IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-00.txt

Geoff Huston <gih@apnic.net> Wed, 13 December 2017 00:04 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 337801270AE for <dnsop@ietfa.amsl.com>; Tue, 12 Dec 2017 16:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtoFYxlPWOJM for <dnsop@ietfa.amsl.com>; Tue, 12 Dec 2017 16:04:35 -0800 (PST)
Received: from JPN01-TY1-obe.outbound.protection.outlook.com (mail-ty1jpn01on0074.outbound.protection.outlook.com [104.47.93.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37D32126CBF for <dnsop@ietf.org>; Tue, 12 Dec 2017 16:04:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IksMfvEBTKBSF3CS+MT9x3rZ3wIsUxM3XEYCKMdDcTE=; b=Uww9zm+wu+AbF24iJMANLYvT4E/uJzpafcq8+MocRQa/7TS+Iztc5adXSS1JzZpq4VXWq+ark6t/HkEH9Z/72zHM66uF37UdLuj+JsbHJjeSGRyDME6xLEp+NcKAP3Tipb3h/3xYNoAFIl9PyNrHmsiCQb/YsK1kPNwdBdg5rq8=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from [192.168.10.101] (12.188.91.2) by TY1PR04MB0701.apcprd04.prod.outlook.com (10.163.246.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Wed, 13 Dec 2017 00:04:29 +0000
From: Geoff Huston <gih@apnic.net>
Message-Id: <468B0CBD-A9A2-475B-AADE-E80BDCAD3F7B@apnic.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_40C581C8-3283-441E-8AB4-8747D7894D6A"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Date: Wed, 13 Dec 2017 11:03:44 +1100
In-Reply-To: <CA+nkc8BmbRyWMDh-X554_b02+L8=iN7Qq9d9f+PHK2d=YCKfWA@mail.gmail.com>
Cc: IETF DNSOP WG <dnsop@ietf.org>
To: Bob Harold <rharolde@umich.edu>
References: <151295531772.21182.323628264618825298@ietfa.amsl.com> <CA+nkc8BmbRyWMDh-X554_b02+L8=iN7Qq9d9f+PHK2d=YCKfWA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.4.7)
X-Originating-IP: [12.188.91.2]
X-ClientProxiedBy: MWHPR2001CA0017.namprd20.prod.outlook.com (10.172.58.155) To TY1PR04MB0701.apcprd04.prod.outlook.com (10.163.246.23)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ca421243-42e2-4ee3-cc09-08d541bd154a
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307); SRVR:TY1PR04MB0701;
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0701; 3:bbdDm0gfma0nt0kRMrgow+HUn2/TFDi160lWbncMahcfnw3cBSZP/bL/YZfBq1mZXzfBPM466/LMWk932Cb2FBwwYw5K3QWfutggzkumoo/bO4fkTOauF79RPKk7p+WBIjAQYjJreaCCuo180tC3RO5Clpk6lFF2SR7xGzjuhiVZKOjqcGKYLBx+HVY+bRhLoSSYdsLaeI1WqlN/zmEPdL2u7w2Y3892Zp5X9OUE8n8+cdLAlhmSPR2EEeabZ5ln; 25:FF+fEsVVnfl8XwmDHZD8IoQAjkP2RUOzcVuqYq03Ylb4lfZcUBmzKB08GWICI/TdSYKV+bvW+DGEAUEbs57bVWdKLC82lPe/BoGaByQ+dEhuH+43qkjctkxxn2Hx84F5RCv/hNvcHrR+lXYCXp1WFzbpSS5KfKlU7JnffVXmEq5vR6el+gyCiQltkx2i9I7Q1Ivs2wSW17HquvdIWOiFpE2H5+nHdPeEDG0Ec9AzQ2Ng9PLcLwhKTpGsHWzQlUnonAhHm+NsZk9aVtXRpmmqc5iQIjYfaRppkMdKzwI8FUS6oJDVXOhCPoF4BdgkoXlKSThnJfno8tSX2tvHOhJRn4c/0d8NLuL0L+18gwXSFEs=; 31:JXaXRbZYAEFSOfjItvLAF+RBme5IVZOpNnGCPBcNjDgLBaNSPFrxub2aLqdJvAUijRHAPmC0wuwNAoxrOabyiH1CrPDodov3QlHNUP6iRt0e7skadX+FX10NsXnIygd68R+1wchieidMGC6c4uuUOFdCGtVD7LFGyLWd17PFxZSEnefksnj/MDzvGb9BCOqx6xrun9B4eEkpN+LAe02+EC4YXvTVQabMQHVcqtJYRic=
X-MS-TrafficTypeDiagnostic: TY1PR04MB0701:
X-Microsoft-Antispam-PRVS: <TY1PR04MB07016451F3ABE034281E3CB2B8350@TY1PR04MB0701.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(120809045254105)(192374486261705)(177329092695168);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3231023)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123564025)(20161123555025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148)(201708071742011); SRVR:TY1PR04MB0701; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:TY1PR04MB0701;
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0701; 4:dQnBKQmTVShY8ocPfc9fYseTMV4SmPU4+p09TTX0EvIVi87WxoKHLwOsTGnA5U0Lg1lJRoZAoCb9F9ucPhygzV+MQ0D+bJehCnUSoSv9PuAYbT5hmuIw2AzLA8IQGzVEC1NCPjDEldsjt7eoo86Zrcw1l53H0wZCwgmz08VzPW5sLDzTrT5riQH0hSlcAFEINsI9W6dAFtyDsTr/UintZYVACXVzpZ4t4XVJuBS6xMVnoYPQq0ngXeAcf9G4+prDN2wlq85QHEoZCuDUlqqr+J+DUDk+9rerHdwHqMMTp1PSMmLmHK+3xgl9cb53XwKR/lOxtlB809Fi6e+VV2sNOVajjNu3CsfKXu8qYuq9qkQZlz1RLQrNy9b90wWwiASS
