Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
"Wessels, Duane" <dwessels@verisign.com> Thu, 26 July 2018 16:37 UTC
Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1279B131218 for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 09:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbKyMWepEjS7 for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 09:37:32 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECDC913120F for <dnsop@ietf.org>; Thu, 26 Jul 2018 09:37:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7500; q=dns/txt; s=VRSN; t=1532623052; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=xsG05Y+I6Gzpm/e8AjcfcU0s2W/fba4qpKRRMt/aC0s=; b=pzj14bGQbdxW6k8d/sYmpt4N+mHpUcA74CcT34Me1+vpMKSKspMqE8O4 haEyLal/s3S5XMCtuKSJH5rN6YLiTcVQPrkoZFwojgq4PcYFY+E0uC9nl 0lMaNna9QUVg5Epm9a6vipBr4mSk+uOLU4cfONmFExaY90Pt3a9m4cl98 4BwtU2pSNZ30BhvVV+myXj9ktE4eGmqPsZqEqoDbg4wAglQ9aC5kCl2O7 AdSKfjhSQK1bMCcrxYR+1ei4vvKBcl2v7MjBsZxZuZ1xf3Z0r+pDxuN3P vi6EfKlDPbfEnqiQEvxwcdUcvZyJLcwp9p/s5WMq2xEGD3Lcmwgaxm3PK Q==;
X-IronPort-AV: E=Sophos; i="5.51,405,1526342400"; d="p7s'?scan'208"; a="7279359"
IronPort-PHdr: 9a23:onR2ehIMMCHO2Bipj9mcpTZWNBhigK39O0sv0rFitYgXKvj8rarrMEGX3/hxlliBBdydt6oazbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlJiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0vRz+s87lkRwPpiCcfNj427mfXitBrjKlGpB6tvgFzz5LIbI2QMvd1Y6HTcs4ARWdZXshfSTFPAp+yYYUMAeoOP+dYoJXyqFYVohuyGQysCfnzxjNUhHL727Ax3eQ7EQHB2QwtB9wCv3TKo9XuL6cdT+S1zLLQwT7eYf1WxC3y6I7WfRwvvPqBWq9/cMTPxkk0DAPKkFGQqZf+MjOLyOsNqWmb7/FhVeKgjW4rsR1+oj+qxso1jITCm4Ebykjc+Clk3Io5P8C0RUx1bNK+DZddty+XO5F5T84mW21kpTo2xqcbtZO5YCQG0okryhHcZvCdboSF4QrvVOiPLjp7mH5ofbeyiAyx/EWk0eLxU8e53EhXoSdEl9TDrXQA2h3R58WCRPZw8EWs1iuJ2gvO8O9LO1o0mrDeK5M5x74wkYccvlrbEy/tnUX2kLeWdkI5+ui08+jnYqvpppubN4JslwzwLrwgltG/DuogPQYBXnSX9fqm2L394UL5R69KjuUsnqbDrZ/WP9obprSiAw9TyIos9xG/DzK+3NQZm3kIMk5FdQqag4T1IV3CPfL1APmlj1ixkDpmyerKM7LlD5nVK3jMirbhfbJz605GzwozyMhS6I9aC74fO/LzQVH+tNjDDhIiLQy73fznCNRm1oMfVmKPBLWVP7/VsV+N/u4vOfWDZJcJuDbhLPgo/+bugmUkmV8ZZqSp25wXaHCiEfR6OEWVe2bjjc0ZG2cQogU+VPDqiEGFUTNLYHayWb8z5islB4KkForDR5utj6Cb0Ce8BJ1WaXhMCkqQHnfwa4WER/AMZTqPLc9niTwEUqChRpQg1R6wqA/6xaBrLu3O+i0XrZjjzsR65/XPlREu8jx5F8Gd0m+TQGF1mGMHXCE53LpwoUFlxVqPzbZ4jOJCFdxS/PNJUwg6NZjGw+NmDNDyXxnMccqMSFm8WNWpHSs9TtMvzN8SbUZxAdKijgrM33niP7hAr7WWANQL9b/A0mLqb5JlwmvC/K8mj1A6WY1EPDv1qLR48l2ZOIPSiEidjOLiWbkV2iOHvDOP0meVp0xcSyZuXL/ERnEQYA3dqtGvtRCKdKOnFblyalgJ8sWFMKYfL4Sx1Vg=
X-IPAS-Result: A2EhAQDq91lb/zGZrQpdGQEBAQEBAQEBAQEBAQcBAQEBAYVYCoN0lk2XSAgDhGwCgxo4FAECAQEBAQEBAgEBAoERgjUkAYJeAQEBAQIBI1QCBQsCAQgYKgICAjAlAgQOBQ6DEgGBd7FQgS6KNg+GPoJbgUI+gTgfgkyHfjGCJAKZewMGAoNkgVmXeZIMAgQCBAUCFIFYgXRwFWUBgj6CTY4Gb44DgRsBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Thu, 26 Jul 2018 12:37:30 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1466.003; Thu, 26 Jul 2018 12:37:30 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Paul Wouters <paul@nohats.ca>
CC: Ondřej Surý <ondrej@isc.org>, dnsop <dnsop@ietf.org>, "Weinberg, Matt" <mweinberg=40verisign.com@dmarc.ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
Thread-Index: AQHUJP7yGh3ItRokyEKUAd/eLNNzoQ==
Date: Thu, 26 Jul 2018 16:37:30 +0000
Message-ID: <FB727769-D16B-4EBF-A16B-95D6BCFA1282@verisign.com>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <6FFED142-0752-40FD-AF5C-7E9D6617DC03@isc.org> <A23A06AC-3706-44F9-9BA1-ECE89F17F127@nohats.ca>
In-Reply-To: <A23A06AC-3706-44F9-9BA1-ECE89F17F127@nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_52C0C54D-76FE-4480-A279-FADD65D9FBDC"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KIbGNAnkx6yCSTfCBKMMGCa4n_U>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 16:37:35 -0000
> On Jul 25, 2018, at 9:24 PM, Paul Wouters <paul@nohats.ca> wrote: > > >> On Jul 25, 2018, at 20:47, Ondřej Surý <ondrej@isc.org> wrote: >> >> >> For ZONEMD, this isn’t true, as you can (in theory) feed the zone with infinite amount of non-DNSSEC-signed >> data (GLUEs, delegations) thus making the collision attack feasible. > > That’s why I suggested already to add the count of the number or unsigned records to the ZONEMD record. This sounds like a reasonable idea to me. I'd like to give some thought to whether it should be a count of unsigned records, or all records. I'll discuss it with the coauthors. DW
