Return-Path: X-Original-To: dnsop@mail2.ietf.org Delivered-To: dnsop@mail2.ietf.org Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C6CF628C601A; Thu, 15 May 2025 00:52:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at ietf.org X-Spam-Flag: NO X-Spam-Score: -2.794 X-Spam-Level: X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-mxtYa7zShl; Thu, 15 May 2025 00:52:06 -0700 (PDT) Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.123]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 11A1928C6008; Thu, 15 May 2025 00:52:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1747295526; x=1778831526; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:content-transfer-encoding:from; bh=5MfqkVp5ZY3oLizIxX26g6D2v3eQ8nTaFjN8OLz/284=; b=EV/WNc6QwIdn0ZbqbSlS6/j1DdNlmLmwMZRnd6BsOrTHNdjtcFPO9txt JLXjZfXtL0/Gnf6+SMDg/Yul+bDnNdgQttVr9cqVmgUMGdk4qeEz9ZX7G duln/wGzciU+/sRmh0jI+aeL34NuuNlpYpC//LDbFj+fekZnzmT5cZJv5 HSMPU9S6NP+VTCWyU4zRNcZiACebKwtN9lAvwAR10be0yt1KLHvvq9M2m Z7zw6Z8BvLUyfZPePr9t1O99d1OnHZizWuiTgEYxQHiUu2R7SR79864IW P/9D848h9wj/qzVCFtM9R9UxIs7sO8uRS9FD3tAhFODJVsXb0EHicUMca w==; X-CSE-ConnectionGUID: jQoQugG5TgG2AfWlZ9AqHA== X-CSE-MsgGUID: 2jT9Ea/5SgaMswOZgpVsIQ== Received: from unknown (HELO opfedv1rlp0d.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:04 +0200 Received: from unknown (HELO opzinddimail3.si.francetelecom.fr) ([x.x.x.x]) by opfedv1rlp0d.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:05 +0200 Received: from opzinddimail3.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id B262A5203B7D; Thu, 15 May 2025 09:52:04 +0200 (CEST) Received: from opzinddimail3.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id 81CF85203B51; Thu, 15 May 2025 09:52:04 +0200 (CEST) Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail3.si.francetelecom.fr (Postfix) with ESMTPS; Thu, 15 May 2025 09:52:04 +0200 (CEST) Received: from mail-francecentralazlp17011026.outbound.protection.outlook.com (HELO PAUP264CU001.outbound.protection.outlook.com) ([40.93.76.26]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2025 09:52:04 +0200 Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM (2603:10a6:508:1::231) by PR0P264MB1531.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:16c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8722.32; Thu, 15 May 2025 07:52:03 +0000 Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233]) by MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233%6]) with mapi id 15.20.8722.027; Thu, 15 May 2025 07:52:03 +0000 From: mohamed.boucadair@orange.com X-CSE-ConnectionGUID: KsRxELrpRBqWUb0eE5hiMw== X-CSE-MsgGUID: UXeUkYCiSYehzneU3CqX3Q== X-TM-AS-ERS: 10.218.35.128-127.5.254.253 X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ== X-DDEI-TLS-USAGE: Used X-CSE-ConnectionGUID: Y+qeKmOfQIa6bhx7tpH9qA== X-CSE-MsgGUID: HrdaKCxESFy2tJq/iGGqrA== Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none IronPort-Data: A9a23:/rGF9Kry+kaW5L4d1pbSpPk/PIxeBmJnYhIvgKrLsJaIsI4StFCzt garIBmFM/aNZjfzKtpxbN+/pBhQuJCAnNBgGVZlpClmQS9G8pacVYWSI3mrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliOfQAOC6ULWYUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tqaT/f3YDdJ4BYqdDtJg06/gEk35qmq5WpF5gVWic1j5zcyqVFEVfrzGonhdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6ZvXAdJHAathZ5dlqPgqo DlFncTYpQ7EpcQgksxFO/VTO3kW0aGrZNYrLFDn2fF/wXEqfFPdgOxjL0QRM7Q587h9AXER6 eQ4eSkkO0Xra+KemNpXS8FUr/kbdpe3F75H4igmyizFB/E7R5yFW7/N+dJTwDY3gIZJAOraY M0aLzFoaXwsYTUTYhFGU9RhwqHy2BETcBUAwL6Rja8w42HWwQA32r/wO9PZc92QbcJPl0CXq yTN+GGR7hQyZIbBlWHfry/EaunnvTn3UaE5BJCD2O8wnH+KgW08JwQMfA7uyRW+ohXlAY4AQ 6AOwQIxr6g07xWDTtDnUxS7rWSf+BgRR7J4Feog5RmJ24LV7hqXQG8eQVZpadE9u+c3SCAkk FiTkLvBCSZmvqHQSH+B+PKYqyi1IW0QMHQeICkDUU4e49C6iIA+khyJScxseIa5iMbyAXT7w zmLtjMWhrgPg4gMzarT1VzBmDW0jpnEUgBz4R/YNkq57Bw/ZYO5aaSn7FHa6bBLK4Pxc7Wal H0Nmszb4voHC5qAnyGLXP8EGLi74+7cb2WF2AY1Qd8m6iin/GOlccZI+jZiKUx1M8ECPzj0f EvUvgAX75hWVJe3UUNpS7PyEskJyI/uLPXsCPrUfoVSerggbSbSqUmCenWs92zqlUEtl4Q2N pGabdugAB4m5UJPnGveqwA1ge5D+8wu+V4/U6wX2DyJ69KjiJO9TL4ENB6AdOk/566PrQPJ6 d9bPtmO00wACLSnOnOJt4kOMVoNMH43Q4jsrNBaffKCJQwgH3w9D/jWwvUqfIkNc0VpegXgo C3VtqxwkQCXaZj7xeOiNiALhFTHAcYXkJ7DFXZwVWtEIlB6CWpV0I8RdoEsYZ4s//F5wPh/Q pEtIprcXa4TFWmao2hDMPERSbCOkjz63Wpi2AL0OFACk2JIGVyVqrcIgyOzqnZTVnbp6aPSX ZX5i1qEGsJbL+idMComQKn0lQ/u1ZTssOdzVFHPOd5dZA3n95JyQxEdfddmS/zg3S7rn2PAv y7PWE9wjbCU/+cdroOV7Yja9N3BO7UlQSJn85zzseze2d/yojD7mdcovSfhVWy1aV4YD434P b8Ml6unaqNc9LuI2qIle4tWIWsFz4OHj9dnIs5MRR0ns3zD5mtcH0S7 IronPort-HdrOrdr: A9a23:qcq7jKPUwJW/n8BcT0D155DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8Ar4WBkb+exoS5PwOk80kqQFqrX5XI3SFDUO11HYSL2KgbGN/9SkIVyGygc/79 YrT0EdMqyWMbESt6+TjGaF+pQbsb+6GcuT9ITjJgJWPGRXgtZbnmVE42igc3FedU1jP94UBZ Cc7s1Iq36LYnIMdPm2AXEDQqzqu8DLvIiOW29LOzcXrC21yR+44r/zFBaVmj0EVSlU/Lsk+W /Z1yTk+6SYte2hwBO07R6d030Woqqu9jJwPr3NtiEnEESutu9uXvUiZ1S2hkF1nAho0idurD CDmWZlAy050QKqQoj8m2qR5+Cn6kdi15aq8y7mvZPuzPaJOA4SGo5Pg5lUfQDe7FdltNZg0L hT12bcrJZPCwjc9R6NkOQgeisa43Zcm0BS5dI7njhaS88TebVRpYsQ8AdcF4oBBjvz7MQiHP N1BM/R6f5KeRfCBkqp91VH0ZipRDA+Dx2GSk8Ntoic1CVXhmlwyw8dyNYElnkN+ZohQ91P5v jCMK5viLZSJ/VmG55VFaMEW4+6G2bNSRXDPCabJknmDrgOPzbXp5v+8NwOlZOXkVwzvegPcb j6ISNlXDQJCjzT4OW1rex2ziw= X-Talos-CUID: 9a23:NuY3EmxhYnMDlwqv5ELmBgUlWdkoUXj6wk7xKhGyCXY2VKW1GEa5rfY= X-Talos-MUID: 