X-Forefront-PRVS: 052017CAF1
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(39830400002)(346002)(376002)(366004)(24454002)(377424004)(189003)(199004)(8936002)(8676002)(57306001)(478600001)(606006)(82746002)(81156014)(7736002)(8656006)(36756003)(25786009)(52116002)(16576012)(316002)(86362001)(81166006)(84326002)(117156002)(16586007)(83716003)(16526018)(33964004)(59450400001)(53936002)(77096006)(229853002)(236005)(90366009)(54896002)(106356001)(6486002)(6306002)(4326008)(2171002)(6246003)(966005)(97736004)(33656002)(6666003)(5890100001)(105586002)(76176011)(230783001)(6116002)(2950100002)(69556001)(66066001)(4001150100001)(50226002)(568964002)(2906002)(68736007)(5660300001)(6916009)(53546011)(3846002)(386003)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR04MB0701; H:[192.168.10.101]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0701; 23:i4WNeM3Lw1KiAwUgBBQ5Rr2CqolnTXFOcZVs1rImdjPEmnNqyGgNH/guMFwsK942IME4ANpCyxCkvtfyfbkspVAjtPMLF0c1nXMdNEIV46FcR2am0pHQA3se7Hvd4fJBmWcM0Hk7JJNtuUpckuQK3TiD3Pyp5maAbjUuPbqbuGLalki0oBMWbEHBHTWTpeTX7pZwFL9pxYIHRAjXaIkyoM2AIxndg3XDv5kmyQkLzHAC5joyvcxUMSBWo2kPwS1id5GVfMghMdn0/PjOUmGJux1V23URac2T+z52GgZNg8kcNPTGFb817f4+KG7Oh/oAg3NSXMuwjS0wcLdwBhbZn/y0Xp0em48UP8tfihrnPYIBKNTZVhaQuJUVOoNJfZwQt7UbtjhzNeiR31oJ22HjnqemrnapNGtj0JZRItmXizJTqmKd56Z5UmGYsHsX890X/WJVVbLd8T/A/tHmCtk3/ho01H0IkGMAtC8oGAv/FF1VMkRPbCFlBOXOPkfWbv9bBrZVBfvUT6HCgWValEpZgo09LSgBIfGuIxM3jqZqk863tsxtPlxARbhcI5zToqoCxSo70Agj1DhyFzZ05RXFjPvs4cAnQIGjnAM54BRQjoXQtfw7AQC+BmgQaGbRRP7nLrC4BKV6M1rmcmELpZueIiCAfST5KPYvLl9YrgyOUYMFwjwPnHFnyjW1gKumHSSeoE80BmlmEM+Yf/UYe8YOQzlwNUgAIIvcAZvs62zUNbxEtISAa8R8zfIWV6Op3hk8U0QDmCgYc6ARkr3ZdofpxEfyvum9z6cciX7jOWNuY4D/pSTSW3N2HV71IOYIVAO2F2xXv9nJlndCcDaNEEjoUmr4OnlpWHYhAVPnjTw4I8BJYTKWvHcCzjhEZhw7N87TLR8mTb+OlC2Mt3sU0+mJf1ZuSSEdnI+rUHnxWVCnD2E7eBIqDNnSzLismc7WpOdxpDML5uLwNcQRQoDhRlgkE9YgS7fptSjPpLZ5pgWPdiIoLIIHXD51XzMqS/dSbmdqh99rSefIBjbhmtDNHlA4fAk3WtydeQaEYW4TlMuZcAFfZ4RA45xYQv89NTjSLEAKlI6K8jk3xWhCrJ+0eYev8CyMVBfwQQrbZTms9UvpG1hjRNXBbsDXWqttIBNU1WREE8QLLhg2uwuNfUmpRwn0QxT4jJ2tQcdLCTNqwutcHdj84SmyygWbbEVvPBjKLEhDh4YHYKKcHxviOhEmiJXB4i6cBY004Od9YIJyVP2K8j8MWt5TlqLqVqyYGOB0Yp9017Yn4q6SoDQkpincRy9VdLaMpfTudce8YMaYd5LwUE5F3TDMsqciR8+XaWme0s0VOe6nstkHKMVPctfy3ZffYdDgkGHxjIpfoUHrG91qE55MRekLXeqMOm5m9Ka8QVF1GnGRng0tqiljghk9onbWe8InYHYxAhIt1mOmxPND3r6OvgI4TJTgwg0rOb9fQZ5NkdwYjbMIOb1rF5hYdlYzAv3QIzPo6/N1qCpJKzsyFvDIuTDsZ3oRBb8gBBDGTeAE
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0701; 6:GFMmDPQAkFL+6rzKyAq6E+TkukmKoWwe9xtZh8t7BHwFuFdGWgg72nxTipw1KEL+z0S90uGNLsaITLRQ2KOT41h3HIivSwvCtUaVTN9WjTR6JDgCSIC0mR35qMKXavpfKFCH6XeOxbr5RUnGJY/Z341Bmk6WYeCbpHp9Fv61JOgANTOsY/78eUr6/v7VWo0WYlBdBa4ZqXDpF6JdAFI88J3UExdn24vjxpjTFibykmVfGIalSGZUxsnPFCj+kEJZcl4ACtv5F1hUJ/uoKnGJHIl4ERmgDxIcJ34RHELYVaG6zwjMRmhOkLQPXqKjpdDOXrAgwfwwsPacxFb8Wg/V/E4X6HJo/OSCArRPooi9kRU=; 5:AEdAxzbWhqOUQ5YMMr5nJ7jmAK3FSuihAalxceNRLWx91qr8Xa/7jKwyQOteNJaocK6yBrKWz49lvbYgaEng9/O9pVhO4oWz3sH+VJtfWaucYYJpCBKh5HTKNC6GAs8OWAVyAm2K8ZY8rl4/i6D2hEBosHB7k9xS0FJDphmOK6I=; 24:jKd0a7IgRwcrI6RVhKmztYOu3RX3lh/c4R92/VqPZGwZ/vcRIuxG4oFQ/j9c4kHXuuBQ9jcOpe71WkWF1aEYCdiplzfe83xadEAre1nChDQ=; 7:/p8Xag48C7ZVPtGnoPlzxtUvRGTJBng13Haw1gAui5kXDaBMJaupdC2+Y/AA9CwYhsz8v6D0h1VnRYRnbRCYGsTW7dmRD0ZaDSJTbOWmKqOj+gqwOEXJJq2vjvM1Q0WN8a+sL5Ye7AxiiOTmHUmXxIvni7ExnNgTv616MB1F4r2KCrWP4/l8hsXwOshlf1TyyEWdbkUP0zXZilv5csvhQe//5HHgZVO2RW/qIjx0C/wTo19Q7AmD+yreaYn40Gjy
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Dec 2017 00:04:29.7140 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ca421243-42e2-4ee3-cc09-08d541bd154a
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR04MB0701
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/H5KHqkeU-AkhPpPDMRlxFSdo04k>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 00:04:40 -0000


