Re: [DNSOP] Terminology: validating resolver
George Michaelson <ggm@algebras.org> Tue, 03 April 2018 00:05 UTC
Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7BF7127076 for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 17:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IgBEjhLH7tdE for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 17:05:29 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2F3212D889 for <dnsop@ietf.org>; Mon, 2 Apr 2018 17:05:28 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id s2so17441814qti.2 for <dnsop@ietf.org>; Mon, 02 Apr 2018 17:05:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WB4siTB6BNM6WqVyyfFq6EIKOvUv46ktB8zpTSpuRm4=; b=u7hOiXchnwZte61Zx9WNhanGI1TkQg6FkEiD85GbgApaTME+Lm9JJyBSjXqOdrHzVK PFlrk2qPSXiKeeNyhw5kDBzZglxPTzxx8P1FkzL5qKeU+4lw+6rMPJ/rwxpV5pDS2YAU +3hVFmPuhzjDE2aS4G3yr8LEeddOIJ/EgRvFNvkU/EhWhef2CQOHHQZE7/tVVJMYa/lT yW1r0XzVd67mXBaWkrJa+jqJcyDI0/QUwBIBbwtHr/ZnphaiBBm7huVGE85BqzCFmPhE KEJur6ish7j/3wFZF2867MhgGBso46pQ/3MGJJ+BIq4l5XLwCPKvxKMlgFdMrLLoucR2 8VnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WB4siTB6BNM6WqVyyfFq6EIKOvUv46ktB8zpTSpuRm4=; b=iBXxRbd5jhWrRi+F62mQnKYsFojEkplXo+uFg5EYT3i00ZkjVVn11r3nTbeYNpt6oI GwLrih2J/ue1Nqk66MZtWL5ulN/1pzzGe2mDp6rQ78imRsTl4oHi5fcY4N8MOCCdIkrZ RAAzuFnsCVY1iS2kL+tmdhLpPWm/7UhdZvTv+3PJ3mhZpjfjEmlbrZX125i/z8r1sqZo ffzdYqnyl0EmcEQsVqt+YizFot6K/YR79bJMv6Znoh82UOiAc9z0/8Dtvbt+EQCY6P4a DaiMa95b09nLGjpJZUoHqETbzMVzQscx5dWmGowdiqVFvsWnbtyXHULIkaPGxOqewP6Z QMcw==
X-Gm-Message-State: ALQs6tBb/BJ8VxOtiPLn/HklnxiesJpilmnyW6rLLkyZslAcMJ/Ou2V/ RN7JhLS2Qyy+9VD2daJo3bXw+p1syuAwhwIUEolWg2ZX
X-Google-Smtp-Source: AIpwx49gOa7EL34w1rCfCLYA8roYK+r7d1Si1rPCGcb503drywAWOCz4CqqRRSvvA+dBs5qhPi3YO1VY2TZfSZY9Xzg=
X-Received: by 10.200.36.144 with SMTP id s16mr12763913qts.0.1522713927917; Mon, 02 Apr 2018 17:05:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.50.87 with HTTP; Mon, 2 Apr 2018 17:05:27 -0700 (PDT)
X-Originating-IP: [2001:dc0:2001:210:b991:dffc:4ae8:85f5]
In-Reply-To: <BE8B724E-016E-4AAB-BA6F-751A193C97DB@vpnc.org>
References: <BE8B724E-016E-4AAB-BA6F-751A193C97DB@vpnc.org>
From: George Michaelson <ggm@algebras.org>
Date: Tue, 03 Apr 2018 00:05:27 +0000
Message-ID: <CAKr6gn1VVUf_o51B9ZEB0nmazAawrUdObYC5_pRn2hmxy2SaGg@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: dnsop WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UYN6xdeCvaaYXs6LbUdDLpPhoVc>
Subject: Re: [DNSOP] Terminology: validating resolver
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2018 00:05:32 -0000
RFC4035 section 3.2 looks like it has usable words surely? not from those words, but in my personal opinion, Any resolver which is able to understand and apply the semantic context of DNSSEC signatures over RR should be considered a validating resolver. However, a validating resolver may also be seen NOT to perform validation because it receives queries with the CD bit set. Therefore, you cannot say that all queries through a validating resolver necessarily demonstrate it is capable of validating. Its not entirely subject to external views of its behaviour without the full context of what was in the query received. -G On Mon, Apr 2, 2018 at 11:45 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > Some folks didn't feel all that great about this because it's not defined in > an RFC. Specific suggestions welcome. > > Validating resolver: > A security-aware recursive name server, security-aware resolver, or > security-aware stub resolver that is applying at least one of the > definitions of validation (above), as appropriate to the resolution > context. For the same reason that the generic term "resolver" is > sometimes ambiguous and needs to be evaluated in context, > "validating resolver" is a context-sensitive term. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Terminology: validating resolver Paul Hoffman
- Re: [DNSOP] Terminology: validating resolver George Michaelson
- Re: [DNSOP] Terminology: validating resolver Paul Hoffman
- Re: [DNSOP] Terminology: validating resolver George Michaelson