IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-rfc6598-rfc6303-01

Mark Andrews <marka@isc.org> Thu, 14 August 2014 00:16 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA0C31A04B6 for <dnsop@ietfa.amsl.com>; Wed, 13 Aug 2014 17:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.569
X-Spam-Level:
X-Spam-Status: No, score=-7.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdaMnUZdSyeW for <dnsop@ietfa.amsl.com>; Wed, 13 Aug 2014 17:16:17 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68FB11A04AE for <dnsop@ietf.org>; Wed, 13 Aug 2014 17:16:17 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 621371FCAFF for <dnsop@ietf.org>; Thu, 14 Aug 2014 00:16:14 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id C9A0E160067 for <dnsop@ietf.org>; Thu, 14 Aug 2014 00:27:01 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 9E3EF160066 for <dnsop@ietf.org>; Thu, 14 Aug 2014 00:27:01 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 3124D1CC688D for <dnsop@ietf.org>; Thu, 14 Aug 2014 10:16:10 +1000 (EST)
To: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
Date: Thu, 14 Aug 2014 10:16:09 +1000
Message-Id: <20140814001610.3124D1CC688D@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/UK2F7-mt9FNTqR18QRQm7GOgPHU
Subject: Re: [DNSOP] draft-ietf-dnsop-rfc6598-rfc6303-01
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 00:16:19 -0000

	Can we please move on this.

	The reverse address are not yet insecurely delegated as
	would be required for RFC 6598 compliance.  This is starting
	to cause operational problems for ISP's that validate DNS
	responses as they can't deploy local IN-ADDR.ARPA zones
	until that insecure delegation is done.

	Also should I add a reminder to the IANA Considerations that
	the insecure delegation needs to be performed?

	e.g.

	"IANA is reminded that a insecure delegation for these zones
	is required for compliance with RFC 6598 to break the DNSSEC
	chain of trust."

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka@isc.org

v2.30.2 | Report a Bug | By Email | System Status