk>
In-Reply-To: <C7567F001CD94F1891C91E162FD5316B@localhost>
X-Priority: 3
References: <201001131823.o0DINxYv068180@stora.ogud.com> <C70EBA7D41694531819FB0923455C684@localhost> <C7567F001CD94F1891C91E162FD5316B@localhost>
Message-Id: <CEB4088B-AAB5-4718-981F-4F4887E714E6@rfc1035.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sat, 16 Jan 2010 13:25:25 +0000
X-Mailer: Apple Mail (2.936)
Cc: IETF DNSOP WG <dnsop@ietf.org>
Subject: [DNSOP] signing glue and additional data
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2010 13:25:32 -0000
On 16 Jan 2010, at 11:17, George Barwood wrote: > To correct my statement, the following query shows that glue records > may be signed > > dig soa se @a.ns.se + dnssec No it doesn't. The name servers for .se are authoritative for the address records for *.ns.se. And ns.se isn't delegated either. The A and AAAA records for *.ns.se in this response are not glue. They would be glue if they were in a referral response from a server for .se's parent. > The question then is "is the additional RRSIG data useful" ? > > My answer is "probably not". So authoritative servers shouldn't volunteer helpful/relevant data in the Additional Section of a response, should they? If the server's got additional data that might benefit the client -- like an A or AAAA record for a hostname in the RDATA of an answer -- it makes sense for the server to include it provided there's room for that data in the response. That also applies to any RRSIG(s) over that additional data, assuming of course the client had set the DO bit.
- [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Alfred Hönes
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Edward Lewis
- Re: [DNSOP] Priming query transport selection Alex Bligh
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jaap Akkerhuis
- Re: [DNSOP] Priming query transport selection Olafur Gudmundsson
- Re: [DNSOP] Priming query transport selection Jaap Akkerhuis
- Re: [DNSOP] Priming query transport selection Nicholas Weaver
- Re: [DNSOP] Priming query transport selection Ray.Bellis
- [DNSOP] RSA cracking Jim Reid
- Re: [DNSOP] Priming query transport selection Patrik Fältström
- Re: [DNSOP] Priming query transport selection bmanning
- Re: [DNSOP] Priming query transport selection Nicholas Weaver
- Re: [DNSOP] Priming query transport selection Patrik Fältström
- Re: [DNSOP] Priming query transport selection Sebastian Castro
- Re: [DNSOP] Priming query transport selection Ray.Bellis
- Re: [DNSOP] Priming query transport selection Simon Leinen
- Re: [DNSOP] Priming query transport selection Florian Weimer
- Re: [DNSOP] Priming query transport selection Jim Reid
- Re: [DNSOP] Priming query transport selection Florian Weimer
- Re: [DNSOP] Priming query transport selection George Barwood
- Re: [DNSOP] Priming query transport selection George Barwood
- [DNSOP] signing glue and additional data Jim Reid
- Re: [DNSOP] signing glue and additional data George Barwood
- Re: [DNSOP] Priming query transport selection Sebastian Castro
- [DNSOP] on what glue is (was: signing glue and ad… Andrew Sullivan
- Re: [DNSOP] on what glue is (was: signing glue an… Roy Arends
- Re: [DNSOP] [dnsext] Re: Priming query transport … Danny Mayer
- Re: [DNSOP] [dnsext] Re: Priming query transport … Alfred Hönes
- Re: [DNSOP] [dnsext] Re: Priming query transport … Olafur Gudmundsson