[DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt
Dan York <york@isoc.org> Mon, 31 October 2016 03:50 UTC
Return-Path: <york@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6448B1294F7 for <dnsop@ietfa.amsl.com>; Sun, 30 Oct 2016 20:50:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrB-0bixxp7H for <dnsop@ietfa.amsl.com>; Sun, 30 Oct 2016 20:50:00 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0075.outbound.protection.outlook.com [104.47.33.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69232124281 for <dnsop@ietf.org>; Sun, 30 Oct 2016 20:50:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ov9ypCcAy4ki6/p240O4XiW2h0G/01chuCglYJcsMp8=; b=zycE8UKoYSsEaO/LRkwcJussyZczFyqyaAWwpseJgs1m7akN0kHHneg2eI1tjFbcRAbv/f9bQFU5Y3Nm8XUlVDE8UCZ7hJhO/3+bSUINzsEFhvOKjFXgCHRTn4Jg1wv0GUYyJG7CWGNNFiMMVgJ1BBSSS+o/4IPdBCWpRsZvUBc=
Received: from CY1PR0601MB1657.namprd06.prod.outlook.com (10.163.232.19) by CY1PR0601MB1659.namprd06.prod.outlook.com (10.163.232.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12; Mon, 31 Oct 2016 03:49:58 +0000
Received: from CY1PR0601MB1657.namprd06.prod.outlook.com ([10.163.232.19]) by CY1PR0601MB1657.namprd06.prod.outlook.com ([10.163.232.19]) with mapi id 15.01.0693.009; Mon, 31 Oct 2016 03:49:58 +0000
From: Dan York <york@isoc.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt
Thread-Index: AQHSMygT1TmhXqO0REWPgyg0zPHr0Q==
Date: Mon, 31 Oct 2016 03:49:57 +0000
Message-ID: <40E4B8B2-10D2-4F99-A9C9-3CD314C64478@isoc.org>
References: <147788503336.20653.10711027347255017481.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=york@isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [74.69.229.215]
x-ms-office365-filtering-correlation-id: aab4b047-37cb-4be2-deab-08d40140fc06
x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1659; 7:FYL1VD23ckmDnVFkpnjHYGCJc32JhF583kIpROhR2HlWi7OmFqGPUR9QU8maY5IGahF1Uyo2K0j1M1LV+ecA8cW4BixbQOECuU5RTF9SYMjbN11HsLzuMMx2rSX+jDes56wymlPB3ZT2g3ANw1CHRvZDfwkkSSpcmmRpTVfzxrzk95ob4LP883Fa5y5UaidsFYRsrF1h94VVU6QtRD04qJ5w50/39LugzaunFgwxaWrs0udt2JEoK3r95s1Zm8B2QfgPJy0/8I3SG0pnpCqW1YOQ9HJ2cqS9smwHj1JhaM981X8DHT9Mjsyl+vqipY0lZXiGvBXFh855LGg8gegMes6YEFp2VD6j5AHr9aQUm9o=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1659;
x-microsoft-antispam-prvs: <CY1PR0601MB1659FD3D62DAE96CED8E2BF6B7AE0@CY1PR0601MB1659.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(166708455590820)(31418570063057);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:CY1PR0601MB1659; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1659;
x-forefront-prvs: 01128BA907
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(377454003)(199003)(189002)(377424004)(69234005)(6116002)(7736002)(105586002)(102836003)(229853001)(99286002)(6916009)(122556002)(101416001)(7846002)(68736007)(33656002)(7906003)(8676002)(106356001)(106116001)(19617315012)(16236675004)(5002640100001)(15395725005)(10400500002)(3846002)(11100500001)(110136003)(16601075003)(50986999)(230783001)(76176999)(54356999)(5660300001)(2420400007)(83716003)(19580395003)(19580405001)(3280700002)(586003)(3660700001)(15650500001)(97736004)(77096005)(81166006)(36756003)(87936001)(107886002)(450100001)(82746002)(15975445007)(81156014)(189998001)(7110500001)(66066001)(2906002)(92566002)(2900100001)(4001150100001)(86362001)(8936002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1659; H:CY1PR0601MB1657.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_40E4B8B210D24F99A9C93CD314C64478isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2016 03:49:57.8070 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1659
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KMIKw5B-r7DtRXUhqKOC5pJ-cng>
Subject: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 03:50:03 -0000
FYI, I submitted a new version of this draft that added some text in the section about "Resolvers" that mentions the case Mikael Abrahamsson brought to us about how they had to disable DNSSEC validation in the CPE they deployed to their customers because the resolver software was not following RFC 4035 and was not ignoring signatures with unknown algorithms. Comments are of course welcome. For those who are interested in writing I-D's with markdown, I also transitioned the source of this version of the document to the flavor of markdown that works with Miek Gieben's 'mmark' processor. Paul Jones nicely packaged mmark and xml2rfc into a Docker container that works extremely well. This document and other links can be found in my Github repo at: https://github.com/danyork/draft-deploying-dnssec-crypto-algs Dan Begin forwarded message: From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Subject: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt Date: October 30, 2016 at 11:37:13 PM EDT To: Ondrej Sury <ondrej.sury@nic.cz<mailto:ondrej.sury@nic.cz>>, Olafur Gudmundsson <olafur+ietf@cloudflare.com<mailto:olafur+ietf@cloudflare.com>>, Dan York <york@isoc.org<mailto:york@isoc.org>>, " york@isoc.org<mailto:york@isoc.org>" <york@isoc.org<mailto:york@isoc.org>>, Paul Wouters <pwouters@redhat.com<mailto:pwouters@redhat.com>> A new version of I-D, draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt has been successfully submitted by Dan York and posted to the IETF repository. Name: draft-york-dnsop-deploying-dnssec-crypto-algs Revision: 02 Title: Observations on Deploying New DNSSEC Cryptographic Algorithms Document date: 2016-10-31 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/internet-drafts/draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt Status: https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/ Htmlized: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-york-dnsop-deploying-dnssec-crypto-algs-02 Abstract: As new cryptographic algorithms are developed for use in DNSSEC signing and validation, this document captures the steps needed for new algorithms to be deployed and enter general usage. The intent is to ensure a common understanding of the typical deployment process and potentially identify opportunities for improvement of operations. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat -- Dan York Senior Content Strategist, Internet Society york@isoc.org<mailto:york@isoc.org> +1-802-735-1624 Jabber: york@jabber.isoc.org<mailto:york@jabber.isoc.org> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/
- [DNSOP] FYI - Added note about ECDSA resolver iss… Dan York
- Re: [DNSOP] FYI - Added note about ECDSA resolver… George Michaelson
- Re: [DNSOP] FYI - Added note about ECDSA resolver… Matthew Pounsett
- Re: [DNSOP] FYI - Added note about ECDSA resolver… Geoff Huston
- Re: [DNSOP] FYI - Added note about ECDSA resolver… George Michaelson
- Re: [DNSOP] FYI - Added note about ECDSA resolver… Geoff Huston
- Re: [DNSOP] FYI - Added note about ECDSA resolver… Ondřej Surý
- Re: [DNSOP] FYI - Added note about ECDSA resolver… Ólafur Guðmundsson