Re: [DNSOP] Working Group Last Call for: Message Digest for DNS Zones
Miek Gieben <miek@miek.nl> Tue, 14 January 2020 06:15 UTC
Return-Path: <miek@miek.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD4712004E for <dnsop@ietfa.amsl.com>; Mon, 13 Jan 2020 22:15:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=miek-nl.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9Zw379gCxsM for <dnsop@ietfa.amsl.com>; Mon, 13 Jan 2020 22:15:45 -0800 (PST)
Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88F27120045 for <dnsop@ietf.org>; Mon, 13 Jan 2020 22:15:45 -0800 (PST)
Received: by mail-wm1-x342.google.com with SMTP id m24so12348725wmc.3 for <dnsop@ietf.org>; Mon, 13 Jan 2020 22:15:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miek-nl.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=Pfj/6CPRF0A0zX6bGMvuKqWuWLl9rKff1wC40fge+KQ=; b=SJfrRAh6bi4OTnfPuuMDxKJIRDuzY1PLqvVHXWPOKeWhIKcimgWlyUSd9081+Bi8hN 8KW8l3sbgNZCKRE60u0dE2zvXpZcqVszgMR27jFArUe52eGYn/Gr1TdRw869FI88rt+M gimAj9zfTtaXMZAHpY98v9QjFc2b0guff29cusv+PvhA0SYLMOejm2XvQwMXaSGzAVkp Xt9IuoVe4SwH1/dyZmxvde50IRpM8RzmVfc3+ciT9J6/DSHllSA309SFe4ZbClifdBUh 7RMOfboBiWyax/vAyQVzla8y1PPMesjeocTvQhjg/UyYaODu/wckVzXfxpb12OkRLaEY 3ZTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :content-transfer-encoding:in-reply-to; bh=Pfj/6CPRF0A0zX6bGMvuKqWuWLl9rKff1wC40fge+KQ=; b=MYXeTS68wWQVS8g01VOofbrqG9npuGBFPiiLlY8XZ53dPo1FvE1ti59rKq4n+q7hDv E5/TKqTAv2HYw2iGXiN2nlRc2aRph2kdRNGDK1/MixmJCXLF6LP1Bkds1hqdDpoavv7a RA1OHPAta8xKhLVnu/hMFuRyt6G3aGKt2gTvd7cO2JTujtbMf9s9g60jSndCu2Ifj4hb 1xvdumN4nAsWlXaRk0WFHZMGZnVMW24UjHM9/fu2oI2Ai1x8BHGSuzLOECADLhci9Rwo e3nEp8dgdOKNouIRajdjiBBwBuLJZMGTJB3YBx4feu0POqGBeORggCIrg80sM4JQdLBW +dhw==
X-Gm-Message-State: APjAAAX69HWkdwYWiDL3GnH4Db8Ynii+0UbkELEQsJMJXQcSTzmaXmDh C0+C1yZzzpI6lsmwz3YA4QrMI/OpBxOWFg==
X-Google-Smtp-Source: APXvYqwITh1mK/u3HXPz72j9tf4Z9kh2Vm26zWsutdRSh/rvb+x1IfSgRUrwVSet9AyVJKAJZjRDyA==
X-Received: by 2002:a7b:c4c3:: with SMTP id g3mr23784093wmk.131.1578982543921; Mon, 13 Jan 2020 22:15:43 -0800 (PST)
Received: from miek.nl ([2a02:a450:f343:0:358f:eb20:57aa:baf1]) by smtp.gmail.com with ESMTPSA id i11sm18533498wrs.10.2020.01.13.22.15.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2020 22:15:43 -0800 (PST)
Date: Tue, 14 Jan 2020 07:15:38 +0100
From: Miek Gieben <miek@miek.nl>
To: Michael StJohns <msj@nthpermutation.com>
Cc: John R Levine <johnl@taugh.com>, dnsop@ietf.org
Message-ID: <20200114061538.GA20479@miek.nl>
Mail-Followup-To: Michael StJohns <msj@nthpermutation.com>, John R Levine <johnl@taugh.com>, dnsop@ietf.org
References: <20200107023630.628251208AAF@ary.qy> <ce52989c-f6cc-f4e5-0c49-d528d366e350@nthpermutation.com> <alpine.OSX.2.21.99999.374.2001081359350.85317@ary.qy> <923cb7d7-be70-37e9-ca8b-248e95db9aa1@nthpermutation.com> <alpine.BSF.2.21.99999.352.2001081505180.78172@gal.iecc.com> <ed2c18b2-65f8-954d-7d2f-8102b08e9748@nthpermutation.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <ed2c18b2-65f8-954d-7d2f-8102b08e9748@nthpermutation.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MvBJFjHmvdBePpLD73VdCCqByjM>
Subject: Re: [DNSOP] Working Group Last Call for: Message Digest for DNS Zones
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 06:15:48 -0000
[ Quoting <msj@nthpermutation.com> in "Re: [DNSOP] Working Group Last Call..." ] >I'm not convinced of the general utility of this scheme. >It feels like DNS bloat and more a solution in search of a problem. >That said, I appreciate Duane's willingness to make changes to fix >some of the more egregious problems. I like to echo this sentiment; esp considering this draft is heading towards a standards track. Also the example given in 1.1 Motivation is a bit weak: "For example, a name server loading saved zone data upon restart cannot guarantee that the on-disk data has not been modified. For these reasons, it is preferable to secure the data itself." That looks like an implementation detail for nameservers loading the zone, not something the IETF should fix. /Miek -- Miek Gieben
- Re: [DNSOP] Working Group Last Call for: Message … Vladimír Čunát
- Re: [DNSOP] Working Group Last Call for: Message … Tim Wicinski
- Re: [DNSOP] Working Group Last Call for: Message … Wessels, Duane
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John Levine
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John Levine
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- [DNSOP] Working Group Last Call for: Message Dige… Tim Wicinski
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … Paul Vixie
- Re: [DNSOP] Working Group Last Call for: Message … John Levine
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- Re: [DNSOP] Working Group Last Call for: Message … John Levine
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- Re: [DNSOP] Working Group Last Call for: Message … Wessels, Duane
- Re: [DNSOP] Working Group Last Call for: Message … Wessels, Duane
- Re: [DNSOP] Working Group Last Call for: Message … Wessels, Duane
- Re: [DNSOP] Working Group Last Call for: Message … Joe Abley
- Re: [DNSOP] [Ext] Working Group Last Call for: Me… Paul Hoffman
- Re: [DNSOP] [Ext] Working Group Last Call for: Me… Brian Dickson
- Re: [DNSOP] [Ext] Working Group Last Call for: Me… Bob Harold
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] [Ext] Working Group Last Call for: Me… Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- [DNSOP] future-proofing (Re: Working Group Last C… Paul Vixie
- Re: [DNSOP] future-proofing (Re: Working Group La… Brian Dickson
- Re: [DNSOP] future-proofing (Re: Working Group La… Wessels, Duane
- Re: [DNSOP] future-proofing (Re: Working Group La… Michael StJohns
- Re: [DNSOP] future-proofing (Re: Working Group La… Wessels, Duane
- Re: [DNSOP] Working Group Last Call for: Message … Michael StJohns
- Re: [DNSOP] Working Group Last Call for: Message … John R Levine
- Re: [DNSOP] Working Group Last Call for: Message … Miek Gieben
- Re: [DNSOP] Working Group Last Call for: Message … Wes Hardaker
- Re: [DNSOP] Working Group Last Call for: Message … Wes Hardaker
- Re: [DNSOP] future-proofing (Re: Working Group La… Shane Kerr
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Paul Hoffman
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Brian Dickson
- Re: [DNSOP] future-proofing (Re: Working Group La… Wessels, Duane
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Wessels, Duane
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Michael StJohns
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Paul Hoffman
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Paul Vixie
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… Michael StJohns
- Re: [DNSOP] [Ext] future-proofing (Re: Working Gr… John Levine