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Petr Špaček
- Re: [DNSOP] New Version Notification for draft-we… Petr Špaček
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Hugo Salgado-Hernández
- Re: [DNSOP] New Version Notification for draft-we… Shane Kerr
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… George Michaelson
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… George Michaelson
- Re: [DNSOP] New Version Notification for draft-we… George Michaelson
- Re: [DNSOP] New Version Notification for draft-we… Petr Špaček
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-we… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Petr Špaček
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… George Michaelson
- Re: [DNSOP] New Version Notification for draft-we… Joe Abley
- Re: [DNSOP] New Version Notification for draft-we… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-we… George Michaelson
- Re: [DNSOP] New Version Notification for draft-we… Olafur Gudmundsson
- [DNSOP] New Version Notification for draft-wessel… Weinberg, Matt
- Re: [DNSOP] New Version Notification for draft-we… 神明達哉
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Shane Kerr
- Re: [DNSOP] New Version Notification for draft-we… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-we… 神明達哉
- Re: [DNSOP] New Version Notification for draft-we… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-we… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-we… Roy Arends
- Re: [DNSOP] New Version Notification for draft-we… Jaap Akkerhuis
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-we… John Levine
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Davey Song
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Steve Crocker
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Steve Crocker
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Davey Song
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Davey Song
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-we… Davey Song
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-we… Tony Finch
- Re: [DNSOP] New Version Notification for draft-we… Jim Reid
- Re: [DNSOP] New Version Notification for draft-we… Shumon Huque
- Re: [DNSOP] New Version Notification for draft-we… Bob Harold
- Re: [DNSOP] New Version Notification for draft-we… John Levine
- Re: [DNSOP] New Version Notification for draft-we… 神明達哉
- Re: [DNSOP] New Version Notification for draft-we… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-we… 神明達哉
- Re: [DNSOP] New Version Notification for draft-we… Tim Wicinski
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… John R Levine
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… John R Levine
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… tjw ietf
- Re: [DNSOP] New Version Notification for draft-we… John Levine
- Re: [DNSOP] New Version Notification for draft-we… John R Levine
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… John Levine
- Re: [DNSOP] New Version Notification for draft-we… Steve Crocker
- Re: [DNSOP] New Version Notification for draft-we… Joe Abley
- Re: [DNSOP] New Version Notification for draft-we… Steve Crocker
- Re: [DNSOP] New Version Notification for draft-we… Joe Abley
- Re: [DNSOP] New Version Notification for draft-we… Steve Crocker
- Re: [DNSOP] New Version Notification for draft-we… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-we… Florian Weimer
- Re: [DNSOP] New Version Notification for draft-we… Joe Abley
- Re: [DNSOP] New Version Notification for draft-we… John R Levine
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Tony Finch
- Re: [DNSOP] New Version Notification for draft-we… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-we… John R Levine
- Re: [DNSOP] New Version Notification for draft-we… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Wessels, Duane
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-we… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý
- Re: [DNSOP] New Version Notification for draft-we… Ondřej Surý