IETF Logo Mail Archive

Re: [DNSOP] Comments on DS Publication draft

Olafur Gudmundsson <ogud@ogud.com> Mon, 15 November 2010 16:51 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49F6328C1AD for <dnsop@core3.amsl.com>; Mon, 15 Nov 2010 08:51:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.432
X-Spam-Level:
X-Spam-Status: No, score=-102.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEA4Q6AIwvzc for <dnsop@core3.amsl.com>; Mon, 15 Nov 2010 08:51:44 -0800 (PST)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by core3.amsl.com (Postfix) with ESMTP id CC58228C19F for <dnsop@ietf.org>; Mon, 15 Nov 2010 08:51:43 -0800 (PST)
Received: from [IPv6:::1] (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id oAFGqOVA069888 for <dnsop@ietf.org>; Mon, 15 Nov 2010 11:52:25 -0500 (EST) (envelope-from ogud@ogud.com)
Message-ID: <4CE16548.4010506@ogud.com>
Date: Mon, 15 Nov 2010 11:52:24 -0500
From: Olafur Gudmundsson <ogud@ogud.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: dnsop@ietf.org
References: <F27EDA31-5A71-42F8-B7BF-D5B1E8ACBCA1@iis.se> <5D4DF4FC312644CE96DA636906C34DA3@local> <DD056A31A84CFC4AB501BD56D1E14BBB8C48FA@exchange.secure64.com>
In-Reply-To: <DD056A31A84CFC4AB501BD56D1E14BBB8C48FA@exchange.secure64.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Subject: Re: [DNSOP] Comments on DS Publication draft
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2010 16:51:45 -0000

On 11/11/2010 5:32 PM, Stephan Lagerholm wrote:
>> -----Original Message-----
>> From: dnsop-bounces@ietf.org [mailto:dnsop-bounces@ietf.org] On Behalf
> Of
>> George Barwood
>> Sent: Thursday, November 11, 2010 4:15 PM
>> To: Rickard Bellgrim; dnsop@ietf.org
>> Subject: Re: [DNSOP] Comments on DS Publication draft
>>
>>
>> ----- Original Message -----
>> From: "Rickard Bellgrim"<rickard.bellgrim@iis.se>
>> To:<dnsop@ietf.org>
>> Sent: Wednesday, November 10, 2010 3:53 PM
>> Subject: [DNSOP] Comments on DS Publication draft
>>
>>
>>> Hi
>>>
>>> I have some comments on the document
> draft-barwood-dnsop-ds-publish-01:
>>>
>>> 1. Introduction (3rd paragraph)
>>> It is not always the case that the child is the one defining the DS
>> RRset. Some parents wants (for some reason) to create the DS RRset
> based
>> on their own policy (choice of hash) and based on what DNSKEY RR the
> child
>> send in.
>>
>> I'll take your word for this, but this practice seems a "very bad
> idea" to
>> me.
> .GOV currently creates their own DS from the DNSKEY they "customer"
> uploads to the web gui. There is no way to create the DS yourself. I
> agree that this is bad practice but I think we need to take this into
> account.
>

Maybe we need a paragraph in rfc4641bis saying why this is a bad idea.
In my mind this boils down to the arguments as if
	 "parent knows best" vs "child knows best".

Having observed .gov in action I think we need to make strong case
for "parent should not mess up child".

	Olafur

v2.23.0 | Report a Bug | By Email