9a23:Vq3LBgu3+HnsJxoY9M2npCtuPeRD84mVJlFXjbcf/MirGjVqEmLI X-IronPort-AV: E=Sophos;i="6.15,290,1739833200"; d="scan'208";a="82643255" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Bs+BcdqD+WQJhAd0QOxtJFib3PKdt1zQM6kwgw/1qrKZziCHmyWVQbFyyqWdwx7+RbSI/QovIKJ+p2ryZ5xqMgBOpA93i44ZcqbrlXEPy1ugDagJJKFU4y+WElTsxzyEDRsy071GNIO5HPFo2i33Nz7DWsytlbsBrSFO620NcmSnvIZwc6KW6KVebccPNPMe7aQhg+N1omBNRu8daLbsGuNGhiS46cMxKQlhFuit1bIkc35TXlv3P2oNpIvjwCrQrT1ygjh4AsGEdYYBtj8icHZqiK7EQO/e8fWT0a1gmcbvdXtwWBFVWcXbyuR0/arNj4ZKn5czSdYXAcQfnw8OLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HBAivdzIatHI1MhDsUGTd9Ts6MzaDbb8ul+VHvZpkpY=; b=USklKGqxN9QTnJbJtULHbwrCHoOPkrb+0tDodzlIb6wivXX5MiDKhKQw97ia7sNa/aOfczjLow+pbgxIZe/FVvZ4GnP7X/coStIzLfu/dxMkigf4O2TdeuSOR+GjzzjXKUfLOxTThVxUfg4CAJJH1jHSM9XfGIwWs3hRKhIaz/ZlGQ7ZYeulpRV0ZDv/o1Y2d770QdzHuV3bKKuYDKN0PDwB+LJJAFlYcjS+Uj768D9g01/GkHKuNaPCzIYrcHQiyeVBEFl6bubJr+ZR14y7AbDAOHxnCTp85z9QKZcE+kyp+pCZG0EYhhMLFm/oZ7ArFJSVzcptvsmyJXzvF/7WHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none To: Wes Hardaker , Mohamed Boucadair via Datatracker Thread-Topic: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must-not-sha1-06: (with DISCUSS and COMMENT) Thread-Index: AQHbswuIXyTDUpUiVEe/EpuAK3XrF7PTcZSg Date: Thu, 15 May 2025 07:52:03 +0000 Message-ID: References: <174453560483.1099397.15288329283858358772@dt-datatracker-64c5c9b5f9-hz6qg> In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=7a819299-7af8-4624-9d06-6b1c5506cbf7;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2025-05-15T07:40:53Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MR1PPF6395AA9E6:EE_|PR0P264MB1531:EE_ x-ms-office365-filtering-correlation-id: 75e2a277-5279-4c8b-75bc-08dd93856165 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?Q?4CYyWViqi9eLgj+7iD7xD5wKbJCg5HSkzPunX87G8ITK6nJYky5Q0pxSM2?= =?iso-8859-1?Q?0FWAkwTUbEwDiFiitxOsBtSpoqHdtKKG+wQcdqZX7sW4jILqMCPxgbQdtR?= =?iso-8859-1?Q?a8qiUwnWfcP7kt5seqTlT4NfoxxzudxxIOVEFiQVqQeM+aWQB+G0AF/Z3F?= =?iso-8859-1?Q?rWDHIAJtcddTFYyDUZ0FpfB+6WiNyRFGO125UJhWaqPw2Qitxz47CDMBbD?= =?iso-8859-1?Q?FpuI1cgoYBDEq1uqGxxKw2wSyThF4vzatnSOA1tSXp1gX5P80Hhb4vQRPm?= =?iso-8859-1?Q?tvhNFHjEx7Rdx22GijifnfIajmfPZT3Lfu+pLDzLWXva9qOC+vSLG+O1v6?= =?iso-8859-1?Q?DE+PeEoeEw4Om/vmoSLJ4jlS+tawowj0x2HvimYJ/p8wdSU7vJEOtfRTui?= =?iso-8859-1?Q?4pDILHEn0DxolYSw5HhasfXDIE11FBWlZ92fLp2VGkiudypsp2BrQGQ//V?= =?iso-8859-1?Q?j6GvL1mmmHhtbSWBUt/+Vw/9uY/XNoZhlC+EthcWkOY9t9y6ffCy3cEk3K?= =?iso-8859-1?Q?YgQOF7jFKEY1GA2z/gKlsuLGXCu3HJhFWtYppjlyrP/08K+bXjS/lJRERh?= =?iso-8859-1?Q?5QaxtgRik+6/3Htf/Ss+P7m68GiGkQCRXygfXchL1UBJCH+063Qcjvw/Oc?= =?iso-8859-1?Q?OytcUeREAQLc4W+WEABBrlhVgtwR3OXt56wAIbgCnISo/cOUUQu78EAm4J?= =?iso-8859-1?Q?2pVGLGOtRwBjEfq6Eh+mshnbAU9wuLKWfkpk9D6diy+JSNGT73xMdrbbM2?= =?iso-8859-1?Q?hBmWWJIWhx62Qxab3xg+Gx0cWZ+j/HpUyaAHUsiHeAE8Bn8huv5B9+DMyL?= =?iso-8859-1?Q?WFaO1Wi4anS2mDhgHQ3HSKsjLkRmSv2kGs24MeODjQ5IQuWR5P9Avpx7+j?= =?iso-8859-1?Q?ErEWaFHOYAbCdhK0hexLjsDen8d7ItVVzeYdPQWe86SA7hmEtGW6C9d0XA?= =?iso-8859-1?Q?VL8la8DqvLi5HSPZznmCtRysPwz/mQptZGdTbUN1w3pR9Jp2YluhCIC2Ei?= =?iso-8859-1?Q?PKq9LO0JfxJTJ/r2lAsfayfOm4jvYfrHug2U0LbAQxqk95B5ZFOs+RClIe?= =?iso-8859-1?Q?kXb4R/1OBNhaG2dDikun01b7dBnGdaefhqXkxeyViU+nV437rKHp7QEgAB?= =?iso-8859-1?Q?ZubGiedH+1AUIKpP3Lo5NWp6AiEIlbafew4CGAsgFO+LuOmub5NHmXEWH1?= =?iso-8859-1?Q?widPLGRDcN6BIKLhxEDHMEeVO7fWXHWzFVOu1ZIvxPEGexmdWGvii/BOJp?= =?iso-8859-1?Q?xBxQZhMWC66+YGzQZoRCGEIgVqLG4lMfgUZnfFQofI9lY7Y/LPyjKN0hsO?= =?iso-8859-1?Q?emWzYA6GqJOhq8F6ww89oceyms3+CRL3MONW1HPuuJRalhlVxkjpNdtnLa?= =?iso-8859-1?Q?cT/KPTlUEozE/XqMRu/TKXhxR4TGSpDJ3hO953e9RUrtEBX1m4FaSYjLCe?= =?iso-8859-1?Q?Paa6ffRzg4c2SkqBdI7O6fD+4/gxMkywMyU1ImzYN9PQGMoPKr42dqb7oy?= =?iso-8859-1?Q?Vj0dLEeTwNtM80/qsbEvBH+OrkWM/nFO9v2phHhbVblS6SEsej7g8hBh86?= =?iso-8859-1?Q?a9VrZYA=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?Yp9DK8zt6o/EsGqQRjn18zq7Po+JG1wVc4YitxgTBWCcR18nbPTW7D96PG?= =?iso-8859-1?Q?lJUtfKtP2JVdO/am3cURyEAStpxrWGl8iumkwaSqbvWz2Q8BOwxau9oT+t?= =?iso-8859-1?Q?PQ3LLyH3xOd0Q5uzb9LeyQk1t2jIY2W9SpjLgHTC+rFDx0rolJ3ICKJs5Q?= =?iso-8859-1?Q?ArpnddmeNJ9XdATIr6riJ3SeAJhX4892MTCT2eZURKvFkMQYBvloD8JPEY?= =?iso-8859-1?Q?ZsoNp/2t0MNXH52m9A4VcSmNNK/9M9nX2o3eLpAzpTjAUXeMwJwSNnWTIy?= =?iso-8859-1?Q?T3+MSSIhcq/WupmCnG1pOKImEeGl21nM2F1I19vR6qDIjB83varvDsHNed?= =?iso-8859-1?Q?J6mQfY9C9DszuOP7cw3Zix0+gy5XrSH4k7l+xbhJlRzie5K32zYZ+qGPRO?= =?iso-8859-1?Q?jIqNJJfZokbQ14M8GHOz25fk37rltQsHcLkPfQEXueezdDPcQ1ru1dfhGm?= =?iso-8859-1?Q?pbrCE7oeR2PdS3COYQ12ab2J1lSEzEg97pWPS0BiAPNwS86ht70zut55XU?= =?iso-8859-1?Q?/k3tD4nb2QT8zrHAsICGweXv7Jyb7nhoOxIsiC0Fbm3faCwtkW24pjOh7K?= =?iso-8859-1?Q?qvhZw5/P4QElpQ/alnbyP9vxJWW5Zz1+PFA9mwo66q+zUXw4Lp1zvQiEw9?= =?iso-8859-1?Q?a8S69IhX114dl7jTrIHtWGVuFl+RHQmdUaGn/MjyI1sksggCIXgD3Oe7LN?= =?iso-8859-1?Q?598JBe2cfMfsRuDkncQeuh29HPVSroJDbIspthDWfPajD/pipldkMnq+M6?= =?iso-8859-1?Q?1O5kIYKFem6h1hQnUAv+g0ddNP69+X3pN1nYPrLN/RhCLqcJuNwBsJSGlG?= =?iso-8859-1?Q?15RHMUhj6gBxvN8O7x1t/RqXU7BgE7QsP2me7Ht5yu3L4u6ndYxg8hry7+?= =?iso-8859-1?Q?zPJdNqz4JEyS+hrq0zXJGmbPrH+3mAYtB5cr1bZNWiV8G6AzEP5V483DN8?= =?iso-8859-1?Q?Rj6mV1yeQP90iMYE56K28bDJ0t9wSzola6gmrQhoEvIGZVE8QxZUd8TJmp?= =?iso-8859-1?Q?ahr18/Ps9eW4gshEDIwuzIKt0c7A2HX/srON14PDBvM7m9MFTrbiELceb2?