[DNSOP]Re: Erik Kline's No Objection on draft-ietf-dnsop-dnssec-bootstrapping-08: (with COMMENT)
Peter Thomassen <peter@desec.io> Tue, 07 May 2024 07:59 UTC
Return-Path: <peter@desec.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6AF7C14F5FC; Tue, 7 May 2024 00:59:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4r2XyvRqzjcc; Tue, 7 May 2024 00:59:47 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3445C14F5F4; Tue, 7 May 2024 00:59:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From: References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=H4REauaDJmrYM/xUBq51ZartkHNRDRQbiOi94cDlNfI=; b=oIse5wFmlplhtKleqVDh+yvM83 p7jAOrP4KyDBDmeMmnUqPNHmIZWbB/rSm5Q8GmpI2VexwshqsjQM80nP9K/TXQ3mkkbOeUijAkkvi 8neADSRlH5fEt64Q76jSVjE6idBNJUkisoQop0pNbFMnICJP2Rm3xoJmSCDzG79p+o2K867vIocgk q9/BJKrrHl/Y51OHaJESlveVOjeIHpUai2tEBwpT2pultCWaVg/uH3364Ql+BjbRYlKWCvNEiYtoI 8UFQ+SiX9APputPWvEukcnJFJyyLiUqU+HUmPh7p4wpM/UEPJ7wYDsguuO6VuKqIf+MCd1oMQvIOl hqJj+BFw==;
Received: from [2a02:8109:9283:8800:4397:3610:f266:5b14] by mail.a4a.de with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <peter@desec.io>) id 1s4Fjf-00FfzL-Hx; Tue, 07 May 2024 09:59:39 +0200
Message-ID: <657523f6-0228-410c-9f59-93c39d1777be@desec.io>
Date: Tue, 07 May 2024 09:59:38 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>
References: <171486113510.24534.6732678482946581407@ietfa.amsl.com>
Content-Language: en-US
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <171486113510.24534.6732678482946581407@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: 63QBKI4MET75JGJAXT4LAGJBSLXRDR5I
X-Message-ID-Hash: 63QBKI4MET75JGJAXT4LAGJBSLXRDR5I
X-MailFrom: peter@desec.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-dnsop-dnssec-bootstrapping@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, tjw.ietf@gmail.com
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP]Re: Erik Kline's No Objection on draft-ietf-dnsop-dnssec-bootstrapping-08: (with COMMENT)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/PSmBgLTZDB-j8fA_9n4B4WWdLDc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi Erik, Thanks for your review! On 5/5/24 00:18, Erik Kline via Datatracker wrote: > ## Comments > > ### S7 > > * Should there be some kind of registration or reservation for the "_dsboot" > meaning and usage described in this document? The authors were wondering as well. We figured that unlike in case of the existing underscore registry, the issue seems less pressing: The _dsboot etc. labels are under the "main" underscore label right in front of the nameserver name. As a result, the signaling type label (like _dsboot) is somewhat "shielded", in the sense that they are only used under the signaling mechanism, i.e., by DNS operators announcing stuff about their managed zones. Given the limited target group for the signaling mechanism overall, collisions seem less likely than with underscore labels in general. The authors are also not sure under which conditions such registries should or should not be erected. In short, we don't really have an answer to your question, except that less may be more, but it's not clear. That said, the authors think "why not", and if you wish, we can add a section to address this. I imagine this would be something like RFC 8552 Section 4.1 [1]. This would add ~2 pages to the draft, unless there's a shorter way to do it. [1]: https://www.rfc-editor.org/rfc/rfc8552#section-4.1 Thanks, Peter and Nils -- https://desec.io/
- [DNSOP]Re: Erik Kline's No Objection on draft-iet… Peter Thomassen
- [DNSOP] Erik Kline's No Objection on draft-ietf-d… Erik Kline via Datatracker
- [DNSOP]Re: Erik Kline's No Objection on draft-iet… Erik Kline
- [DNSOP]Re: Erik Kline's No Objection on draft-iet… Erik Kline