IETF Logo Mail Archive

Re: [DNSOP] Terry Manderson's Discuss on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with DISCUSS and COMMENT)

Terry Manderson <terry.manderson@icann.org> Wed, 13 July 2016 05:28 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2300712D094; Tue, 12 Jul 2016 22:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.488
X-Spam-Level:
X-Spam-Status: No, score=-5.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cr9l8ZxmdDVe; Tue, 12 Jul 2016 22:28:49 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08BD312DA56; Tue, 12 Jul 2016 22:28:49 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 12 Jul 2016 22:28:46 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Tue, 12 Jul 2016 22:28:46 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: Wes Hardaker <wjhns1@hardakers.net>
Thread-Topic: Terry Manderson's Discuss on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with DISCUSS and COMMENT)
Thread-Index: AQHR2XP8Q4RgDG8bmEulU4MXItDPo6AW+OwA
Date: Wed, 13 Jul 2016 05:28:46 +0000
Message-ID: <D3AC09DC.95840%terry.manderson@icann.org>
References: <20160706042557.22326.91200.idtracker@ietfa.amsl.com> <0ly45bsn4e.fsf@wjh.hardakers.net>
In-Reply-To: <0ly45bsn4e.fsf@wjh.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [103.224.167.138]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3551268524_1643603"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SEtHmEnoB8tfMusZFOPoIYQAi3k>
Cc: "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "draft-ietf-dnsop-dnssec-roadblock-avoidance@ietf.org" <draft-ietf-dnsop-dnssec-roadblock-avoidance@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [DNSOP] Terry Manderson's Discuss on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2016 05:28:51 -0000

Hi Wes,

Thanks for responding.

I'll trim to only the the remaining items needing a response, and express
my appreciation at the clarified items.

On 9/07/2016, 9:53 AM, "iesg on behalf of Wes Hardaker"
<iesg-bounces@ietf.org on behalf of wjhns1@hardakers.net> wrote:

>"Terry Manderson" <terry.manderson@icann.org> writes:
>
>
>> s1.2 is https://github.com/ogud/DNSSEC_ALG_Check going to be a fully
>> stable URL?
>
>Per discussion in another thread: probably.  Olafur certainly won't
>delete it as the owner, and I doubt github will die anytime soon.
>
>The only other choice is to remove the helpful reference.

Thanks.

>
>I've changed it to "validating resolver daemon" instead.  Make more sense?

It does.


>
>> s3.1.1, please use the example domain for such examples, ie example.com,
>> and once you have used it do you really need to repeat it for each
>> 'existing' text until you get to the non-existent tests and so on up to
>> 3.1.14.
>
>Well, here's the deal: example.com won't work and the domain in question
>actually does work.  Some of them can probably be replaced with the root
>server, but many others require somewhat specialized tests pointing to a
>special domain.  That one is known to be the only one that likely will
>work for some tests at this point.  The question is, what to do about
>that?  Can we list a known one?  Must we list a useless one instead?
>Should we pre-declare the problem?  I've been waiting for this to come
>up :-)

Personally, my advice would be to pre-decalre the issue, and why it's an
issue and why some special domain is needed and describe the semantics of
the FQDNs needed for the appropriate tests (including an appendix zone
file?), and then use example.com as the label which needs to be
substituted by the person constructing the tests/zone. The benefit here is
that some folks might like to replicate such a construct in their own
infrastructure, and this document might give them that guidance.

Does that make sense?

Thanks
Terry

v2.23.0 | Report a Bug | By Email