= =?iso-8859-1?Q?13IKHfx7dbgjtULq6yb9AT9ws04hsoXt+s4KEqGdWCMP2qSju4wsNJJLly?= =?iso-8859-1?Q?EczPiPkB2h578TbPNgEx1NCLGVhAeJIJywGYZf0iUUPD+AHZOIVF5IslMz?= =?iso-8859-1?Q?Fj3m4CesBk0nPVGvRWAZyZgn6mHb9GxSN0jXQbuJOFBTEHzM0RdTEdIvEK?= =?iso-8859-1?Q?6HnWAX6ZD9G/VFFdYFQYKZT4ChRznwvbymVVi/Y8qwELuJUFchhk2ZHr4P?= =?iso-8859-1?Q?VY1JLT0tMbX5SN6oFjxB9qkl4m4VEBQokCJpdWFqZXHfB7rhPTBHKgNcMG?= =?iso-8859-1?Q?FUS7AuQ6V2aQwDogKtEl6piv9MAqZd5DVdjvm8raO7QdEpv8aoQoUlGDZo?= =?iso-8859-1?Q?wNlJ3ajcIw6vuWT6RtXGsjxnaxltE3evTQCL/EOsnJUQeFdkHhlmshYS5W?= =?iso-8859-1?Q?7C53eKaVcM/cYO2CoeujOEjmJiZBAPAXyH3hLVuJaANoa1no9I5sn5fxp/?= =?iso-8859-1?Q?ed4aP3JLoyY4fl4srYBT3TWTz4IQ65aJDY7EX55cmEIM1Pn+xkltCtV8Wf?= =?iso-8859-1?Q?GvNHvNlh3bBAI1z/J7lPkeYDjTJCGuMWSJ7t5nxYS9pC0gMRRGZzfx5g?= =?iso-8859-1?Q?=3D=3D?= Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-OriginatorOrg: orange.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 75e2a277-5279-4c8b-75bc-08dd93856165 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2025 07:52:03.0353 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xebqqwncc1u5GBiDJxJlLBQYllGYRWcF0YvLMViRQZPxCxUfv3iI38xn7Kwo7pEMswXesL1UywCyeVVJISw6NToFX3CuE9Ki41aD6EGA3Oo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB1531 X-TM-AS-ERS: 10.218.35.128-127.5.254.253 X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ== X-TMASE-Version: DDEI-5.1-9.1.1004-29184.002 X-TMASE-Result: 10--48.328300-10.000000 X-TMASE-MatchedRID: Ayxnw/ZptIJYxPZZEiQc82Iebjj13eKW/cdhqO7KmN/cAmu1xqeethz8 TwDJiHPoJkpEgWlcD4FiuSbA21uih+TfPHhZVG8jg2tbutXuhCLx5KZMlKYS/cJWkMZBXP7DYzE 4rllPfcvkYBDLwsbmZ9VINlb0YWiV2C9S6mveVQWHNh7ClpY+EvknCf5Y5jPYaXmdXF2Ym8f194 DOtjj3niGfzI53p1sjEB3SpBj+HjONMkq6FfSn6kiaUFcOFAgUTPsVRSNcbWNX9HWCFp+ydwLo7 7dSjupL+03a+MQ8RE1X2LioA1StKImQ9db+Hoo+8f+64gLLEwIRyVsAxhhjrGS7laq3TMtk4Ju5 UjuFVsvvjhgeV9O8lKNhH88Sq/60WpzFcbgaiMKGsPek1xLHVhmiTJb38WReufh9X6Nby0cI92W 2CovSu87OWL6kAf3HttXP6wS/PND+RttnTtIPdLketMx0T38U3J386TUJ4bwU1xbljbMa+VFYyN 9BB7FnB0/TGBWAJ9SeSFZtQD4nEcV7aFLwD4J76xf0sB8b4azece0aRiX9WtSgyJTgyLvljSdnJ C0YNlElH+WmUjm+IINe0aIUafCpNsx6FHS5riIHDvjr7OxGkPSG/+sPtZVkqqAda2WWSit0Tsch 72XSbJ7BEeKXZ2+CkPI1/ZdqoS2bQnymSsmTzOfLe+209cGmjpdeX2ZEvrI8sjnqBWTPkv/uIR5 4p90yxNd3Rd9Wo65YP+FWmGyrS0fvagMkM/fK7c0is1Jg1FdDRebSlZYuStS/V4cIJyM4LaKzyz WK8GQ0FECUTORGX4RSY2Qc0faggF/gZnNr7fDyIohFuDqYop4CIKY/Hg3AY2fxc+IAshtfysTmY Htv9sdwGuKIm8sZ/wnffsU7xJLEQdG7H66TyKsQd9qPXhnJ/4rWvpj9UcgD/dHyT/Xh7Q== X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0 X-TMASE-INERTIA: 0-0;;;; X-TMASE-XGENCLOUD: 6988432d-fad3-47f2-98c8-65cacb368bcd-0-0-200-0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: D4NYBOQ7CRYPAWQVEYOMNOT3DSHF5R2S X-Message-ID-Hash: D4NYBOQ7CRYPAWQVEYOMNOT3DSHF5R2S X-MailFrom: mohamed.boucadair@orange.