Re: [DNSOP] Possible greater value for draft-ietf-dnsop-ns-revalidation
Shumon Huque <shuque@gmail.com> Tue, 10 August 2021 19:47 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AC543A1A0E for <dnsop@ietfa.amsl.com>; Tue, 10 Aug 2021 12:47:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOSbNuXWilos for <dnsop@ietfa.amsl.com>; Tue, 10 Aug 2021 12:47:44 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A076B3A1A16 for <dnsop@ietf.org>; Tue, 10 Aug 2021 12:47:44 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id oz16so21383841ejc.7 for <dnsop@ietf.org>; Tue, 10 Aug 2021 12:47:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=J/Oldcu8H1yeMV8Qo833RhFl3ZUSX7czZKB5MpDHDiI=; b=ufj/xkSIQNXmjdt0Y3/vsN01ax0Ui5pO4nzABKicy9dhMPUXWSujvDmBbbIGEYCWGt SLrwQDudVxg2AA5o4Sso9krUj38sgOWZCQIOeJ3Odgzu31Wl64HHTKZBPQkQkue1RM/o Y6sIAr5PhEwDd2OO0IM/QivlfBHKBipHhxReKGehiU3OHRrM+qYq7mO2AJur2SGii1+3 Rqe/CSab8+lay4aOFeIfDZHVzJGLFh7JRXM4Fe7v76KWZBhwvQ+yavaWqgtb9RydC0Me YSr6WaP4kXijfAH5ZEaa3OZStZyzFwrh1Vn/BgX2ydFq3iGE7m49pEQ5gyanKUxMYXG+ eiog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=J/Oldcu8H1yeMV8Qo833RhFl3ZUSX7czZKB5MpDHDiI=; b=SNWMjqV/9Qgj2IBoPRneywrh2jtdkeFHu11YYH9ar/QdVdPw5EIjXs36chNyxR8IL8 lgH/vd5YhGN1tSgQeKiLMrTRJ3woOY8Yow/p5smM7pf7ILoU9TDlcyyi9rx3+eI1WGFY Jkq//mpETVjb691tDFkzpP9ae4hVKiTkDnjclct2PtYCX6Ij8mfR74gQTqInnTiaNkOD Y70+bL2DalrDHsHW8B2MC2txv123TM4GGpj7w8AwsdZ1kHGBY70TeszaN79uUyvIXyyT 6F6x+mWZsKOLDvshfgQAU+z4IvGoVz/6cRzu7c24TRV6C9BKRw7QrvkEXzzbu0Hh/PlG M6wQ==
X-Gm-Message-State: AOAM531hnhESHAAiGzIH9kgiRH0PXlEGJ1GNC+IFAKlT9ASPnIrte8Se r2uiqz4/9cXS5Lr/cZTcqRjY0kO/Mu8Q/AVB7Gk=
X-Google-Smtp-Source: ABdhPJzFAdDQaZK0fyYeUTvQrPG8wyktn3AdgxetysC57epkVK6DGltEBaX9C8v1xRk2uOW9tKOL2mUeA/EmGXUG2VI=
X-Received: by 2002:a17:906:2305:: with SMTP id l5mr206483eja.72.1628624861551; Tue, 10 Aug 2021 12:47:41 -0700 (PDT)
MIME-Version: 1.0
References: <5EC4E79F-0E29-4BDF-8D06-12AFB634BD9F@icann.org>
In-Reply-To: <5EC4E79F-0E29-4BDF-8D06-12AFB634BD9F@icann.org>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 10 Aug 2021 15:47:30 -0400
Message-ID: <CAHPuVdU+C9w5F8cFMFDfSR_Bo+8dRapLUHRBPjtxBSzadDu6nw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005862bf05c939c64a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FwKwLrbp67PTDBx6GMB3KrtfDcM>
Subject: Re: [DNSOP] Possible greater value for draft-ietf-dnsop-ns-revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 19:47:50 -0000
On Tue, Aug 10, 2021 at 1:55 PM Paul Hoffman <paul.hoffman@icann.org> wrote: > Greetings again. In the DPRIVE WG, we are discussing a proposal that would > make encrypting transport on a first lookup more likely using a DS hack. > Whether or not that becomes a WG item in DPRIVE, it reminded me that DNSOP > had not finished with draft-ietf-dnsop-ns-revalidation, and that this draft > could be expanded beyond revalidating just NS RRsets to revalidating all > glue. > Paul, I think that's a reasonable thing to consider (and I suspect some resolvers may already revalidate glue), as long as it's done lazily (or in parallel) and doesn't interpose additional delay in following a referral. I'll await other comments .. But I'm trying to better understand the connection to the DS hack draft (I've not followed it very closely, I'll admit). Does it require or benefit from glue revalidation? Isn't the child zone owner explicitly putting its NS name and addresses into the hacked DS record at the parent? Given the results of the survey and the possible cross-WG interest, I'd > like to see draft-ietf-dnsop-ns-revalidation moved forward in DNSOP sooner > rather than later. > I'm working on the remaining loose ends and plan to push another update soon. Shumon.
- [DNSOP] Possible greater value for draft-ietf-dns… Paul Hoffman
- Re: [DNSOP] Possible greater value for draft-ietf… Shumon Huque
- Re: [DNSOP] Possible greater value for draft-ietf… Brian Dickson
- Re: [DNSOP] Possible greater value for draft-ietf… Raffaele Sommese