> On 13 Dec 2017, at 3:44 am, Bob Harold <rharolde@umich.edu> wrote:
> 
> 
> On Sun, Dec 10, 2017 at 8:21 PM, <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>         Title           : A Sentinel for Detecting Trusted Keys in DNSSEC
>         Authors         : Geoff Huston
>                           Joao Silva Damas
>                           Warren Kumari
>         Filename        : draft-ietf-dnsop-kskroll-sentinel-00.txt
>         Pages           : 8
>         Date            : 2017-12-10
> 
> Abstract:
>    The DNS Security Extensions (DNSSEC) were developed to provide origin
>    authentication and integrity protection for DNS data by using digital
>    signatures.  These digital signatures can be verified by building a
>    chain of trust starting from a trust anchor and proceeding down to a
>    particular node in the DNS.  This document specifies a mechanism that
>    will allow an end user to determine the trusted key state of the
>    resolvers that handle the user's DNS queries.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ <https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/>
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-00 <https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-00>
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-00 <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-00>
> 
> 
> 
> Looks good to me.  One minor typo:
> 
>  4. Sentinel Test Result Considerations
> paragraph 6
> 
> "If the resolver is non-validating, and it has a single forwarder
> clause, then the resolver will presumably mirror the capabilities of
> the forwarder target resolver. If this non-validating resolver it
> has multiple forwarders, then the above considerations will apply."
> 
> "it" at end of the third line should be deleted.


noted - “it" will be removed in the next version


Geoff

v2.23.0 | Report a Bug | By Email