Re: [DNSOP] draft-yorgos-dnsop-dry-run-dnssec-00 and DS digest field
Willem Toorop <willem@nlnetlabs.nl> Mon, 04 April 2022 08:38 UTC
Return-Path: <willem@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A89503A1AEA for <dnsop@ietfa.amsl.com>; Mon, 4 Apr 2022 01:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7OJ9NrDt62i for <dnsop@ietfa.amsl.com>; Mon, 4 Apr 2022 01:38:29 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DCB13A1AF2 for <dnsop@ietf.org>; Mon, 4 Apr 2022 01:38:28 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id bh17so18294890ejb.8 for <dnsop@ietf.org>; Mon, 04 Apr 2022 01:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=9vUyaWmDi1ZW/OrOfXzCvvA3t7D6iDBVH8Hk4/mpe6Q=; b=byIeErPi5tI8iLG5VGTNQfv3mC62105kUJSXDRGwyZ81qgiGj3G6pus1q5avqyrJ9h L8/kJqMwuoPxuXCdsDRNEdHUheR7houk3MKtn2uaXS+gHbVWsUqdouLpwi1pVqsB2GXY ghePIqpB2DtmRlGLqt6r7JJoInSHkYPS/BNnYdAlFEQrNqPQDD1uSn9weFWMBUhEi6UK YQhE6qQMN20r4bWOCYTVI7mBxgpiDOHNX90M28XXC5jpZIpfZSDe3mlHxeAYBDUT9ZYF +bXutBIZTKXuUP4xu1Dy7yvOh9vVA8HFYKeoMvm+MM7VWtXHR//3CSnHI7ORQ3fW67nA JHYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=9vUyaWmDi1ZW/OrOfXzCvvA3t7D6iDBVH8Hk4/mpe6Q=; b=JTUgb2UBzP0EqPPras5J653C8FJwwhWUrpewuiDis6zhvdfIBCo1E+OVGaprsjBj5Y ced9J9yufxx/o8GX7fMs9SGWr+W5UuIcSzLR4tpx7itS0RXm4vwEUyeDbl2pC/K6NDeX MkCgMiMyI2xWWQMe0XRB0vOFekpd6uNDINRufmVrO+CuQQQe/wKGRt9xx5J51qjVR7vJ U8BZCIYjUSTajlW1xtrqPtMU8XaSzGU/jrNx4Lg6spErO39wVOIglLzWGYi43M3JnPUI U7gFc9263aF832JVX4cL+iureFjUq0EiJYav/62s2GCcqEVVTAyqhcQkG0n5Kj3iOjUk aUSg==
X-Gm-Message-State: AOAM5336SFwQOXS3zudbJqZRfz2AshdutrOu1EFYPST7l+PwnRycdFYE BqHyRQLhqQdAqpXly85rLcUeUA==
X-Google-Smtp-Source: ABdhPJyb/YBCnK/xNdV/6Q3m5s6eZjx6Q0+3ebdW2wPJ9CpU/Ve4N5B2sHMVcFk4z9wOcGz5XNa9hQ==
X-Received: by 2002:a17:907:6d8b:b0:6e7:5610:d355 with SMTP id sb11-20020a1709076d8b00b006e75610d355mr5973806ejc.369.1649061507052; Mon, 04 Apr 2022 01:38:27 -0700 (PDT)
Received: from ?IPV6:2a04:b900::760? ([2a04:b900::760]) by smtp.gmail.com with ESMTPSA id w14-20020a509d8e000000b0041cd217726dsm1254020ede.4.2022.04.04.01.38.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Apr 2022 01:38:26 -0700 (PDT)
Message-ID: <98980fb8-21e8-6582-8829-b32f104062f2@nlnetlabs.nl>
Date: Mon, 04 Apr 2022 10:38:24 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: "libor.peltan" <libor.peltan=40nic.cz@dmarc.ietf.org>, dnsop <dnsop@ietf.org>
References: <d6d0f84b-554b-a03e-4132-40b29c09af43@nic.cz>
From: Willem Toorop <willem@nlnetlabs.nl>
In-Reply-To: <d6d0f84b-554b-a03e-4132-40b29c09af43@nic.cz>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/G1RrKAs2uuedSUgAZaBPozp6MHI>
Subject: Re: [DNSOP] draft-yorgos-dnsop-dry-run-dnssec-00 and DS digest field
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 08:38:40 -0000
Thanks Libor, I'm planning to create an overview of all the feedback and proposed solutions to our issues we've had since IETF113 (including your proposal), discuss that with the co-authors, and then post that to dnsop together with an announcement that we're working on this. Cheers, -- Willem Op 30-03-2022 om 16:58 schreef libor.peltan: > Hi dnsop, Yorgos, Willem, Roy, > I really like this idea of dry-run DNSSEC. I think it could really help > new DNSSEC adopters. > > The evidently weird thing of the proposal is the displacement of DS > digest field into the first byte of DS hash field, in order to free up > space for dry-run signalling. This will cause difficulties in human > readability of resulting DS. The obvious counter-proposal would be to > simply take the most-significant bit of the DS digest field (set to 1 > for dry-run), which would take 128 of available DS digest numbers > (instead of just one), but wouldn't otherwise introduce any > inconsistencies in DS format. As only four are taken so far, it seems > viable to me. > > Should we (dnsop) discuss this specific matter, or even poll? > > Thanks, > Libor > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] draft-yorgos-dnsop-dry-run-dnssec-00 and … libor.peltan
- Re: [DNSOP] draft-yorgos-dnsop-dry-run-dnssec-00 … Willem Toorop