Re: [DNSOP] NSEC/NSEC3 for unsigned zones and aggressive use

"Paul Hoffman" <paul.hoffman@vpnc.org> Tue, 18 July 2017 12:35 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430B1131DFC for <dnsop@ietfa.amsl.com>; Tue, 18 Jul 2017 05:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6f0pLiSogMKI for <dnsop@ietfa.amsl.com>; Tue, 18 Jul 2017 05:35:36 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43778131DB2 for <dnsop@ietf.org>; Tue, 18 Jul 2017 05:35:36 -0700 (PDT)
Received: from [10.47.60.34] (dhcp-9976.meeting.ietf.org [31.133.153.118]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id v6ICYj3v016187 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 18 Jul 2017 05:34:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host dhcp-9976.meeting.ietf.org [31.133.153.118] claimed to be [10.47.60.34]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: "Mukund Sivaraman" <muks@isc.org>
Cc: dnsop@ietf.org
Date: Tue, 18 Jul 2017 14:35:31 +0200
Message-ID: <6EE82876-6085-42FA-B2F1-850E9EAE6083@vpnc.org>
In-Reply-To: <20170718094654.GA31988@jurassic>
References: <20170718094654.GA31988@jurassic>
MIME-Version: 1.0
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XtPVbd1Q-M6kiKod3Bu8exLdtMw>
Subject: Re: [DNSOP] NSEC/NSEC3 for unsigned zones and aggressive use
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2017 12:35:37 -0000

On 18 Jul 2017, at 11:46, Mukund Sivaraman wrote:

> Will you give some thought and reply with your opinion on NSEC/NSEC3 for
> unsigned zones requiring the DNS COOKIE option in transmission, that can
> be used with draft-ietf-dnsop-nsec-aggressiveuse?

Of what value is the result? Is it worth the hassle for the zone admin?

--Paul Hoffman