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: The IESG , "draft-ietf-dnsop-must-not-sha1@ietf.org" , "dnsop-chairs@ietf.org" , "dnsop@ietf.org" , "tjw.ietf@gmail.com" X-Mailman-Version: 3.3.9rc6 Precedence: list Subject: =?utf-8?q?=5BDNSOP=5D_Re=3A_Mohamed_Boucadair=27s_Discuss_on_draft-ietf-dnso?= =?utf-8?q?p-must-not-sha1-06=3A_=28with_DISCUSS_and_COMMENT=29?= List-Id: IETF DNSOP WG mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Wes, = Thanks for the follow-up. Apologies for the delay to reply but I wanted to make first review mentione= d in your reply. I'm confident we will clear remaining points before the telechat. Please see inline. Cheers, Med > -----Message d'origine----- > De=A0: Wes Hardaker > Envoy=E9=A0: mardi 22 avril 2025 00:20 > =C0=A0: Mohamed Boucadair via Datatracker > Cc=A0: The IESG ; BOUCADAIR Mohamed INNOV/NET > ; draft-ietf-dnsop-must-not- > sha1@ietf.org; dnsop-chairs@ietf.org; dnsop@ietf.org; > tjw.ietf@gmail.com > Objet=A0: Re: Mohamed Boucadair's Discuss on draft-ietf-dnsop-must- > not-sha1-06: (with DISCUSS and COMMENT) > = > = > Mohamed Boucadair via Datatracker writes: > = > Hiya, > = > Responding to your points inline: > = > > # Process Check > > > > De we need to do anything given that some of the work we are > updating > > falls under pre-5378? > = > We don't think so. Specifically this document has no pre-existing > text that we're copying from, so don't believe that the pre-5378 > stuff applies. This document is entirely written from scratch as > new. [Med] Thanks for confirming. > = > > # Authoritative source for recommended DNSSEC Algos > > > > I was naively expecting that we have a document where we say that > the > > authoritative reference for recommended values is the IANA > registry, > > not individual RFCs? > > > > Do we have such document? If so, the explicit updates in the > draft may > > not be required. > = > The IANA registry table is the table we are trying to update which > holds the registry values that indicates the standards level. You > may want to review our companion document [1] that progressing at > the same time that moves all recommendations into the IANA table > because documenting the list only in an RFC turned out to be > problematic. This document > (must-not-sha1) thus sets the levels to match the recommendation > values for implementation and deployment. > = > [1]: > https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fd > atatracker.ietf.org%2Fdoc%2Fdraft-ietf-dnsop-rfc8624- > bis%2F&data=3D05%7C02%7Cmohamed.boucadair%40orange.com%7Cb42d87bdc7e5 > 4efd4d0908dd8122a7f5%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6 > 38808708050608236%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI > lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D > %7C0%7C%7C%7C&sdata=3DBHDICVxLE%2BnPdj0KnElSFPAGdou9UYxsIqc8FUKZoOQ%3 > D&reserved=3D0 [Med] Now that I reviewed [1], and given that the authoritative source will= be the IANA registry for now, I think that it is cleaner to remove the upd= ate thing but depend on the registry as set by [1]. > = > > # BCP237 Umbrella > > > > As a big fun of BCP237, I wonder whether we should make this more > > visible in our DNSSEC "roadmap" documentation and list this > document > > under the BCP237 umbrella? > = > So BCP237 currently only has one document within it (RFC9364). I > think if we added every future DNSSEC document to the BCP it would > likely get overwhelming. I would argue that whether or not and how > often we should update BCP237 is a good discussion for the WG as a > whole, but it's outside the scope of this particular document > (set). But that's very much IMHO. [Med] I consider this point closed. I like the concrete action taken by Pau= l. Thanks. > = > > ----------------------------------------------------------------- > ----- > > COMMENT: > > ----------------------------------------------------------------- > ----- > > > > # Expand DNS Public Key (DNSKEY) and resource record digital > signature > > (RRSIG) in the abstract and introduction. > = > Done. I'm not sure this is standard convention so we'll see if > there are others comments about this. > = [Med] Thanks > > # Introduction > > > > (1) Reword for better clarity > > > > s/The security of the SHA-1/The security protection provided by > the > > SHA-1 > = > Done [Med] Thanks = > = > > > > (2) Inappropriate citation > > > > CURRENT: "DNSSEC [RFC9364] originally [RFC3110].." > > > > I would not cite this specific RFC as this may imply that it is > RFC > > that =ABmade extensive=BB. > = > We could not quite understand what you wanted here, as both > references made sense to us. Are you saying the RFC9364 or RFC3110 > should be removed? [Med] the comment is about removing RFC9364 citation at this place. The fol= lowing text does not match with what RFC9364 syas. Better to avoid the conf= usion. Thanks. > = > > CURRENT: "Readers are encouraged to consider .." > > > > Not sure to parse the intent here? Do you mean implementers? > Operators? Both? > > Please reword accordingly. > = > Good point, changed to "operators". [Med] ACK > = > > (4) > > > > CURRENT: "has been removed from some systems" > > > > May cite an example > = > I think the references would all be external and likely changing, > thus we can't likely quote them directly. The one that has been > talked about the most is RedHat's OSes, but I don't think calling > them out in this document would be appropriate. [Med] Fair. Thanks > = > > # Section 2: > > > > (1) > > > > CURRENT: "Validating resolver implementations MUST .." > > > > Please add a reference to > > > https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fd > atatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9499%23section- > 10&data=3D05%7C02%7Cmohamed.boucadair%40orange.com%7Cb42d87bdc7e54efd > 4d0908dd8122a7f5%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C63880 > 8708050635059%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO > iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > %7C%7C%7C&sdata=3DQg0PJKGKnOZS2wClDroBGz%2B2hnHTcGgjFHl6pV5xTSc%3D&re > served=3D0. > = > done > = [Med] Thanks. > > (2) > > > > CURRENT: "more security strict environments.." > > > > Can we characterize this? Or provide an example? Thanks. > = > Not likely, as it's a highly subjective discussion that warrants an > RFC or academic or industry white paper in itself. The security > community will always disagree on the right level of hammer for the > right job. [Med] :-) > = > > # IANA Considerations > > > > CURRENT: "IANA is requested to set the "Use for DNSSEC Signing" > column ." > > > > There is no such column. I guess you meant "Zone Signing"? > = > This document is modifying the table as being modified by the > previously discussed companion document above [1]. That document > introduces the new columns that we're now changing. This document > is, essentially, the first test of that new process. [Med] ACK. > = > > You have many references that are listed but not sued (RFC4033, > > RFC4509, RFC5702, etc.). Please check these. > = > Done. [Med] Thanks. > = > > Also, there is a problem in how the references are classified. > For > > example, you list "RFC8174" as informative, while this should be > > normative. Likewise, "RFC3110" is listed as normative, while it > should be informative. > = > 8174 has been fixed (thanks) [Med] ACK > = > 3110 is the basis for what we're modifying as recommended, so IMHO > it should be normative (but is not a hill I'll die on either). > = > -- > Wes Hardaker > USC/ISI ___________________________________________________________________________= _________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you.