Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.txt
Francis Dupont <Francis.Dupont@fdupont.fr> Tue, 26 February 2019 09:35 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9379F130EAE for <dnsop@ietfa.amsl.com>; Tue, 26 Feb 2019 01:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkLBRRk5a7i8 for <dnsop@ietfa.amsl.com>; Tue, 26 Feb 2019 01:35:32 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4481130EA9 for <dnsop@ietf.org>; Tue, 26 Feb 2019 01:35:31 -0800 (PST)
Received: from givry.fdupont.fr (localhost [IPv6:::1]) by givry.fdupont.fr (8.14.7/8.14.7) with ESMTP id x1Q8sa79074112; Tue, 26 Feb 2019 09:54:36 +0100 (CET) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201902260854.x1Q8sa79074112@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Mukund Sivaraman <muks@mukund.org>
cc: dnsop@ietf.org
In-reply-to: Your message of Mon, 19 Nov 2018 19:15:34 +0530. <20181119134534.GA1450@jurassic>
Date: Tue, 26 Feb 2019 09:54:36 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Rj8ArPjsbd_uRkvCB827_2jN1MA>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 09:35:34 -0000
In your previous mail you wrote: > Two points that I request this WG to discuss are: > > 1. Sparsely TSIG signed TCP continuation messages (section 6.4 in draft) => I'd like to do this but it is not possible to change requirements for existing implementations so easily. I added a SHOULD for signing all messages so on the long term they should disapear.,, > 2. Truncated MACs => first they are optional so not required to be implemented/supported. Second I'd like to get the opinion from a cryptographer because I heard that truncated HMACs have some security benefits. Last of course they make messages shorter so have a clear operational advantage. Now I do not know if they are heavily used. If they are not we can consider to add a NOT RECOMMENDED for their implementation/support even it is not really in the scope of the document. Thanks Francis.Dupont@fdupont.fr
- [DNSOP] I-D Action: draft-ietf-dnsop-rfc2845bis-0… internet-drafts
- [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Ray Bellis
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mark Andrews
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Francis Dupont