IETF Logo Mail Archive

[DNSOP] Re: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt

"libor.peltan" <libor.peltan@nic.cz> Thu, 18 July 2024 04:11 UTC

Return-Path: <libor.peltan@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF27BC151073 for <dnsop@ietfa.amsl.com>; Wed, 17 Jul 2024 21:11:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdYrNpOFdhPC for <dnsop@ietfa.amsl.com>; Wed, 17 Jul 2024 21:11:21 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7298C151069 for <dnsop@ietf.org>; Wed, 17 Jul 2024 21:11:21 -0700 (PDT)
Received: from [192.168.207.253] (89-24-37-112.nat.epc.tmcz.cz [89.24.37.112]) by mail.nic.cz (Postfix) with ESMTPSA id B65941C1234; Thu, 18 Jul 2024 06:11:17 +0200 (CEST)
Authentication-Results: mail.nic.cz; auth=pass smtp.auth=libor.peltan@nic.cz smtp.mailfrom=libor.peltan@nic.cz
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1721275878; bh=ToYr09NAHjvBSGnt78v9JdDWCHsnrdMuscMSrKqLQlI=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From:Reply-To: Subject:To:Cc; b=jBmb7ykl+9nBdMXv1tLor8xgoTv9nmfF/m0LTjhIYKxwsAznnYTBjKGOcPyvCAAVg n940FxZqH2AQCPUJrzd3Hl+Lc0xfae6C5ZjW2+EMiIWicempr8WoSND4BlfflYNSkh LQkFsHpgWsmA52okerplXCPRyyOZ5/OSfh9XH3C8=
Message-ID: <d48d8d3c-ee46-4bde-8337-7c6f91d73a89@nic.cz>
Date: Thu, 18 Jul 2024 06:11:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Mark Andrews <marka@isc.org>, Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
References: <172046952695.458153.14393628216486074514@dt-datatracker-5f88556585-j5r2h> <659a0f2a-eb82-4769-ad80-63e4f3a24978@nlnetlabs.nl> <BBA7FDFF-34AE-4881-AAB0-27CE71692824@isc.org>
Content-Language: en-US
From: "libor.peltan" <libor.peltan@nic.cz>
In-Reply-To: <BBA7FDFF-34AE-4881-AAB0-27CE71692824@isc.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.103.10 at mail
X-Virus-Status: Clean
X-Rspamd-Server: mail
X-Rspamd-Action: no action
X-Rspamd-Queue-Id: B65941C1234
X-Spamd-Bar: -----
X-Spamd-Result: default: False [-5.09 / 20.00]; BAYES_HAM(-5.00)[100.00%]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_COUNT_ZERO(0.00)[0]; ARC_NA(0.00)[]; ASN(0.00)[asn:13036, ipnet:89.24.0.0/16, country:CZ]; MID_RHS_MATCH_FROM(0.00)[]; NEURAL_HAM(-0.00)[-0.955]; FROM_HAS_DN(0.00)[]; TO_DN_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_THREE(0.00)[3]
Message-ID-Hash: VYPQ64KL2EVCKWOOZ4L52DPJQUDVP46W
X-Message-ID-Hash: VYPQ64KL2EVCKWOOZ4L52DPJQUDVP46W
X-MailFrom: libor.peltan@nic.cz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: New Version Notification for draft-yorgos-dnsop-dry-run-dnssec-02.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XtIlXJEokAoDbdEHa2e_FZraoNI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi,

Dne 17. 07. 24 v 2:18 Mark Andrews napsal(a):
> It is possible to have only burn a single DS Digest Type Algorithm and support
> multiple future algorithms by encoding the actual DS Digest Type Algorithm as
> the first byte of the current digest field.

This is certainly possible, but I think both approches have their 
dis/advantages.

I guess having the dry-run DS and regular DS look equivalent would be 
more comprehensible to DNSSEC beginners.

I seem to remember this discussion has already been performed. If the 
authors considered both approaches and decided for the burning-algorithm 
method, they might want to summarize the arguments in the draft.

Libor

v2.43.4 | Report a Bug | By Email | System Status