IETF Logo Mail Archive

Re: [DNSOP] [Ext] More input for draft-ietf-dnsop-dnssec-bcp?

Paul Hoffman <paul.hoffman@icann.org> Tue, 26 April 2022 23:29 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB2D2C1D34ED for <dnsop@ietfa.amsl.com>; Tue, 26 Apr 2022 16:29:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IceovXE9Zq9l for <dnsop@ietfa.amsl.com>; Tue, 26 Apr 2022 16:29:11 -0700 (PDT)
Received: from ppa2.lax.icann.org (ppa2.lax.icann.org [192.0.33.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F215C1D1C75 for <dnsop@ietf.org>; Tue, 26 Apr 2022 16:29:11 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa2.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 23QNSxiX007781 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Apr 2022 23:29:00 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Tue, 26 Apr 2022 16:28:59 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0986.022; Tue, 26 Apr 2022 16:28:59 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Peter Thomassen <peter@desec.io>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [Ext] [DNSOP] More input for draft-ietf-dnsop-dnssec-bcp?
Thread-Index: AQHYWcVnX4opDD1RIEqXoG2PslwIxA==
Date: Tue, 26 Apr 2022 23:28:58 +0000
Message-ID: <5BF5157A-2C96-464A-B670-A8C923774234@icann.org>
References: <02759DA4-45AF-4021-BBD1-B8733CD85CE1@icann.org> <d82ca1ff-db2f-773c-dee2-345d85cc059d@desec.io>
In-Reply-To: <d82ca1ff-db2f-773c-dee2-345d85cc059d@desec.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_610469A2-1F47-48C6-A96F-0ED07926A7C3"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.486, 18.0.858 definitions=2022-04-26_06:2022-04-26, 2022-04-26 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HHVlA08JtqoQ9PRQg5M0rqM-xMY>
Subject: Re: [DNSOP] [Ext] More input for draft-ietf-dnsop-dnssec-bcp?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2022 23:29:15 -0000

On Apr 26, 2022, at 3:53 PM, Peter Thomassen <peter@desec.io> wrote:
> 
> Hi,
> 
> On 4/25/22 23:50, Paul Hoffman wrote:
>> Greetings. I posted the -01 about ten days ago, and have not heard anything since then. The chairs indicated that they wanted this fast-tracked, so I'll nudge here for more input, either on the WG mailing list on in the repo (https://github.com/paulehoffman/draft-hoffman-dnssec). If nothing big comes up, I'll ask for WG Last Call.
> 
> I like the idea of collecting state-of-the-art DNSSEC recommendations in some central place.
> 
> However, I noticed that three of the RFCs listed in the draft are from 202x, and likely more will have to be added in the future. That made me wonder:
> 
> How do we update this collection?

That's an excellent question! The likely, not-excellent answer is "we don't". That is, if you look at similar documents for other protocol sets like SIP and IPsec, they were never updated.

> Do we issue a new BCP with a new RFC number every time that seems reasonable? When would that be / how many new relevant RFCs would have to get published before that happens?

We certainly could. But, if history is any guide, that is unlikely to happen.

> Have we considered other ways of doing this, e.g. moving all the RFCs listed to a to-be-erected "IANA DNSSEC BCP registry", which can be updated more easily?

That could also be done in parallel. Or, it could be done later when someone gets tired of seeing the slowly fraying edges of this RFC.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email