Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-17.txt

Warren Kumari <warren@kumari.net> Tue, 23 October 2018 07:42 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49267130EC8 for <dnsop@ietfa.amsl.com>; Tue, 23 Oct 2018 00:42:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62E1bT44aMAD for <dnsop@ietfa.amsl.com>; Tue, 23 Oct 2018 00:42:48 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44D15130EBC for <dnsop@ietf.org>; Tue, 23 Oct 2018 00:42:48 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id u1-v6so508428wrn.0 for <dnsop@ietf.org>; Tue, 23 Oct 2018 00:42:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UjR6AL9QK6EySs28+80Hp0IRgLZJz721mUqh7kXkevA=; b=TpKWVX40UOIhX3NtU76bUzUstuIObkmLw+V0ywii0w6zKvmgvYqikn1GgryHLeLiWe uJgJXrxMGi6Yw8Hv6+iWecLNvyg1oYv2TZtOVRG40ARUm92JPF7OEr4EjbSWyDO/oc2i 8w1k44Sanvv7B30DYOgPqAApkgjDvkieX6BfrlCPEeAF2ogOGxrqOePM54gcANjNKLp8 nFsTsCeKIadoIJ/uW2MOTkBfInVBP5Q68+VVAsseTVJ/cGv6zew46S4p69Xxlw4fRyJd pTT0iR4LvWkBUArzpHMDZSX/D3ubg4D9gwrGv7bLeFccc1qgYdWAWHC2tiSoak7YFybb B/Wg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UjR6AL9QK6EySs28+80Hp0IRgLZJz721mUqh7kXkevA=; b=pBho6wyVVS262nlLxEomy/g373Dezly3jpy4y/DAaMaFB1y6VMsDE2hDKhqkxbNwaF 6l65BnmqGspCJIxyCJrOPdiHL/JfS1aoZmGsTVKZB1bRQy20Ecl/KaMvTc0P/7kae9mp +orvO5i6MYAXlTf9kHOUlG9m1hj2/uLrSOdaujzstfP4cAYQr9OpojkKgoVmnuQH9nS+ RsX0zg62pUfX2bEPqATtDM4tcAgODswjJMKL8ciWrIdtZhb3zKvlO0sCuEdQYvZK4im9 sZIW7S0bguKFlfCab6zTteoVQSlMgumRlLJ+9ZL2lFLF6nvt44hv5I1RHd+JL1V4ZYPw P99g==
X-Gm-Message-State: AGRZ1gIngqVR5T/squ24COZpA8X/GMIP+Gv2NpX3t8de5TwmLC+AQ8RN at4blbo63BjYufpnPeJ02q65wLKRpiktga9DbER9TA==
X-Google-Smtp-Source: AJdET5cNmZ97W9vn3hdwIZ2cLsa56+Bk7ESDXCOeje6RBJ8ZRykbRbXH/pnmfUkcgD8rU40WDkdqba95AJzJUTBCxjg=
X-Received: by 2002:a5d:5142:: with SMTP id u2-v6mr4402042wrt.299.1540280566137; Tue, 23 Oct 2018 00:42:46 -0700 (PDT)
MIME-Version: 1.0
References: <154014987122.10796.1928707009591677582@ietfa.amsl.com> <CA+nkc8DG=FKrGAQO1XJeUbMFRw6nNnZtEt9cA+ir6BLJ3N707w@mail.gmail.com>
In-Reply-To: <CA+nkc8DG=FKrGAQO1XJeUbMFRw6nNnZtEt9cA+ir6BLJ3N707w@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 23 Oct 2018 09:42:06 +0200
Message-ID: <CAHw9_iKz87Z3wfvT2JYhmC23WgvMz86AJEN2ejfcK_WaRR9_yA@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ffdcbc0578e08333"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ScVzgoKddIGdECieHIM97MhOfsc>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-17.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2018 07:42:51 -0000

Thank you. I've updated in the editors copy.

W

On Mon, Oct 22, 2018 at 7:02 PM Bob Harold <rharolde@umich.edu>; wrote:

>
> On Sun, Oct 21, 2018 at 3:24 PM <internet-drafts@ietf.org>; wrote:
>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the Domain Name System Operations WG of the
>> IETF.
>>
>>         Title           : A Root Key Trust Anchor Sentinel for DNSSEC
>>         Authors         : Geoff Huston
>>                           Joao Silva Damas
>>                           Warren Kumari
>>         Filename        : draft-ietf-dnsop-kskroll-sentinel-17.txt
>>         Pages           : 23
>>         Date            : 2018-10-21
>>
>> Abstract:
>>    The DNS Security Extensions (DNSSEC) were developed to provide origin
>>    authentication and integrity protection for DNS data by using digital
>>    signatures.  These digital signatures can be verified by building a
>>    chain of trust starting from a trust anchor and proceeding down to a
>>    particular node in the DNS.  This document specifies a mechanism that
>>    will allow an end user and third parties to determine the trusted key
>>    state for the root key of the resolvers that handle that user's DNS
>>    queries.  Note that this method is only applicable for determining
>>    which keys are in the trust store for the root key.
>>
>>    [ This document is being collaborated on in Github at:
>>    https://github.com/APNIC-Labs/draft-kskroll-sentinel.  The most
>>    recent version of the document, open issues, etc should all be
>>    available here.  The authors (gratefully) accept pull requests.  RFC
>>    Editor, please remove text in square brackets before publication. ]
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/
>>
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17
>> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-17
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-17
>
>
>  2
> <https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17#section-2>;.
> Sentinel Mechanism in Resolvers
>
> As one example, underscore
>  prefixed names were rejected because some browsers and operating
>    systems would not fetch them because they domain names but not valid
>    hostnames (see [RFC7719] for these definitions).
>
> s/ they domain names / they are domain names /
>
> --
>
> Bob Harold
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf