[DNSOP] Re: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must-not-sha1-06: (with DISCUSS and COMMENT)
mohamed.boucadair@orange.com Thu, 15 May 2025 07:52 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C6CF628C601A; Thu, 15 May 2025 00:52:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-mxtYa7zShl; Thu, 15 May 2025 00:52:06 -0700 (PDT)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.123]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 11A1928C6008; Thu, 15 May 2025 00:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1747295526; x=1778831526; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:content-transfer-encoding:from; bh=5MfqkVp5ZY3oLizIxX26g6D2v3eQ8nTaFjN8OLz/284=; b=EV/WNc6QwIdn0ZbqbSlS6/j1DdNlmLmwMZRnd6BsOrTHNdjtcFPO9txt JLXjZfXtL0/Gnf6+SMDg/Yul+bDnNdgQttVr9cqVmgUMGdk4qeEz9ZX7G duln/wGzciU+/sRmh0jI+aeL34NuuNlpYpC//LDbFj+fekZnzmT5cZJv5 HSMPU9S6NP+VTCWyU4zRNcZiACebKwtN9lAvwAR10be0yt1KLHvvq9M2m Z7zw6Z8BvLUyfZPePr9t1O99d1OnHZizWuiTgEYxQHiUu2R7SR79864IW P/9D848h9wj/qzVCFtM9R9UxIs7sO8uRS9FD3tAhFODJVsXb0EHicUMca w==;
X-CSE-ConnectionGUID: jQoQugG5TgG2AfWlZ9AqHA==
X-CSE-MsgGUID: 2jT9Ea/5SgaMswOZgpVsIQ==
Received: from unknown (HELO opfedv1rlp0d.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:04 +0200
Received: from unknown (HELO opzinddimail3.si.francetelecom.fr) ([x.x.x.x]) by opfedv1rlp0d.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:05 +0200
Received: from opzinddimail3.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id B262A5203B7D; Thu, 15 May 2025 09:52:04 +0200 (CEST)
Received: from opzinddimail3.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id 81CF85203B51; Thu, 15 May 2025 09:52:04 +0200 (CEST)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail3.si.francetelecom.fr (Postfix) with ESMTPS; Thu, 15 May 2025 09:52:04 +0200 (CEST)
Received: from mail-francecentralazlp17011026.outbound.protection.outlook.com (HELO PAUP264CU001.outbound.protection.outlook.com) ([40.93.76.26]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:04 +0200
Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM (2603:10a6:508:1::231) by PR0P264MB1531.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:16c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8722.32; Thu, 15 May 2025 07:52:03 +0000
Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233]) by MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233%6]) with mapi id 15.20.8722.027; Thu, 15 May 2025 07:52:03 +0000
From: mohamed.boucadair@orange.com
X-CSE-ConnectionGUID: KsRxELrpRBqWUb0eE5hiMw==
X-CSE-MsgGUID: UXeUkYCiSYehzneU3CqX3Q==
X-TM-AS-ERS: 10.218.35.128-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
X-CSE-ConnectionGUID: Y+qeKmOfQIa6bhx7tpH9qA==
X-CSE-MsgGUID: HrdaKCxESFy2tJq/iGGqrA==
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none
IronPort-Data: A9a23:/rGF9Kry+kaW5L4d1pbSpPk/PIxeBmJnYhIvgKrLsJaIsI4StFCzt garIBmFM/aNZjfzKtpxbN+/pBhQuJCAnNBgGVZlpClmQS9G8pacVYWSI3mrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliOfQAOC6ULWYUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tqaT/f3YDdJ4BYqdDtJg06/gEk35qmq5WpF5gVWic1j5zcyqVFEVfrzGonhdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6ZvXAdJHAathZ5dlqPgqo DlFncTYpQ7EpcQgksxFO/VTO3kW0aGrZNYrLFDn2fF/wXEqfFPdgOxjL0QRM7Q587h9AXER6 eQ4eSkkO0Xra+KemNpXS8FUr/kbdpe3F75H4igmyizFB/E7R5yFW7/N+dJTwDY3gIZJAOraY M0aLzFoaXwsYTUTYhFGU9RhwqHy2BETcBUAwL6Rja8w42HWwQA32r/wO9PZc92QbcJPl0CXq yTN+GGR7hQyZIbBlWHfry/EaunnvTn3UaE5BJCD2O8wnH+KgW08JwQMfA7uyRW+ohXlAY4AQ 6AOwQIxr6g07xWDTtDnUxS7rWSf+BgRR7J4Feog5RmJ24LV7hqXQG8eQVZpadE9u+c3SCAkk FiTkLvBCSZmvqHQSH+B+PKYqyi1IW0QMHQeICkDUU4e49C6iIA+khyJScxseIa5iMbyAXT7w zmLtjMWhrgPg4gMzarT1VzBmDW0jpnEUgBz4R/YNkq57Bw/ZYO5aaSn7FHa6bBLK4Pxc7Wal H0Nmszb4voHC5qAnyGLXP8EGLi74+7cb2WF2AY1Qd8m6iin/GOlccZI+jZiKUx1M8ECPzj0f EvUvgAX75hWVJe3UUNpS7PyEskJyI/uLPXsCPrUfoVSerggbSbSqUmCenWs92zqlUEtl4Q2N pGabdugAB4m5UJPnGveqwA1ge5D+8wu+V4/U6wX2DyJ69KjiJO9TL4ENB6AdOk/566PrQPJ6 d9bPtmO00wACLSnOnOJt4kOMVoNMH43Q4jsrNBaffKCJQwgH3w9D/jWwvUqfIkNc0VpegXgo C3VtqxwkQCXaZj7xeOiNiALhFTHAcYXkJ7DFXZwVWtEIlB6CWpV0I8RdoEsYZ4s//F5wPh/Q pEtIprcXa4TFWmao2hDMPERSbCOkjz63Wpi2AL0OFACk2JIGVyVqrcIgyOzqnZTVnbp6aPSX ZX5i1qEGsJbL+idMComQKn0lQ/u1ZTssOdzVFHPOd5dZA3n95JyQxEdfddmS/zg3S7rn2PAv y7PWE9wjbCU/+cdroOV7Yja9N3BO7UlQSJn85zzseze2d/yojD7mdcovSfhVWy1aV4YD434P b8Ml6unaqNc9LuI2qIle4tWIWsFz4OHj9dnIs5MRR0ns3zD5mtcH0S7
IronPort-HdrOrdr: A9a23:qcq7jKPUwJW/n8BcT0D155DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8Ar4WBkb+exoS5PwOk80kqQFqrX5XI3SFDUO11HYSL2KgbGN/9SkIVyGygc/79 YrT0EdMqyWMbESt6+TjGaF+pQbsb+6GcuT9ITjJgJWPGRXgtZbnmVE42igc3FedU1jP94UBZ Cc7s1Iq36LYnIMdPm2AXEDQqzqu8DLvIiOW29LOzcXrC21yR+44r/zFBaVmj0EVSlU/Lsk+W /Z1yTk+6SYte2hwBO07R6d030Woqqu9jJwPr3NtiEnEESutu9uXvUiZ1S2hkF1nAho0idurD CDmWZlAy050QKqQoj8m2qR5+Cn6kdi15aq8y7mvZPuzPaJOA4SGo5Pg5lUfQDe7FdltNZg0L hT12bcrJZPCwjc9R6NkOQgeisa43Zcm0BS5dI7njhaS88TebVRpYsQ8AdcF4oBBjvz7MQiHP N1BM/R6f5KeRfCBkqp91VH0ZipRDA+Dx2GSk8Ntoic1CVXhmlwyw8dyNYElnkN+ZohQ91P5v jCMK5viLZSJ/VmG55VFaMEW4+6G2bNSRXDPCabJknmDrgOPzbXp5v+8NwOlZOXkVwzvegPcb j6ISNlXDQJCjzT4OW1rex2ziw=
X-Talos-CUID: 9a23:NuY3EmxhYnMDlwqv5ELmBgUlWdkoUXj6wk7xKhGyCXY2VKW1GEa5rfY=
X-Talos-MUID: 9a23:Vq3LBgu3+HnsJxoY9M2npCtuPeRD84mVJlFXjbcf/MirGjVqEmLI
X-IronPort-AV: E=Sophos;i="6.15,290,1739833200"; d="scan'208";a="82643255"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Bs+BcdqD+WQJhAd0QOxtJFib3PKdt1zQM6kwgw/1qrKZziCHmyWVQbFyyqWdwx7+RbSI/QovIKJ+p2ryZ5xqMgBOpA93i44ZcqbrlXEPy1ugDagJJKFU4y+WElTsxzyEDRsy071GNIO5HPFo2i33Nz7DWsytlbsBrSFO620NcmSnvIZwc6KW6KVebccPNPMe7aQhg+N1omBNRu8daLbsGuNGhiS46cMxKQlhFuit1bIkc35TXlv3P2oNpIvjwCrQrT1ygjh4AsGEdYYBtj8icHZqiK7EQO/e8fWT0a1gmcbvdXtwWBFVWcXbyuR0/arNj4ZKn5czSdYXAcQfnw8OLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