Re: [DNSOP] Publication has been requested for draft-ietf-dnsop-rfc5011-security-considerations-12

Michael StJohns <> Mon, 09 July 2018 16:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5200130E48 for <>; Mon, 9 Jul 2018 09:05:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zyzuuLVG_DSG for <>; Mon, 9 Jul 2018 09:05:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 25D76130E31 for <>; Mon, 9 Jul 2018 09:05:21 -0700 (PDT)
Received: by with SMTP id s14-v6so7387731ybp.13 for <>; Mon, 09 Jul 2018 09:05:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=XlJdwznXyYhPRKiwc6TVQJ39tLIL3oPnK/6q7fkqSz4=; b=nKMzOB3ZC3JCdT7Jf1rV4KQFqGKhNpD9Tt+x9E2tDPCAtgKngxzfrJOSyvM7C5c7af p7b9ejYNfuihOYyxGo6jHZszwFJRpJ8vjDe5Z3f0jKgLU85v5g+oC0VRo4SN4/o6MtJn J0vKfDjDP/9aUihm1nelCpYT/xye5oHWcQJOECT8AtwKnXq37sITzrXzqQ1Dp/vCWwwm YQfMpVNEt0sNOMxdLjdKnpsHdvDEXY4rBZSYnWcoDR9GJ7YSerJ0MLxN76I/VR/u5J6f Y4k20LjLYFJ7GEL3um3f+0U2MqkiuMiQjfpPN06s6mVI0BIYrpGQ1qsjPlmtfpiORMI/ afyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=XlJdwznXyYhPRKiwc6TVQJ39tLIL3oPnK/6q7fkqSz4=; b=IOBK+gyYEXiuGh3WLBK44IrtMdzfPPZHNADmpgMGeel/Ezg6DT86LaVkDxHvpbKd99 kYwTXgHljEHtC23gxKaGZDY12Zq0mGKotDTcgM+a0Va+81uGCeYULCvrxZ0BPyORVb7A o7ncXjZHXJIDfTUR5fTCxEN5+o9k6qPXhRU44lbEemtzRrJREBeiaiVw7fdkfNH5b87A cvT1bdfTp9WasO/4w0slOfWZnJBClJK1xqbiNbjt9d67SMVRAxGb1wEQYn+c2NAxRZhm KkkdLLjyNu4pqTu1I6Zqq2ijOCjHq8ctP7PB4JGahjuIvE2VyfCNMMqKAf+DekXcNaaN 4S7Q==
X-Gm-Message-State: APt69E33DYjgwypWhg/Q+hMOP6n60RXZTOtzoK53coz9wjX8F+7i0pWk dTvQI0tDyK3esy7y2r/hx0fzkg==
X-Google-Smtp-Source: AAOMgpfedXZEdbWwwCv99x/PSbbwDVYlB/YD5UWt8+YF8YOtChucZoIgifitpprdPXdlfK2OTWE0PQ==
X-Received: by 2002:a25:4a85:: with SMTP id x127-v6mr10954923yba.135.1531152320071; Mon, 09 Jul 2018 09:05:20 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:4013:e15c:4f61:42fa:338e? ([2601:152:4400:4013:e15c:4f61:42fa:338e]) by with ESMTPSA id q3-v6sm6391216ywe.56.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jul 2018 09:05:19 -0700 (PDT)
From: Michael StJohns <>
To: Tim Wicinski <>, "" <>, "" <>
References: <> <>
Message-ID: <>
Date: Mon, 9 Jul 2018 12:05:15 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [DNSOP] Publication has been requested for draft-ietf-dnsop-rfc5011-security-considerations-12
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Jul 2018 16:05:23 -0000

Tim/Suzanne -

Please cancel the request for publication until you complete the WGLC 
for this document.

The last WGLC for the document was October of last year - it failed on 
28 October No 
WGLC has been made since then.

The consensus referenced in the shepherd's report was meeting consensus 
- not mailing list consensus AFAICT.  Specifically, I'd like to see if 
Ed's removed his objections.  I don't have a problem with the WGLC being 
used to judge consensus - but that's not what happened here.

Later, Mike

On 7/6/2018 9:08 PM, Michael StJohns wrote:
> On 7/6/2018 8:13 PM, Tim Wicinski wrote:
>> Tim Wicinski has requested publication of 
>> draft-ietf-dnsop-rfc5011-security-considerations-12 as Proposed 
>> Standard on behalf of the DNSOP working group.
>> Please verify the document's state at 
>> _______________________________________________
>> DNSOP mailing list
> *sigh*
> Point of order:  Did I miss the final WGLC on this after this last 
> version was published?  I can't actually find anything in the DNSOP 
> archives and I don't remember seeing the call.   So I'm suggesting 
> that we've missed a required stage.
> With respect to the shepher's writeup:
> 1) The first reference in the shepherd's write-up  is wrong - its 
> pointing to a whole other set of discussions related to Joe Abley's 
> ideas.
> 2) The second reference isn't representative of the actual discussion, 
> but only shows the point at which I got worn down. Please include a 
> reference that actually shows the attempts to try and resolve my issues.
> 3) This document should not be a Proposed Standard as it documents 
> nothing implementable (that is nothing implementable in a computer), 
> but is operational guidance for the publication process.
> 4) Is it usual for the WG chair to write the shepherd's report? 
> Specifically, it seems a conflict of interest for items (3) -(6).
> 5) The technical summary is misleading.  This is not an update to 
> 5011, but guidance to the zone publisher who may have not understood 
> the implications of operational choices (e.g. steady state single 
> trust anchor vs 5011s recommendation of multiple trust anchors). E.g. 
> "RFC5011 DNSSEC Key Rollover Strategy" isn't a document referenced by 
> this document, and that would be the document that would be in need of 
> an update.
> 6) Same comment - it's not an update to the 5011 timers, but to the 
> understanding of the publishers of such zones that use 5011.
> 7) Please include references of the emails of the "root server 
> community" review - AFAICT, Ed Lewis was the only one to comment on 
> the list and the last comment was last year.
> Mike
> Mike