Re: [DNSOP] Working Group Last Call for: draft-ietf-dnsop-rfc2845bis
bert hubert <bert.hubert@powerdns.com> Wed, 10 July 2019 21:42 UTC
Return-Path: <bert@hubertnet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA581201E5 for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2019 14:42:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2zN5f59wsCV for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2019 14:41:58 -0700 (PDT)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B467B120025 for <dnsop@ietf.org>; Wed, 10 Jul 2019 14:41:58 -0700 (PDT)
Received: from server.ds9a.nl (ip565244ed.adsl-surfen.hetnet.nl [86.82.68.237]) by xs.powerdns.com (Postfix) with ESMTPS id E0B0FA05FC; Wed, 10 Jul 2019 21:41:54 +0000 (UTC)
Received: by server.ds9a.nl (Postfix, from userid 1000) id 8539CAC397B; Wed, 10 Jul 2019 23:41:54 +0200 (CEST)
Date: Wed, 10 Jul 2019 23:41:54 +0200
From: bert hubert <bert.hubert@powerdns.com>
To: Benno Overeinder <benno@NLnetLabs.nl>
Cc: DNSOP WG <dnsop@ietf.org>
Message-ID: <20190710214154.GA29340@server.ds9a.nl>
References: <631b86bb-0f76-7d07-e8b9-16e16aae20c4@NLnetLabs.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <631b86bb-0f76-7d07-e8b9-16e16aae20c4@NLnetLabs.nl>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VqDX9UbFnL7wzkaxHvI4vpIGbDs>
Subject: Re: [DNSOP] Working Group Last Call for: draft-ietf-dnsop-rfc2845bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 21:42:01 -0000
On Wed, Jul 10, 2019 at 10:56:26PM +0200, Benno Overeinder wrote: > >From the feedback on the mailing list, the chairs believe that all > feedback and comments have been addressed by the authors, either in the > draft or on the mailing list. With tremendous apologies for not spending a second on this draft earlier, I do miss one sentence. But first, let me state that I (and the camel) are elated that this draft actually obsoletes documents and doesn't add substantially to the pagecount, or might even reduce it (!). The sentence I miss comes after this first paragraph: TSIG was originally specified by [RFC2845]. In 2017, two nameservers strictly following that document (and the related [RFC4635]) were discovered to have security problems related to this feature. The implementations were fixed but, to avoid similar problems in the future, the two documents were updated and merged, producing this revised specification for TSIG. While TSIG implemented according to this RFC provides for enhanced security, there are no changes in interoperability. TSIG is on the wire still the same mechanism, only checking semantics have been changed. Please see section 10.1 for further details. Rationale for this new paragraph is that it will save like 10000 questions on if this TSIG is compatible with the old TSIG, or if software X implements RFC9xxx TSIG or the old one, and if there is fallback etc. I fully realize how late my suggestion is. > This starts a Working Group Last Call process of three weeks and ends > on: 31 July 2019. I'm very much in favour of this cleanup and I applaud the authors for doing the hard work to make it happen. Bert
- [DNSOP] Working Group Last Call for: draft-ietf-d… Benno Overeinder
- Re: [DNSOP] Working Group Last Call for: draft-ie… bert hubert
- Re: [DNSOP] Working Group Last Call for: draft-ie… Benno Overeinder