Re: [DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-bootstrap-validator-00.txt
tjw ietf <tjw.ietf@gmail.com> Mon, 19 March 2018 15:31 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03EED12D777 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 08:31:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxF9RuVtymfb for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 08:31:12 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C69C3129C6B for <dnsop@ietf.org>; Mon, 19 Mar 2018 08:31:11 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id h21so15932488wmd.1 for <dnsop@ietf.org>; Mon, 19 Mar 2018 08:31:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VpfGRaq9kW8NHFTFMGhzyMh7pp13reMwtoriKi5b0bM=; b=uZZKY7x/PRyMv0094UILORfwpktuX7l4cR1L0J+yJcpjnryTLrhdwX2HijWC3ppXhr B9mR8E6F7wMWov/4nZew48DRQ3TQBQAIhVy2oMu7gqzkpMXxdKR+D+awEDoytRMjk5/R 25K82ntcwQr7jhVP5JEV5HgeD/PEijEp+t4iZ5LBGfs+9/wBXIkNMoYNN52Q6ZdRveQ5 NLiXnpZK5n4LQbGWY2Arf5OuDlplzKyaS3GpIpJQZlatlrWwkQ+whQp8NJTt25FFmUL8 OJejTNZftXqyFtWNRwPr1rWYfauo8gSNjGB8Mae3QPJBnXE12E+gXI1RzsVVi+NwCVqF 7HKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VpfGRaq9kW8NHFTFMGhzyMh7pp13reMwtoriKi5b0bM=; b=MMOEVAMhvEbUh7WpuK3j1JewlNxEBBVxN7NMwki/327LBOLVk0Znt3BKxoYl7bNGhy uFUl6/boreL95zamhxG3QOBxgqs+eoFSp9A8kaHkdPUkGwCgFadCh1LzYFCPUCx8srI+ dXwe1HVkOB767yZOODMl6xz+w0kaLcAxT605nDpRoSZBp/oKzhIEu+yDIQjvrvbNKgSe H6XGjUFlCZLLnNJHmugAS95b8Inxw5fGPVAKtkxxGQ1gb1ghyrm5V0p10si97OR981SB 8pzVqPxsgPQ+dPPD7uRgxZTAdIYENDrbqPEP7X0d/Fk5q3YMMl4KJfEL+mVKCd/CO9jG RHrw==
X-Gm-Message-State: AElRT7ErLLfb5mDeNS27WpnuKSvSmATwcmN/YAAZcRMnmzrKiGLCHVAa R2YSrsANLTkK9tx2wGqJFLpdNa3UTi6RK4psefHQtQ==
X-Google-Smtp-Source: AG47ELu5BeNGerqCs+JG73uKWDbyN1DB3OtRIM7zqsVQxcCKItbZy6pbpLmMmejm7UniXpPMiPVObCLepOv57CBYa1o=
X-Received: by 10.28.181.83 with SMTP id e80mr8201732wmf.147.1521473470364; Mon, 19 Mar 2018 08:31:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.154.52 with HTTP; Mon, 19 Mar 2018 08:31:09 -0700 (PDT)
In-Reply-To: <B47F59A1-10B0-46AC-90D1-7C5EF4E4688F@hopcount.ca>
References: <152147159373.24266.10589533262224690425.idtracker@ietfa.amsl.com> <B47F59A1-10B0-46AC-90D1-7C5EF4E4688F@hopcount.ca>
From: tjw ietf <tjw.ietf@gmail.com>
Date: Mon, 19 Mar 2018 15:31:09 +0000
Message-ID: <CADyWQ+GM0JrL=ztGWhsR+j8d0AJSBVFMfhGY-jhuqVU4U20NHw@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="001a1148e3d8bc83900567c5a580"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/U5x1l1o7V_baL6mZ5ykMXaAqkxg>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-bootstrap-validator-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 15:31:23 -0000
I will say that I tolerate Joe's hand waving, I can't speak for my co-chair. On Mon, Mar 19, 2018 at 3:14 PM, Joe Abley <jabley@hopcount.ca> wrote: > Hi all, > > This draft from 2011 emerged blinking into the sunlight from the grave > where it expired, growling something about KSK rollovers and brains. Dave > and I promptly wrestled it to the ground and locked it in the datatracker > where we can safely poke sticks at it through the reinforced metal bars. > > The original draft contained this prescient language: > > The possibility remains, however, that [RFC5011] signalling will not > be available to a validator: e.g. certain classes of emergency KSK > rollover may require a compromised KSK to be discarded more quickly > than [RFC5011] specifies, or a validator might be off-line over the > whole key-roll event. > > This document provides guidance on how DNSSEC Validators might > determine an appropriate set of trust anchors to use at start-up, or > when other mechanisms intended to allow key rollover to be tolerated > gracefully are not available. > > Dave and I imagine this kind of thinking might be relevant and timely. Tim > and Suz have kindly tolerated my increasingly frantic handwaving on this > subject and have offered me some minutes in the dnsop meeting tomorrow, > where I intend to suggest that a specification along these lines is > necessary and that the working group should take this on. > > > Joe > > Begin forwarded message: > > *From: *internet-drafts@ietf.org > *Subject: **New Version Notification for > draft-jabley-dnsop-bootstrap-validator-00.txt* > *Date: *19 March 2018 at 14:59:53 GMT > *To: *"Joe Abley" <jabley@afilias.info>, "Dave Knight" < > dave.knight@team.neustar> > > > A new version of I-D, draft-jabley-dnsop-bootstrap-validator-00.txt > has been successfully submitted by Joe Abley and posted to the > IETF repository. > > Name: draft-jabley-dnsop-bootstrap-validator > Revision: 00 > Title: Establishing an Appropriate Root Zone DNSSEC Trust Anchor at > Startup > Document date: 2018-03-19 > Group: Individual Submission > Pages: 9 > URL: https://www.ietf.org/internet-drafts/draft- > jabley-dnsop-bootstrap-validator-00.txt > Status: https://datatracker.ietf.org/doc/draft-jabley- > dnsop-bootstrap-validator/ > Htmlized: https://tools.ietf.org/html/draft-jabley-dnsop- > bootstrap-validator-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft- > jabley-dnsop-bootstrap-validator > > > Abstract: > Domain Name System Security Extensions (DNSSEC) allow cryptographic > signatures to be used to validate responses received from the Domain > Name System (DNS). A DNS client which validates such signatures is > known as a validator. > > The choice of appropriate root zone trust anchor for a validator is > expected to vary over time as the corresponding cryptographic keys > used in DNSSEC are changed. > > This document provides guidance on how validators might determine an > appropriate trust anchor for the root zone to use at start-up, or > when other mechanisms intended to allow key rollover to be tolerated > gracefully are not available. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
- [DNSOP] Fwd: New Version Notification for draft-j… Joe Abley
- Re: [DNSOP] Fwd: New Version Notification for dra… tjw ietf
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthew Pounsett