Re: [DNSOP] WGLC for draft-ietf-dnsop-zoneversion

Tim Wicinski <> Thu, 27 April 2023 22:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E1D39C14CE4A for <>; Thu, 27 Apr 2023 15:05:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id o8hRujLOldfk for <>; Thu, 27 Apr 2023 15:05:19 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 6A239C14CE29 for <>; Thu, 27 Apr 2023 15:05:19 -0700 (PDT)
Received: by with SMTP id a640c23a62f3a-94f0dd117dcso1362184066b.3 for <>; Thu, 27 Apr 2023 15:05:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20221208; t=1682633118; x=1685225118; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WReoGSSeT6wIfUZc1FNSblK3bM24OYQoW8PvS3Tnu/U=; b=nuuokhnc1HDJwk+gNISZYIl0hjeXCGCaI73WIUpNQhFEacKUg4kAY5l6ljt6KvL7Iz YrbJl3KF8IT5knaNeC4KKFtsyMMZ0jhOzoOusAbqNCzcluIkeeDbHgSOnJdkHnnkPbYD DXVu2VLATPfPn2tCihqPTGDDbGATCVtnaWiFe73w3FU1asQOMiBUF7J70cufCs2jiW/2 aU3InrUBO3YuZWr41rB9OCeBB3XDZWDDloaNkhaNHUYhWCwI2RMz+ovnpFAD+zDQ0vtf M9qQvzzAQrisFxhpIn9nJiEhzstADH0bGp2SVovVBZblWsbA/shPANn0xuWWe24tWHZF OSNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20221208; t=1682633118; x=1685225118; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WReoGSSeT6wIfUZc1FNSblK3bM24OYQoW8PvS3Tnu/U=; b=lDi2DNDGOY4bZckZQu+bv/ni26x89mH+G/I3EQng/pT0dxH9Mm8cFhXdFuo4YGmlNX lW2CRdXC4SivSDDFVl9I1osAXdL43b4kt3hMtup24yaVuAX7/K0Yob1dyiPhvh90NbaQ PTdIr+GHpRW4/0aHgMssF+Exxdca7K5QFWGN9uXZRKL7996G6zs8d8Fp1S5ArxYV4rG+ DHMm1LdSQfQRC05GoCif+gHaftZffv3AFVWBuPcdnpnhVzpFonz9n7z3J8EvCzBAZ8DG b2m5NK763AtzCyxMdmftpnUjOFICcmvZi/GjunzQ2VWbl7orajHH6mGHxwLpx88vN7Nb Vp4g==
X-Gm-Message-State: AC+VfDwKJnKWgdciSovaNfHFrhn3fOlz+PfVp8b3XoU4GRdG7j/+gnbD jpDrsrXuVk2MMlJH2m+pH4tSwy1As8hcTCBdc8Ode5bA
X-Google-Smtp-Source: ACHHUZ6XTgOsbPJwk2ykWfTUReJY012GoFFLp9VPa7UZuuLG0DBHkprRGKerDnXt3aZIf76qRG2NtDacvWBLu1/ODrk=
X-Received: by 2002:a17:907:3faa:b0:94f:2eb1:ffd2 with SMTP id hr42-20020a1709073faa00b0094f2eb1ffd2mr3609171ejc.40.1682633117671; Thu, 27 Apr 2023 15:05:17 -0700 (PDT)
MIME-Version: 1.0
References: <> <20230427152354.28E05C679F73@ary.qy> <> <>
In-Reply-To: <>
From: Tim Wicinski <>
Date: Thu, 27 Apr 2023 18:05:06 -0400
Message-ID: <>
To: John R Levine <>
Cc: Miek Gieben <>,
Content-Type: multipart/alternative; boundary="000000000000442d6d05fa588d56"
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-zoneversion
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Apr 2023 22:05:24 -0000

(speaking as a chair)

On Thu, Apr 27, 2023 at 5:22 PM John R Levine <> wrote:

> On Thu, 27 Apr 2023, Miek Gieben wrote:
> >> I think it's an interesting idea but I also don't want to spend time on
> it
> >> if it's just going to be filed and forgotten.
> >
> > I looked into this for
> >
> > The option is trivial to implemented (in an auth server). I.e. seems
> similar
> > to NSID.
> I agree that it's not hard to do.  But the Camel reminds us that there is
> an unlimited number of hacks that would be easy to implement, but not
> necessarily that anyone would use.  Hence my question about whether
> anyone's implemented it.
> '


While you are correct on remembering the camel, the "OP" part of DNSOP
stands for "Operations" (DNSOP for the Operators!), I try to judge new work
with a another question "does this make it easier for operators to deploy
benefit from?"

(now speaking as myself)
In this case  I do feel this would be useful and will be used by operators.
And more so than ZoneMD, because as George point, it's a different class of