Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-15.txt

Warren Kumari <warren@kumari.net> Thu, 05 July 2018 20:04 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50894130F5E for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 13:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X9LdXyj72r34 for <dnsop@ietfa.amsl.com>; Thu, 5 Jul 2018 13:04:27 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1199312E039 for <dnsop@ietf.org>; Thu, 5 Jul 2018 13:04:27 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id h40-v6so2020210wrh.2 for <dnsop@ietf.org>; Thu, 05 Jul 2018 13:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Vb9Vx2b98rWRzjDgcllG3kIrCSN7Bwu2r4AV/ckfIW0=; b=YrVSLugmGNjVh0AE02aejL4+IQMr1f3VNU3gEJllICjU4kBm7cbR9Q1B2TE4slOc/n vCHl8rURWa4ietzCuOS3AqBWztKBfPOeY+KxsK3e/K1T/aJ2tB2gO0C8luZbYiRDVy0+ y2a6AdsQAmvfTvh2RFbrQOOIT1lw19W76UeU22+LtN3L6MO8qKDnO5+PK+94NQaEL2S4 rBRwPwRMbs85V3BgkElLxNSzGisp/nBdVAEsyTfyDwd2MnOzQf1lqqYV/0kpnNATMzUa aoNv9NT+CC83fJVhWrEV4CdkKL8vRKXf+5Dn8/D0zevxeS9GDM+4nLYqjqRBptHiSMS+ ItjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Vb9Vx2b98rWRzjDgcllG3kIrCSN7Bwu2r4AV/ckfIW0=; b=cCDrGEI0FWbdSLHTM77H1lNJ7L75xFIhDl6zuFmi4F8uJxK1fDToTsmAtKMKnFSnoV /YexP9wrjdQx/O77OyFE4rv+O+CKCD4dn8GZ2PIEiMgOxd46UY+YnAEXSlqEpOL2DoIr eo9Yb/uP62GIl9zx/85DhjolVQKRLagtsg75qZoFO8TFhC6kQ5qC8YwbtlZYxDQRb80F 8IpFrKueRp1vrTfmDtPoh/ad3yEB+V3jU4REhZIruaxaZbOkyhxj9YPfLlJCGaJ0Jr4Z 3icZEDI6DC0bnIE5m+ALdiMVus1y2sSYfnEcNXIBjg5iiP9kr+CXr1vPtMnKRoc1LRNt CGBw==
X-Gm-Message-State: APt69E2L+YTlASpLTIw48b9CfH/kcEGtfTdNjzNFA3xPFRTRZGxmrzaF mxsGGQmoE8F6aVluI2If450Kp9CevxdH4GYN2htWfQ==
X-Google-Smtp-Source: AAOMgpfD50eLcA12ocQZioP4h72NHfeO1Ctlq/g+eGptjAVdXRfT9QmTkY3Pz/h3iNtHmLOE/l2VwqVFg6rzVnHxWI8=
X-Received: by 2002:adf:bbd4:: with SMTP id z20-v6mr5760266wrg.183.1530821065272; Thu, 05 Jul 2018 13:04:25 -0700 (PDT)
MIME-Version: 1.0
References: <153056261341.16368.17424614083368225701@ietfa.amsl.com> <CA+nkc8BQ5h=SkeNLLZi9kUmAr72U-Dxiz=Bej9XrJeqbo2FMSA@mail.gmail.com>
In-Reply-To: <CA+nkc8BQ5h=SkeNLLZi9kUmAr72U-Dxiz=Bej9XrJeqbo2FMSA@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 5 Jul 2018 16:03:48 -0400
Message-ID: <CAHw9_iLPKwPpHMUUWic_sKNQv+dx3D9BMbqpRZa7vif9OUhvAw@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/W55de9e7iHxY90b67XVab1XKWxU>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-15.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 20:04:31 -0000

Thank you.
These were clearly nits (not substantive changes), and so I just went
ahead and incorporated / addressed them in the GitHub repo:
https://github.com/APNIC-Labs/draft-kskroll-sentinel

Thank you!
W
On Thu, Jul 5, 2018 at 1:49 PM Bob Harold <rharolde@umich.edu>; wrote:
>
>
> On Mon, Jul 2, 2018 at 4:17 PM <internet-drafts@ietf.org>; wrote:
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the Domain Name System Operations WG of the IETF.
>>
>>         Title           : A Root Key Trust Anchor Sentinel for DNSSEC
>>         Authors         : Geoff Huston
>>                           Joao Silva Damas
>>                           Warren Kumari
>>         Filename        : draft-ietf-dnsop-kskroll-sentinel-15.txt
>>         Pages           : 21
>>         Date            : 2018-07-02
>>
>> Abstract:
>>    The DNS Security Extensions (DNSSEC) were developed to provide origin
>>    authentication and integrity protection for DNS data by using digital
>>    signatures.  These digital signatures can be verified by building a
>>    chain of trust starting from a trust anchor and proceeding down to a
>>    particular node in the DNS.  This document specifies a mechanism that
>>    will allow an end user and third parties to determine the trusted key
>>    state for the root key of the resolvers that handle that user's DNS
>>    queries.  Note that this method is only applicable for determining
>>    which keys are in the trust store for the root key.
>>
>>    [ This document is being collaborated on in Github at:
>>    https://github.com/APNIC-Labs/draft-kskroll-sentinel.  The most
>>    recent version of the document, open issues, etc should all be
>>    available here.  The authors (gratefully) accept pull requests.  RFC
>>    Editor, please remove text in square brackets before publication. ]
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/
>>
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-15
>> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-15
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-15
>>
>
> More nits:
>
> 2.2. Special Processing
>
> (last paragraph)
> "exactly as if the mechanism described in this document was not
> implemented or disabled."
>
> That is a little confusing, the "not" could apply to "disabled".
> Better to end with "was disabled or not implemented" or "was not implemented or was disabled"
>
>
> 4. Sentinel Tests from Hosts with More than One Configured Resolve
>
> "Resolve" -> "Resolver"
>
> --
> Bob Harold
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf