IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

Matthew Pounsett <matt@conundrum.com> Fri, 11 August 2017 14:39 UTC

Return-Path: <matt@conundrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60F9513239C for <dnsop@ietfa.amsl.com>; Fri, 11 Aug 2017 07:39:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCojDBE1uXw0 for <dnsop@ietfa.amsl.com>; Fri, 11 Aug 2017 07:39:53 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88EEA1324E6 for <dnsop@ietf.org>; Fri, 11 Aug 2017 07:39:51 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id q25so15861447uah.1 for <dnsop@ietf.org>; Fri, 11 Aug 2017 07:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=71zpqZyP6VmCrcplJiDWcjPf5KFJG7PXfaPsIL0EBPo=; b=QfvMWNFoErYbKSptjHebhk7SDOYt5vObGmm9PWGEC1nRcUJaNqiGIX5QFJQ+X92UXN kcBQNUhGLFMiMyY9gveJF4BRFSgM+xZxZp0Lz9SwPcFOVQu2EkJ5PbGdn1as7eUBrMGA 9TdlItqd+HherUoLAWA+OQwMeFW1y9I3N4/HYW8B9HhdXULQr0PqVQCehvjl6KsP66WD hGrhm+ktmL1lZF2NLFvA9tWadQ1Btis7ro8c8cNKZnt/ax6wCXKGsfE8gfrDeke44LMf ciXZxDJnQWSw0th9HrAMlHBR1h7Fm/mWVmvJrkUSsH84kc8uh6xcJuTrk4mbA5RoT3jY 3Y6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=71zpqZyP6VmCrcplJiDWcjPf5KFJG7PXfaPsIL0EBPo=; b=fHdy2BZxv/O2nFgexqlOmYHYdLjPBMkkQ6A5NcJwSoE6OMvh9qk0xU78K2uZJMDKyw ZZJrY+GOse+hh6uOjYYZhHLEm6RIyk8k7foOG+skbZNNdRyjLaFcAr/fdHFNK4tv8Y0I CgbPTACUNHiy69E5AAuy1nsAGwxRHuWQ/5MifxwrL5+ZQwhKL/ygun5gFt9VM/8888gm Rq4dy4TXGQzPlnstEXVt9G6wpu8Bdyh09io/7XUkhUDAGbOdmONPGhtU6Q4BtxoaRJeG IJGuzkIZHpcw4YeLzdB2n0TvtPpsOkn/1dzDToiuD4UlvGQZHk+bBzzq0OX4SOWDZ/w3 2p+g==
X-Gm-Message-State: AHYfb5gdnn7Caq3SGCoGLbsXBENzWZsEFE41DbKOrQXOtQNqWszpBQcL +zGLo6EURv5w6Ossp5e70uUjblvBpsUA
X-Received: by 10.176.81.137 with SMTP id g9mr11800864uaa.187.1502462390614; Fri, 11 Aug 2017 07:39:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.84.74 with HTTP; Fri, 11 Aug 2017 07:39:50 -0700 (PDT)
In-Reply-To: <CANLjSvVe99q4vtTW0TRopmQ0s9hC8HdMze5B6COs8Y_3unir5w@mail.gmail.com>
References: <149908054910.760.8140876567010458934.idtracker@ietfa.amsl.com> <CANLjSvU23OPMM=cETxBiV7j8UhMzMd426VuivxAtboMAB0=7jw@mail.gmail.com> <alpine.DEB.2.11.1707031317070.21595@grey.csi.cam.ac.uk> <CANLjSvXE4q9PSEc4txKM4OPKXVpT38N_PC2-fDHmihpk29ahcw@mail.gmail.com> <1197245d-6b9a-3c3b-82a0-dc6a1cc3de58@nic.cz> <CANLjSvVe99q4vtTW0TRopmQ0s9hC8HdMze5B6COs8Y_3unir5w@mail.gmail.com>
From: Matthew Pounsett <matt@conundrum.com>
Date: Fri, 11 Aug 2017 10:39:50 -0400
Message-ID: <CAAiTEH8ntOerB6MGKMS2xcCK3TL9n4fyLq6F+bpUY6oTUpWN8w@mail.gmail.com>
To: Lanlan Pan <abbypan@gmail.com>
Cc: Petr Špaček <petr.spacek@nic.cz>, dnsop <dnsop@ietf.org>, Vladimír Čunát <vladimir.cunat@nic.cz>
Content-Type: multipart/alternative; boundary="94eb2c1927aa15324205567b4946"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VEn9cmLqsKdhH8cz01hPbl2Zq_4>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 14:39:55 -0000

On 11 August 2017 at 01:02, Lanlan Pan <abbypan@gmail.com> wrote:

>
>> We can get even better behavior from aggressive NSEC use. Here are
>> advantages of aggressive NSEC use:
>> - does not require changes to existing authoritatives or signed zones
>> - less fragile (if we consider manual SWILD specification as an option)
>> - supports wildcards with nodes below it
>>
>
> Yes, aggressive NSEC use has advantages if:
> 1) AUTH give NSEC RR.
> 2) Every Intermediate Resolver supports DNSSEC validating and the NSEC
> aggressive use.
>

It sounds like you're assuming that SWILD would be supported by caching
servers that do not support DNSSEC or NSEC aggressive use.  Why do you
expect implementers would adopt SWILD before adopting these much older
features?



>
> Yes, the aggressive NSEC is limited to DNSSEC-signed zones. I think that
>> is okay: New features are provided only by the latest version of
>> the protocol.
>>
> But:
> 1) many wildcards occupy the Resolver cache, with no nodes below them.
> 2) many wildcards AUTH not give NSEC RR.
> 3) many resolvers not support DNSSEC validating, not to mention NSEC
> aggressive use.
>
> On the view of new feature, SWILD can be an alternative simpler choice to
> deploy.
>

v2.23.0 | Report a Bug | By Email