Re: [DNSOP] CDS Bootstrapping for vanity DNS servers

Joe Abley <jabley@hopcount.ca> Mon, 27 June 2022 17:49 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19D55C13CDAB for <dnsop@ietfa.amsl.com>; Mon, 27 Jun 2022 10:49:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqMeKpUWN6RK for <dnsop@ietfa.amsl.com>; Mon, 27 Jun 2022 10:49:30 -0700 (PDT)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05219C13CDB0 for <dnsop@ietf.org>; Mon, 27 Jun 2022 10:49:29 -0700 (PDT)
Received: by mail-qk1-x731.google.com with SMTP id f14so7520285qkm.0 for <dnsop@ietf.org>; Mon, 27 Jun 2022 10:49:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=5NdDUhRN3345A1wloMGTzTVHONaNKQQ6WmGLXm4Mt/M=; b=Qm4DywlMIStAUB3ggHRU0N/6j3yaBvLk9m76M294SWJX5b+R2N3CSuGlbbZwsGtQGt 8FlWEi0dBimKsORd1xsyAn7o75CYIRmjIAuK2VXR9Wy2fCs+vQhK9stptGSKytrAD+Hp DAfigj5zJe2Egn1+6hr4hMvH6vSRph5GY4nbU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=5NdDUhRN3345A1wloMGTzTVHONaNKQQ6WmGLXm4Mt/M=; b=0hdfq/muyLKUtKnNv18fEZgeQW+40WHyxFnCIDV/SWYcZ9ftZoGHpPLmi/QjynNLKe 7BO/r3W6w/wQv7+TadVjGDa0Wlwi+F5wdOmVzBa2zkM7uSxWcjGJgz+uH4XJEMWe2293 /SqpZzNezpxPKXirscxAnm81xSHDfAehd3oNF/ro/rHuj9TyzswaUwL6UqiLS0EgJl2U RvIVFhwXy9UjxJ9SIhDclKppJvLMvbYEKGcQq4ZqkPApZr55I2cokOdJTpc+iuPIoCZV RuLKp/CG5aBl0Am6QXA/BJRS9BVXRh0Tz6jJImlBEjVbiyF6/pdNEhUqFMozL0lkXajx nG3g==
X-Gm-Message-State: AJIora8RsTN6NcqcA3BgBW4KC2uZLQeK8wk+M1yQYYFAJYjm97r+8AdN Jb/HKCSayqHju8A73ueNQzEiivZgvZQfxUBL
X-Google-Smtp-Source: AGRyM1uVqfJmXuHgbFhvbg27IwmofdScepzZuBSge0biL145vqRTrqRCaITfdOlH1m9Y/TfxvUN00g==
X-Received: by 2002:ae9:efd5:0:b0:6ae:f7fe:4502 with SMTP id d204-20020ae9efd5000000b006aef7fe4502mr8838448qkg.421.1656352168777; Mon, 27 Jun 2022 10:49:28 -0700 (PDT)
Received: from smtpclient.apple ([2607:f2c0:e784:c7:a1e1:13c3:6571:40ad]) by smtp.gmail.com with ESMTPSA id br31-20020a05620a461f00b006af290182c8sm3287546qkb.86.2022.06.27.10.49.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Jun 2022 10:49:28 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
Date: Mon, 27 Jun 2022 13:49:27 -0400
Message-Id: <85316203-8B2C-447C-81C5-6A4185F9173A@hopcount.ca>
References: <d71ce57c-ec26-3495-9c9a-62db911239ae@desec.io>
Cc: dnsop@ietf.org
In-Reply-To: <d71ce57c-ec26-3495-9c9a-62db911239ae@desec.io>
To: Peter Thomassen <peter@desec.io>
X-Mailer: iPhone Mail (19F77)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ImtWljrdh6wHqTPJ-M00dyjy-KQ>
Subject: Re: [DNSOP] CDS Bootstrapping for vanity DNS servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 17:49:35 -0000

On Jun 27, 2022, at 13:40, Peter Thomassen <peter@desec.io> wrote:

> Thinking about it, perhaps there's no reason for normative language here. If others agree, please let me know and I'll change to lowercase "should".

If you are going to downgrade the requirement, MAY seems better than should, perhaps coupled with advice to help an operator make a good decision. 


Joe