[DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
Joe Abley <jabley@strandkip.nl> Fri, 02 August 2024 06:38 UTC
Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C7FC151549 for <dnsop@ietfa.amsl.com>; Thu, 1 Aug 2024 23:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fCOdU9hhVN1 for <dnsop@ietfa.amsl.com>; Thu, 1 Aug 2024 23:38:51 -0700 (PDT)
Received: from st43p00im-ztfb10071701.me.com (st43p00im-ztfb10071701.me.com [17.58.63.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0052C151551 for <dnsop@ietf.org>; Thu, 1 Aug 2024 23:38:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1722580356; bh=8G7bV+2tYLsmk8Q0wPzseXg9BrM2D2i34YcykIgIG7E=; h=Content-Type:From:Mime-Version:Subject:Date:Message-Id:To; b=CXVrU15V1M2XhUWtje3iX03pmTXgcqoK9+PFE4TCDFecjBAO9GicE93v+cFxcbezF PAYpKMvAZAEizXVS8zDryKCqdisLf+0qiSn6fkojqqTrPzUS3Ryd5hZCKa6kWYQ8vw XFnxGniaGiOa0d1afebFgfGTteZ+UCzLgz7bvPt0UZGtt2J54FwU7iHJVPmZuLO+aD kPTAI/IV8iWnccXTeQMt5UzLyy9G+b+8nx7HroaTuJCrXa1wFfLAgV6umP4sjWg+l9 O1cwy8WOwp7cbyRwOKTZwCGhMmEb9nJw+KYykohcSolIOlCktuF+mRegrMbqoRyRwr AvbB+0KImJuFQ==
Received: from smtpclient.apple (st43p00im-dlb-asmtp-mailmevip.me.com [17.42.251.41]) by st43p00im-ztfb10071701.me.com (Postfix) with ESMTPSA id 02F64CC020A; Fri, 2 Aug 2024 06:32:33 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: Joe Abley <jabley@strandkip.nl>
Mime-Version: 1.0 (1.0)
Date: Fri, 02 Aug 2024 08:32:21 +0200
Message-Id: <D0AC83C3-04F4-4104-868D-73FBF239D5DB@strandkip.nl>
References: <F7AD5DAF-27E6-4EDD-AB76-924822C15722@icann.org>
In-Reply-To: <F7AD5DAF-27E6-4EDD-AB76-924822C15722@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>
X-Mailer: iPhone Mail (21G80)
X-Proofpoint-GUID: j4rmoLpSvjqzBuVkvFakX6OgTTKzqaBl
X-Proofpoint-ORIG-GUID: j4rmoLpSvjqzBuVkvFakX6OgTTKzqaBl
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-02_03,2024-08-01_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxscore=0 spamscore=0 bulkscore=0 malwarescore=0 adultscore=0 phishscore=0 clxscore=1030 mlxlogscore=621 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2408020044
Message-ID-Hash: 5I5A6OKERXDMC7BJ4TQAJXDMIY422N2C
X-Message-ID-Hash: 5I5A6OKERXDMC7BJ4TQAJXDMIY422N2C
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsdir@ietf.org, "dnsop@ietf.org WG" <dnsop@ietf.org>, draft-ietf-dnsop-rfc7958bis.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ORPClngojwjNv35C2FBWVduBtpY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On 2 Aug 2024, at 02:34, Paul Hoffman <paul.hoffman@icann.org> wrote: > On Jul 31, 2024, at 23:15, Joe Abley <jabley@strandkip.nl> wrote: >> >> On 1 Aug 2024, at 02:29, Paul Hoffman <paul.hoffman@icann.org> wrote: >> >>>> Is there implementation experience with the new format? What was the >>>> implementer feedback? >>> >>> We have heard informally that some implementers have added the new features with no problems, but they obviously can't test it until there is a new trust anchor file from IANA, and that's waiting on the standard to be published. >> >> Why obviously? > > Because they can't test whether a fake trust anchor is actually signing the root zone. Generally, the point of validation is to tell whether signatures are authentic. Everybody can test this. That's what validation is. >> The software that generates the file is not secret, and presumably there is equivalent hardware to that used in the KMF that is available for testing. It seems like it ought to be straightforward to generate some test files. Testing prior to first production use seems like a sensible thing to do. > > That would be testing whether the software could ingest a trust anchor file, not whether what it ingests would actually work. Since this document specifies the format of the trust anchor file, that seems like exactly the appropriate testing to do. Joe
- [DNSOP] Dnsdir last call review of draft-ietf-dns… Petr Špaček via Datatracker
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Joe Abley
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Joe Abley
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček