Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt

Warren Kumari <warren@kumari.net> Mon, 15 August 2016 16:37 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F161212D94C for <dnsop@ietfa.amsl.com>; Mon, 15 Aug 2016 09:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JZgfo2-DxPc for <dnsop@ietfa.amsl.com>; Mon, 15 Aug 2016 09:37:13 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A96D112D93F for <dnsop@ietf.org>; Mon, 15 Aug 2016 09:37:12 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id f123so47206671qkd.1 for <dnsop@ietf.org>; Mon, 15 Aug 2016 09:37:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LOLM9pCT5XyzkGcPxsu5vBqbpMQvTQJdAL9JhrAlzws=; b=v1eiA7SO3hltkWvSHgk/ziaLs0FNEYQsIXcpmZv4FxeBzBDdS2d3ikKM9itItU6fK8 i7B17KHfXZUjKErUUnCO1liV9Lu+7j3v8iC2gvhPcBZet27gHaJgtnuBsJRcGrbvR3wp IywrWZEpvRoUnKALymmgRBKFq/gT5OqIz6UWh0pqPbpeiOYCztrdlfhLHXqzC8i2PWsQ QkDfAJTbBqOfyts1yAz4yYZY8OyIVQRD43OZZ8uyHgUlwYjDkX/+/C/MwlyeXJy/0O+j tZPRaxQO2Nf46UXWAA5Tes0LrE3Jerg5tVrPuwg560SNsnFj4j02qy0FqUvML7QXfDqU g5rQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LOLM9pCT5XyzkGcPxsu5vBqbpMQvTQJdAL9JhrAlzws=; b=ZHWVrOoCjBlv7jrjPtBhWvTpMhjUYT4vzETTUStWTApam6hrHkeCkfdBCPbeASaP9X GGRG+LgOcrrxsiHCe038/q+yXPPR0KLxD2dErnlZD2AWBW5KZ600SAfnNFYUaU0UNq4q LK5NJwJYP0NrGQaKvVP+TSDlWym+1Y1fw4HVHdSvNbkAts+ZXQXbCMqyBB8jtJcgNJxb 6LTPRbrKaeMddMkstKvTeDkJexkT0ghLiloQnHNnS0zQ2pFtQ6St9FzCoBOlTjMB/j24 0ujTFxa59jjOdDI0VN+s+vr8Db7hiItkYM48l4SLGEqBDCPJlzpbQ9nKR6Bdwho7THkD 7+eA==
X-Gm-Message-State: AEkoouvc729+PzrhkvWMQ0tXu8O+VCCt0CWcjLAwKaj8D21G5iaLzu3dNBDXPvyVANN/02lTY8JMMm3/1DLF2ioJ
X-Received: by 10.55.64.140 with SMTP id n134mr32823342qka.63.1471279030842; Mon, 15 Aug 2016 09:37:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.176.199 with HTTP; Mon, 15 Aug 2016 09:36:40 -0700 (PDT)
In-Reply-To: <CA+nkc8Ck9qS3BYwqEXwvardwYyZYw86SaMCGH3oG0PVt8-o5Cw@mail.gmail.com>
References: <20160803191756.6121.3153.idtracker@ietfa.amsl.com> <CAHw9_iJDCbbHHhXEo31yZPJmfuAr-cKFshmrcAq__6v011BFLw@mail.gmail.com> <CA+nkc8Ck9qS3BYwqEXwvardwYyZYw86SaMCGH3oG0PVt8-o5Cw@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 15 Aug 2016 11:36:40 -0500
Message-ID: <CAHw9_i+BtX6zYVvLo0PhsF1xD=62v=gRYstW9Wqmf+uHMdZ_9g@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Hha_IPuhgS6ASEmSagdqbgxiy9s>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 16:37:16 -0000

On Mon, Aug 15, 2016 at 11:20 AM, Bob Harold <rharolde@umich.edu> wrote:
>
>
> On Wed, Aug 3, 2016 at 4:32 PM, Warren Kumari <warren@kumari.net> wrote:
>>
>> We have updated this document with comments and feedback from Berlin.
>> We have also gone through and done another editing pass, removing a
>> significant amount of text which was intended to drive the discussion,
>> but would not really be useful in a published RFC.
>>
>> Please review it, we believe that the document is ready (or almost
>> ready) for WGLC.
>>
>> W
>>
>> On Wed, Aug 3, 2016 at 12:17 PM,  <internet-drafts@ietf.org> wrote:
>> >
>> > A New Internet-Draft is available from the on-line Internet-Drafts
>> > directories.
>> > This draft is a work item of the Domain Name System Operations of the
>> > IETF.
>> >
>> >         Title           : Aggressive use of NSEC/NSEC3
>> >         Authors         : Kazunori Fujiwara
>> >                           Akira Kato
>> >                           Warren Kumari
>> >         Filename        : draft-ietf-dnsop-nsec-aggressiveuse-01.txt
>> >         Pages           : 12
>> >         Date            : 2016-08-03
>> >
>> > Abstract:
>> >    The DNS relies upon caching to scale; however, the cache lookup
>> >    generally requires an exact match.  This document specifies the use
>> >    of NSEC/NSEC3 resource records to generate negative answers within a
>> >    range.  This increases resilience to DoS attacks, increases
>> >    performance / decreases latency, decreases resource utilization on
>> >    both authoritative and recursive servers, and also increases privacy.
>> >
>> >    This document updates RFC4035 by allowing resolvers to generate
>> >    negative answers based upon NSEC/NSEC3 records.
>> >
>> >    [ Ed note: Text inside square brackets ([]) is additional background
>> >    information, answers to frequently asked questions, general musings,
>> >    etc.  They will be removed before publication.This document is being
>> >    collaborated on in Github at: https://github.com/wkumari/draft-ietf-
>> >    dnsop-nsec-aggressiveuse.  The most recent version of the document,
>> >    open issues, etc should all be available here.  The authors
>> >    (gratefully) accept pull requests.
>> >
>> >    Known / open issues [To be moved to Github issue tracker]:
>> >
>> >
>> > The IETF datatracker status page for this draft is:
>> > https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/
>> >
>> > There's also a htmlized version available at:
>> > https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-01
>> >
>> > A diff from the previous version is available at:
>> > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-01
>> >
>
>
>  Minor nit:
> "Bob Harold" is listed twice in "10.  Acknowledgments".
> I probably did not add enough value to be mentioned once, certainly not
> twice.

Oh, thanks, good catch.
I've updated the version in Github: draft-ietf-dnsop-nsec-aggressiveuse

W


>
> --
> Bob Harold
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf