Re: [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec

"Wessels, Duane" <dwessels@verisign.com> Fri, 25 March 2022 15:34 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E433A1728; Fri, 25 Mar 2022 08:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bge3n5SnabX8; Fri, 25 Mar 2022 08:34:37 -0700 (PDT)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68E793A16EA; Fri, 25 Mar 2022 08:34:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=1856; q=dns/txt; s=VRSN; t=1648222476; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=0IWnrpEKbt6cV9DhJt1JRwY2N4ny7YpU0fVINjln74E=; b=lSfqQEuNWYzkVndBysSQtKLXzw4NV+raM5Lwk0sqMBhVdwjWwXEml742 skTppuPznYHN+VRbKDKiBZE9kAbbpg4T1DCmOx5BOWC7k6CVaH75l+Vys iyJaoKmJm0m+Y0dqm/PAOuBKuu3rLe7g3JuxeHFS48ZkXeUtrfBEICLX1 cjeHKDSdKn3hZqm9wjYICuasu58ZH23lk4TGU26fOinvfbugOltmmZwx2 wVRbKAuNXrX2XqGmh20/WmEqTrl7Tg5uAe0+DHoXk+B9yNaxXHAR0S0nE js4tHSpiomWpLxmAKiDLUYw5RdRJ2eoQgfs+lAzSw2wNY0vAf4VsuWNbJ g==;
IronPort-Data: A9a23:d81EMq5uaUkXG/V8lubPVgxRtFzGchMFZxGqfqrLsTDasY5as4F+v mYaXW2HP6zfNjOmeNBwPt/i8BwE6JLWmoM2HQM5rHpgEysa+MHIO4+Ufxz6V8+wwm0vb67GA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FFcMpBsJ00o5wbZi2NMw27BVPivW0 T/Mi5yHULOa82MsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DFrrx8RYZWc QpjIIaRpQs19z91Yj+suuijLh1SGtY+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 PYTk7bhFx5yBJ/zwOUDViF8I3BHbLITrdcrIVDn2SCS52f8VSLT5dheVBhwI4Yf4P4xCG0I6 +YDLnYGaRXra+Cemer9E7Y3wJ1+d4+3bOvzuVk5pd3dJfo5TIvYTqHRzcFVxjYrh89IW/3ZY qL1bBI2N06dP00Uaj/7DroZktzzoVnGeQQEsU+zoPYv50iJ1xFYhe2F3N39P4biqd9utlqau STH8nj3Kh4fPd2bjzGC9xqEnubSmWX7X4wcEbS+3v9hiVuVgGsJB3U+WV2gpuGRi0OiVZRYM UN80iYotq8qsUerR9jnRDW5rWKK+BkGVLJt//YS4huLk7XS7hbBXy0fUCQHbd098cUxAzYw0 AbPgcnyA3pkt7j9pW+hy4p4ZAiaYUA9RVLurwddJefZy7EPeL0Osy8=
IronPort-HdrOrdr: A9a23:AwodKa9DU8EkSdoXE5puk+AII+orL9Y04lQ7vn2ZESYlFvBxl6 iV8MjyTXfP+UsssQIb6Le90c67MA/hHP9OkPMs1NiZPDUO1FHDEGgm1/qG/9SCIVyAygc+79 YCT0EWMrSZZmSSz/yKgjVQeOxO/DDzysGVbJDloUuFIzsGV0gq1XYeNu/SKDwOeOHXbaBJbK Z0yPA33AadRQ==
X-IronPort-AV: E=Sophos;i="5.90,209,1643691600"; d="scan'208";a="13254838"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.24; Fri, 25 Mar 2022 11:34:32 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2375.024; Fri, 25 Mar 2022 11:34:32 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Tim Wicinski <tjw.ietf@gmail.com>, Paul Hoffman <paul.hoffman@icann.org>
CC: dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
Thread-Index: AQHYP9QVFFL4Xen46kWwB/kdFOvwSazQfwsA
Date: Fri, 25 Mar 2022 15:34:32 +0000
Message-ID: <4D29CB27-23EE-49E7-8BCE-B43D2038C5B4@verisign.com>
References: <CADyWQ+F88aupZ6krjmVY54OuqUaUq71myGpszyu6gnS240vWhg@mail.gmail.com>
In-Reply-To: <CADyWQ+F88aupZ6krjmVY54OuqUaUq71myGpszyu6gnS240vWhg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <04945C4D72679749B1D8F10BABAF2FDB@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NbdZ9TWnSxUax57qX-3TQ30PzfQ>
Subject: Re: [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 15:34:50 -0000


> On Mar 24, 2022, at 4:07 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:
> 
>  
> All
> 
> If you attended the most recent DNSOP session, you've heard Warren speak about creating a BCP for DNSSEC, including  all of the DNSSEC related RFCs, in order to make life easier for implementers and DNS operators. 
> 
> We want to ask the working group if this is something DNSOP wants to work on. If so, we can work with Warren to prioritize getting through the approval process as efficiently as possible.
> 
> 
> This starts a Call for Adoption for: draft-hoffman-dnssec
> 
> The draft is available here: https://datatracker.ietf.org/doc/draft-hoffman-dnssec/
> 
> Please review this draft to see if you think it is suitable for adoption
> by DNSOP, and send any comments to the list, clearly stating your view.

I think it is suitable for adoption.


> Please also indicate if you are willing to contribute text, review, etc.
> 

A couple of things from my first read:

Should the abstract perhaps more directly state the goal of documenting DNSSEC as a best current practice?  I find the stated purpose “to introduce all of the RFCs in one place” somewhat unconvincing.

From section 4: "IANA already has two registries that relate to DNSSEC”.  Shouldn’t the DS digest algorithm registry be considered a third?

DW