HBAivdzIatHI1MhDsUGTd9Ts6MzaDbb8ul+VHvZpkpY=; b=USklKGqxN9QTnJbJtULHbwrCHoOPkrb+0tDodzlIb6wivXX5MiDKhKQw97ia7sNa/aOfczjLow+pbgxIZe/FVvZ4GnP7X/coStIzLfu/dxMkigf4O2TdeuSOR+GjzzjXKUfLOxTThVxUfg4CAJJH1jHSM9XfGIwWs3hRKhIaz/ZlGQ7ZYeulpRV0ZDv/o1Y2d770QdzHuV3bKKuYDKN0PDwB+LJJAFlYcjS+Uj768D9g01/GkHKuNaPCzIYrcHQiyeVBEFl6bubJr+ZR14y7AbDAOHxnCTp85z9QKZcE+kyp+pCZG0EYhhMLFm/oZ7ArFJSVzcptvsmyJXzvF/7WHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: Wes Hardaker <wjhns1@hardakers.net>, Mohamed Boucadair via Datatracker <noreply@ietf.org>
Thread-Topic: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must-not-sha1-06: (with DISCUSS and COMMENT)
Thread-Index: AQHbswuIXyTDUpUiVEe/EpuAK3XrF7PTcZSg
Date: Thu, 15 May 2025 07:52:03 +0000
Message-ID: <MR1PPF6395AA9E6C58037EEA59D170ECF128890A@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM>
References: <174453560483.1099397.15288329283858358772@dt-datatracker-64c5c9b5f9-hz6qg> <ybl5xix9mye.fsf@wd.hardakers.net>
In-Reply-To: <ybl5xix9mye.fsf@wd.hardakers.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=7a819299-7af8-4624-9d06-6b1c5506cbf7;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2025-05-15T07:40:53Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MR1PPF6395AA9E6:EE_|PR0P264MB1531:EE_
x-ms-office365-filtering-correlation-id: 75e2a277-5279-4c8b-75bc-08dd93856165
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: 4CYyWViqi9eLgj+7iD7xD5wKbJCg5HSkzPunX87G8ITK6nJYky5Q0pxSM20FWAkwTUbEwDiFiitxOsBtSpoqHdtKKG+wQcdqZX7sW4jILqMCPxgbQdtRa8qiUwnWfcP7kt5seqTlT4NfoxxzudxxIOVEFiQVqQeM+aWQB+G0AF/Z3FrWDHIAJtcddTFYyDUZ0FpfB+6WiNyRFGO125UJhWaqPw2Qitxz47CDMBbDFpuI1cgoYBDEq1uqGxxKw2wSyThF4vzatnSOA1tSXp1gX5P80Hhb4vQRPmtvhNFHjEx7Rdx22GijifnfIajmfPZT3Lfu+pLDzLWXva9qOC+vSLG+O1v6DE+PeEoeEw4Om/vmoSLJ4jlS+tawowj0x2HvimYJ/p8wdSU7vJEOtfRTui4pDILHEn0DxolYSw5HhasfXDIE11FBWlZ92fLp2VGkiudypsp2BrQGQ//Vj6GvL1mmmHhtbSWBUt/+Vw/9uY/XNoZhlC+EthcWkOY9t9y6ffCy3cEk3KYgQOF7jFKEY1GA2z/gKlsuLGXCu3HJhFWtYppjlyrP/08K+bXjS/lJRERh5QaxtgRik+6/3Htf/Ss+P7m68GiGkQCRXygfXchL1UBJCH+063Qcjvw/OcOytcUeREAQLc4W+WEABBrlhVgtwR3OXt56wAIbgCnISo/cOUUQu78EAm4J2pVGLGOtRwBjEfq6Eh+mshnbAU9wuLKWfkpk9D6diy+JSNGT73xMdrbbM2hBmWWJIWhx62Qxab3xg+Gx0cWZ+j/HpUyaAHUsiHeAE8Bn8huv5B9+DMyLWFaO1Wi4anS2mDhgHQ3HSKsjLkRmSv2kGs24MeODjQ5IQuWR5P9Avpx7+jErEWaFHOYAbCdhK0hexLjsDen8d7ItVVzeYdPQWe86SA7hmEtGW6C9d0XAVL8la8DqvLi5HSPZznmCtRysPwz/mQptZGdTbUN1w3pR9Jp2YluhCIC2EiPKq9LO0JfxJTJ/r2lAsfayfOm4jvYfrHug2U0LbAQxqk95B5ZFOs+RClIekXb4R/1OBNhaG2dDikun01b7dBnGdaefhqXkxeyViU+nV437rKHp7QEgABZubGiedH+1AUIKpP3Lo5NWp6AiEIlbafew4CGAsgFO+LuOmub5NHmXEWH1widPLGRDcN6BIKLhxEDHMEeVO7fWXHWzFVOu1ZIvxPEGexmdWGvii/BOJpxBxQZhMWC66+YGzQZoRCGEIgVqLG4lMfgUZnfFQofI9lY7Y/LPyjKN0hsOemWzYA6GqJOhq8F6ww89oceyms3+CRL3MONW1HPuuJRalhlVxkjpNdtnLacT/KPTlUEozE/XqMRu/TKXhxR4TGSpDJ3hO953e9RUrtEBX1m4FaSYjLCePaa6ffRzg4c2SkqBdI7O6fD+4/gxMkywMyU1ImzYN9PQGMoPKr42dqb7oyVj0dLEeTwNtM80/qsbEvBH+OrkWM/nFO9v2phHhbVblS6SEsej7g8hBh86a9VrZYA=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Yp9DK8zt6o/EsGqQRjn18zq7Po+JG1wVc4YitxgTBWCcR18nbPTW7D96PGlJUtfKtP2JVdO/am3cURyEAStpxrWGl8iumkwaSqbvWz2Q8BOwxau9oT+tPQ3LLyH3xOd0Q5uzb9LeyQk1t2jIY2W9SpjLgHTC+rFDx0rolJ3ICKJs5QArpnddmeNJ9XdATIr6riJ3SeAJhX4892MTCT2eZURKvFkMQYBvloD8JPEYZsoNp/2t0MNXH52m9A4VcSmNNK/9M9nX2o3eLpAzpTjAUXeMwJwSNnWTIyT3+MSSIhcq/WupmCnG1pOKImEeGl21nM2F1I19vR6qDIjB83varvDsHNedJ6mQfY9C9DszuOP7cw3Zix0+gy5XrSH4k7l+xbhJlRzie5K32zYZ+qGPROjIqNJJfZokbQ14M8GHOz25fk37rltQsHcLkPfQEXueezdDPcQ1ru1dfhGmpbrCE7oeR2PdS3COYQ12ab2J1lSEzEg97pWPS0BiAPNwS86ht70zut55XU/k3tD4nb2QT8zrHAsICGweXv7Jyb7nhoOxIsiC0Fbm3faCwtkW24pjOh7KqvhZw5/P4QElpQ/alnbyP9vxJWW5Zz1+PFA9mwo66q+zUXw4Lp1zvQiEw9a8S69IhX114dl7jTrIHtWGVuFl+RHQmdUaGn/MjyI1sksggCIXgD3Oe7LN598JBe2cfMfsRuDkncQeuh29HPVSroJDbIspthDWfPajD/pipldkMnq+M61O5kIYKFem6h1hQnUAv+g0ddNP69+X3pN1nYPrLN/RhCLqcJuNwBsJSGlG15RHMUhj6gBxvN8O7x1t/RqXU7BgE7QsP2me7Ht5yu3L4u6ndYxg8hry7+zPJdNqz4JEyS+hrq0zXJGmbPrH+3mAYtB5cr1bZNWiV8G6AzEP5V483DN8Rj6mV1yeQP90iMYE56K28bDJ0t9wSzola6gmrQhoEvIGZVE8QxZUd8TJmpahr18/Ps9eW4gshEDIwuzIKt0c7A2HX/srON14PDBvM7m9MFTrbiELceb213IKHfx7dbgjtULq6yb9AT9ws04hsoXt+s4KEqGdWCMP2qSju4wsNJJLlyEczPiPkB2h578TbPNgEx1NCLGVhAeJIJywGYZf0iUUPD+AHZOIVF5IslMzFj3m4CesBk0nPVGvRWAZyZgn6mHb9GxSN0jXQbuJOFBTEHzM0RdTEdIvEK6HnWAX6ZD9G/VFFdYFQYKZT4ChRznwvbymVVi/Y8qwELuJUFchhk2ZHr4PVY1JLT0tMbX5SN6oFjxB9qkl4m4VEBQokCJpdWFqZXHfB7rhPTBHKgNcMGFUS7AuQ6V2aQwDogKtEl6piv9MAqZd5DVdjvm8raO7QdEpv8aoQoUlGDZowNlJ3ajcIw6vuWT6RtXGsjxnaxltE3evTQCL/EOsnJUQeFdkHhlmshYS5W7C53eKaVcM/cYO2CoeujOEjmJiZBAPAXyH3hLVuJaANoa1no9I5sn5fxp/ed4aP3JLoyY4fl4srYBT3TWTz4IQ65aJDY7EX55cmEIM1Pn+xkltCtV8WfGvNHvNlh3bBAI1z/J7lPkeYDjTJCGuMWSJ7t5nxYS9pC0gMRRGZzfx5g==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 75e2a277-5279-4c8b-75bc-08dd93856165
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2025 07:52:03.0353 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xebqqwncc1u5GBiDJxJlLBQYllGYRWcF0YvLMViRQZPxCxUfv3iI38xn7Kwo7pEMswXesL1UywCyeVVJISw6NToFX3CuE9Ki41aD6EGA3Oo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB1531
X-TM-AS-ERS: 10.218.35.128-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.1.1004-29184.002
X-TMASE-Result: 10--48.328300-10.000000
X-TMASE-MatchedRID: Ayxnw/ZptIJYxPZZEiQc82Iebjj13eKW/cdhqO7KmN/cAmu1xqeethz8 TwDJiHPoJkpEgWlcD4FiuSbA21uih+TfPHhZVG8jg2tbutXuhCLx5KZMlKYS/cJWkMZBXP7DYzE 4rllPfcvkYBDLwsbmZ9VINlb0YWiV2C9S6mveVQWHNh7ClpY+EvknCf5Y5jPYaXmdXF2Ym8f194 DOtjj3niGfzI53p1sjEB3SpBj+HjONMkq6FfSn6kiaUFcOFAgUTPsVRSNcbWNX9HWCFp+ydwLo7 7dSjupL+03a+MQ8RE1X2LioA1StKImQ9db+Hoo+8f+64gLLEwIRyVsAxhhjrGS7laq3TMtk4Ju5 UjuFVsvvjhgeV9O8lKNhH88Sq/60WpzFcbgaiMKGsPek1xLHVhmiTJb38WReufh9X6Nby0cI92W 2CovSu87OWL6kAf3HttXP6wS/PND+RttnTtIPdLketMx0T38U3J386TUJ4bwU1xbljbMa+VFYyN 9BB7FnB0/TGBWAJ9SeSFZtQD4nEcV7aFLwD4J76xf0sB8b4azece0aRiX9WtSgyJTgyLvljSdnJ C0YNlElH+WmUjm+IINe0aIUafCpNsx6FHS5riIHDvjr7OxGkPSG/+sPtZVkqqAda2WWSit0Tsch 72XSbJ7BEeKXZ2+CkPI1/ZdqoS2bQnymSsmTzOfLe+209cGmjpdeX2ZEvrI8sjnqBWTPkv/uIR5 4p90yxNd3Rd9Wo65YP+FWmGyrS0fvagMkM/fK7c0is1Jg1FdDRebSlZYuStS/V4cIJyM4LaKzyz WK8GQ0FECUTORGX4RSY2Qc0faggF/gZnNr7fDyIohFuDqYop4CIKY/Hg3AY2fxc+IAshtfysTmY Htv9sdwGuKIm8sZ/wnffsU7xJLEQdG7H66TyKsQd9qPXhnJ/4rWvpj9UcgD/dHyT/Xh7Q==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: 6988432d-fad3-47f2-98c8-65cacb368bcd-0-0-200-0
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: D4NYBOQ7CRYPAWQVEYOMNOT3DSHF5R2S
X-Message-ID-Hash: D4NYBOQ7CRYPAWQVEYOMNOT3DSHF5R2S
X-MailFrom: mohamed.boucadair@orange.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-must-not-sha1@ietf.org" <draft-ietf-dnsop-must-not-sha1@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must-not-sha1-06: (with DISCUSS and COMMENT)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QzFeZs4wfgh2d7XcfF8g3hLt680>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi Wes, Thanks for the follow-up. Apologies for the delay to reply but I wanted to make first review mentioned in your reply. I'm confident we will clear remaining points before the telechat. Please see inline. Cheers, Med > -----Message d'origine----- > De : Wes Hardaker <wjhns1@hardakers.net> > Envoyé : mardi 22 avril 2025 00:20 > À : Mohamed Boucadair via Datatracker <noreply@ietf.org> > Cc : The IESG <iesg@ietf.org>; BOUCADAIR Mohamed INNOV/NET > <mohamed.boucadair@orange.com>; draft-ietf-dnsop-must-not- > sha1@ietf.org; dnsop-chairs@ietf.org; dnsop@ietf.org; > tjw.ietf@gmail.com > Objet : Re: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must- > not-sha1-06: (with DISCUSS and COMMENT) > > > Mohamed Boucadair via Datatracker <noreply@ietf.org> writes: > > Hiya, > > Responding to your points inline: > > > # Process Check > > > > De we need to do anything given that some of the work we are > updating > > falls under pre-5378? > > We don't think so. Specifically this document has no pre-existing > text that we're copying from, so don't believe that the pre-5378 > stuff applies. This document is entirely written from scratch as > new. [Med] Thanks for confirming. > > > # Authoritative source for recommended DNSSEC Algos > > > > I was naively expecting that we have a document where we say that > the > > authoritative reference for recommended values is the IANA > registry, > > not individual RFCs? > > > > Do we have such document? If so, the explicit updates in the > draft may > > not be required. > > The IANA registry table is the table we are trying to update which > holds the registry values that indicates the standards level. You > may want to review our companion document [1] that progressing at > the same time that moves all recommendations into the IANA table > because documenting the