Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.
Warren Kumari <warren@kumari.net> Mon, 29 February 2016 16:13 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210271B353A for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 08:13:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2zg0z5bQhiv for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 08:13:39 -0800 (PST)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578731B3537 for <dnsop@ietf.org>; Mon, 29 Feb 2016 08:13:39 -0800 (PST)
Received: by mail-yw0-x22d.google.com with SMTP id h129so124830299ywb.1 for <dnsop@ietf.org>; Mon, 29 Feb 2016 08:13:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TZyUozjA0+NPIg0I0Gbau5HAoQLUYwr/DyVf/hT+EKw=; b=UEDeQ7o5TmpdYxi2bgwRDQXrKO8ODFQNf/mCuCKwAuzRK3RCHlIKjEgtvWr3B3iaCg iGPkxXoyX3GRue2YcBuhabDHrhYmMo/4nibNpKUflOPtYfKXKCBna9aqW9jiGm+9i11T NqYuw4274W33pBZ6SmSK8l2oqdcTwwJpP5B0tszJSFywYNtNTHzsu3WsTdZEQ5BBgtF0 QSum4OmLjBuYkM91wnpW2aVpAJC0fyUGy3ULrjmKTQtnioEBYG+mMAcw/lKAXfh/9PEg eQoAaKzL61D8sHDG31PEkYL4v/CjLpeIp5DbrF4hpdBvcND5RNaIM9qeetvtHFTGfQ6p yeYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TZyUozjA0+NPIg0I0Gbau5HAoQLUYwr/DyVf/hT+EKw=; b=Nm24Xdn2qHIanW8ihOsIKhgyZBF+nBBMhI8fjbdZ9HzZ7qZANIKaQnBzXqB0QArSsd G80CIvTURzAGiVU28LVCGR6KvTVcYc3UKoDgMBz5nJxBdlwm2kvMDtQCn8SX4Vna0xLv WCkh1bqmUyz8VgjugJcIcRdXbneiCDAGW1Gx9dD+242Eg0T6JZAi2XC8iukwjcPCwCSv xA7GMTphxhkNXSRl0WG3nI0Gkx3fy6dBOwNU1cjK+VLp4+wA8QW1PLwONlDObXgO7BlK Sf8h3p1YetEV+wM2ioVHOXQE/z73KN/oCrxLkMXNCilv3luHI/Rhj6SVFl7XN5X+W1bb oy/A==
X-Gm-Message-State: AD7BkJIxIc2Yc0Wbxj1wX+J3T2+YuV9EVcXeLLaYCzLesHmirIow/fOHpxr/gOYk7HhqFntuVE33E3onuHYzSin1
X-Received: by 10.13.210.67 with SMTP id u64mr8867689ywd.42.1456762418534; Mon, 29 Feb 2016 08:13:38 -0800 (PST)
MIME-Version: 1.0
References: <D2F9A5BA.13FE2%edward.lewis@icann.org> <20160229151220.7d7e9643@pallas.home.time-travellers.org>
In-Reply-To: <20160229151220.7d7e9643@pallas.home.time-travellers.org>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 29 Feb 2016 16:13:29 +0000
Message-ID: <CAHw9_iKHYr9_FvkuKVoU_3QKHKwdEBE1wbcSdJv0y7y_g8wVmQ@mail.gmail.com>
To: Shane Kerr <shane@time-travellers.org>, Edward Lewis <edward.lewis@icann.org>
Content-Type: multipart/alternative; boundary="001a114e7e307acdf7052ceaee72"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/UumKlnXrfOJVc4dvqcgyna0Ry5Y>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 16:13:41 -0000
On Mon, Feb 29, 2016 at 9:12 AM Shane Kerr <shane@time-travellers.org> wrote: > Ed, > > At 2016-02-29 12:51:16 +0000 > Edward Lewis <edward.lewis@icann.org> wrote: > > > On 2/25/16, 17:58, "DNSOP on behalf of Warren Kumari" > > <dnsop-bounces@ietf.org on behalf of warren@kumari.net> wrote: > > > > >We have recently updated "Believing NSEC records in the DNS root" > > >(https://tools.ietf.org/html/draft-wkumari-dnsop-cheese-shop-01). > > > > My objection to this document is based on the draft's proposal to specify > > a change to the protocol based on the data being carried in one > particular > > deployment of the protocol. > > Interesting concern, although I don't see how it can be otherwise. We > don't know what the properties of future protocols will be, so I don't > know how we can specify the behavior of resolvers using such protocols > would be. > > > If the DNS is built to assume that the root zone is DNSSEC signed with > > NSEC records and this is then "burned into software" the other > > inter-networks will be given the choice of having to turn on DNSSEC and > > NSEC for their root zone or developing other software. (Or...other > > inconvenient mitigations.) > > Can't a couple sentences address this concern? > > "If the root zone is not DNSSEC signed with NSEC records then the > Cheese Shop is closed and this document does not apply. Resolvers MUST > continue to work in such an environment." > I *think* that the document / proposal implicitly handles this case already. If the root (of whatever tree / name resolution system you have) is not DNSSEC signed, you do not get back valid NSEC records. If you do not get back valid NSEC records, there is no work to do. I guess I could sprinkle "DNS" all over: "The scope of this document is limited to the special case of recursive DNSSEC validating resolvers querying the root zone.", e.g "The scope of this document is limited to the special case of recursive DNSSEC validating resolvers querying the IANA administered DNS root zone." I'm (as always) happy to accept text - I've tossed Shane's in to make it clearer (?) - editor copy: https://github.com/wkumari/draft-wkumari-dnsop-cheese-shop I also have some comments from Jinmei (thanks!) to incorporate, hopefully later this afternoon. W > > Cheers, > > -- > Shane > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Fracturing the protocol - was Re: Updated… Edward Lewis
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Shane Kerr
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Edward Lewis
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Shane Kerr
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Edward Lewis
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Paul Hoffman
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Warren Kumari
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Warren Kumari
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Paul Hoffman
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Edward Lewis
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Warren Kumari
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… 神明達哉
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… 神明達哉
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… John Levine
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Wessels, Duane
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Philip Homburg
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Tony Finch
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… John R Levine
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Philip Homburg
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Ólafur Guðmundsson
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Ray Bellis
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Mark Andrews
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Evan Hunt
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Shane Kerr
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Ólafur Guðmundsson
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Ólafur Guðmundsson
- Re: [DNSOP] Fracturing the protocol - was Re: Upd… Stephane Bortzmeyer