list only in an RFC turned out to be > problematic. This document > (must-not-sha1) thus sets the levels to match the recommendation > values for implementation and deployment. > > [1]: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fd > atatracker.ietf.org%2Fdoc%2Fdraft-ietf-dnsop-rfc8624- > bis%2F&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cb42d87bdc7e5 > 4efd4d0908dd8122a7f5%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6 > 38808708050608236%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI > lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D > %7C0%7C%7C%7C&sdata=BHDICVxLE%2BnPdj0KnElSFPAGdou9UYxsIqc8FUKZoOQ%3 > D&reserved=0 [Med] Now that I reviewed [1], and given that the authoritative source will be the IANA registry for now, I think that it is cleaner to remove the update thing but depend on the registry as set by [1]. > > > # BCP237 Umbrella > > > > As a big fun of BCP237, I wonder whether we should make this more > > visible in our DNSSEC "roadmap" documentation and list this > document > > under the BCP237 umbrella? > > So BCP237 currently only has one document within it (RFC9364). I > think if we added every future DNSSEC document to the BCP it would > likely get overwhelming. I would argue that whether or not and how > often we should update BCP237 is a good discussion for the WG as a > whole, but it's outside the scope of this particular document > (set). But that's very much IMHO. [Med] I consider this point closed. I like the concrete action taken by Paul. Thanks. > > > ----------------------------------------------------------------- > ----- > > COMMENT: > > ----------------------------------------------------------------- > ----- > > > > # Expand DNS Public Key (DNSKEY) and resource record digital > signature > > (RRSIG) in the abstract and introduction. > > Done. I'm not sure this is standard convention so we'll see if > there are others comments about this. > [Med] Thanks > > # Introduction > > > > (1) Reword for better clarity > > > > s/The security of the SHA-1/The security protection provided by > the > > SHA-1 > > Done [Med] Thanks > > > > > (2) Inappropriate citation > > > > CURRENT: "DNSSEC [RFC9364] originally [RFC3110].." > > > > I would not cite this specific RFC as this may imply that it is > RFC > > that «made extensive». > > We could not quite understand what you wanted here, as both > references made sense to us. Are you saying the RFC9364 or RFC3110 > should be removed? [Med] the comment is about removing RFC9364 citation at this place. The following text does not match with what RFC9364 syas. Better to avoid the confusion. Thanks. > > > CURRENT: "Readers are encouraged to consider .." > > > > Not sure to parse the intent here? Do you mean implementers? > Operators? Both? > > Please reword accordingly. > > Good point, changed to "operators". [Med] ACK > > > (4) > > > > CURRENT: "has been removed from some systems" > > > > May cite an example > > I think the references would all be external and likely changing, > thus we can't likely quote them directly. The one that has been > talked about the most is RedHat's OSes, but I don't think calling > them out in this document would be appropriate. [Med] Fair. Thanks > > > # Section 2: > > > > (1) > > > > CURRENT: "Validating resolver implementations MUST .." > > > > Please add a reference to > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fd > atatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9499%23section- > 10&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cb42d87bdc7e54efd > 4d0908dd8122a7f5%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C63880 > 8708050635059%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO > iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > %7C%7C%7C&sdata=Qg0PJKGKnOZS2wClDroBGz%2B2hnHTcGgjFHl6pV5xTSc%3D&re > served=0. > > done > [Med] Thanks. > > (2) > > > > CURRENT: "more security strict environments.." > > > > Can we characterize this? Or provide an example? Thanks. > > Not likely, as it's a highly subjective discussion that warrants an > RFC or academic or industry white paper in itself. The security > community will always disagree on the right level of hammer for the > right job. [Med] :-) > > > # IANA Considerations > > > > CURRENT: "IANA is requested to set the "Use for DNSSEC Signing" > column ." > > > > There is no such column. I guess you meant "Zone Signing"? > > This document is modifying the table as being modified by the > previously discussed companion document above [1]. That document > introduces the new columns that we're now changing. This document > is, essentially, the first test of that new process. [Med] ACK. > > > You have many references that are listed but not sued (RFC4033, > > RFC4509, RFC5702, etc.). Please check these. > > Done. [Med] Thanks. > > > Also, there is a problem in how the references are classified. > For > > example, you list "RFC8174" as informative, while this should be > > normative. Likewise, "RFC3110" is listed as normative, while it > should be informative. > > 8174 has been fixed (thanks) [Med] ACK > > 3110 is the basis for what we're modifying as recommended, so IMHO > it should be normative (but is not a hill I'll die on either). > > -- > Wes Hardaker > USC/ISI ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [DNSOP] Mohamed Boucadair's Discuss on draft-ietf… Mohamed Boucadair via Datatracker
- [DNSOP] Re: Mohamed Boucadair's Discuss on draft-… Wes Hardaker
- [DNSOP] Re: [Ext] Re: Mohamed Boucadair's Discuss… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Mohamed Boucadair's Discuss… mohamed.boucadair
- [DNSOP] Re: Mohamed Boucadair's Discuss on draft-… mohamed.boucadair