Re: [DNSOP] Éric Vyncke's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)

"Wessels, Duane" <dwessels@verisign.com> Wed, 07 October 2020 20:07 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D093A0B19; Wed, 7 Oct 2020 13:07:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqCAZYC_L4Je; Wed, 7 Oct 2020 13:07:53 -0700 (PDT)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF2F13A09E1; Wed, 7 Oct 2020 13:07:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8396; q=dns/txt; s=VRSN; t=1602101273; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=w80838palDEJU+Gvbjnk1xkK3M3lu2zVy12ewHX7qWY=; b=W1arSn4Udvx7A8hjTyOjnm3bC/9pokKDYM13CGHKghD8/gazdcOWKj8/ ZxrrefuGswQ+NWE5N2hkZ/yxseUHAenVk7fb9LEaoY0sSmTurVazZAnnj dbP4a3GUDtheVdJELK7QwZnK1FAmQNDYuJNyNqMhnbkUPdswYvoH8P+ar BLT8Nyhtp5k5XXVSrrm/GKd636EPfHl6rZvddHUnloQeL3Gmbhs0x3c80 zTYT89QkqF7rKUrTreYd7g51iprBp8WV0nlLkvn2nJCa5eVJZMXlX05Hp Vjoy3AF7etszaWjXJu635cT5WVGre+x+D9iHyuTotz6i4ez0Hq4Z8U8dv Q==;
IronPort-SDR: ZqvzPD2lMR15bZgUbtj9+eSytnqTa4StuY/PcfZcSF55+L8ROVS2cw268HORecbDsZ0JoGn3OT P6t6lzTU+piH41dzm1lBO187rsZCtfGOsmGdV/t5Jv7xx5SkavDz6acUviRBBSsEnKVje1DwQa za1KaVquFQ2QthWZiasRdiFGfpCXRdEnaF+W8Irxlbuciy8Bb9Df2+Vw0ovwYlgnziioGhilBn r8uLxNisLTQXcBUD8o8a7rdsNRbLeo6G4M2Ie2oKK1mdL56SKneTNpNRNLsvlFoOyBs6G623S+ kcA=
X-IronPort-AV: E=Sophos; i="5.77,348,1596513600"; d="p7s'?scan'208"; a="3099168"
IronPort-PHdr: 9a23:NoUGzB1j4883k08SsmDT+DRfVm0co7zxezQtwd8ZsesUK/jxwZ3uMQTl6Ol3ixeRBMOHsq0C17Sd4vuocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmTiwbal9IRi3ogncsscbipZ+J6gszRfEvmFGcPlMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLDQheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjljsJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6yb5UBAfcdPehWrIf9qVkBoxy/BQawC+zi0TBIimPz3aAg0+QtDQPL0Qo9FNwOqnTUq9D1Ob8cXe+10qbI1i7DYO1S2Tfm8ITDbx4voeyWUrJ2b8Xdx1QkGgTYgVSet4PlJCiV2foJs2iA9OdgS/ygi3QmqwFqozivycEshpPViYISz1DJ7CN0y5s6KtOkUkB0e8KkEIdOuCGAMYt7WsAvT3xotSsm1LEIt5G1cSwWxJk62RLSauCLf5WJ7xzsVeucPDN1iW95db++hRu//kaux+zyWMS31FtHsDRJn9nKu3sQ1BLT8tCKRuZh8ku7xDqC1Q7e5vtZLU00m6fXMZEsz70ompYOrUjPBDL6lUfqgKOMa0kp9eul5/76brjloJKXKpV6hRvkMqs0n8yyGeE4Mg8TUGeF4em8z7jj/VHhQLVNk/02jrHVsJDEKsQfoa60GxJY3Jo75RqiDzioyNsWkngbIF5YYh6HkZTmO1bUIPDgF/uwmUmjnC11x/DcJb3hBI/BIWTEkLfkZbp96khcxxQvzd1H+p5YFqsNLO/xV0L/rtDUEx80PgKuz+voC9hxzoYeVniOAq+dPqPSq1iI5uc3LuaRao4api39K+M76P7qln80gkEdcrez3ZsWc3C4H/tmI0ODbXXwhdcBFH8GvhAiQ+zylF2CTTlTam6sUKIi5jA7Dp6pDYTdSY22nLOB3Ty7EYFRZmxcFl+MFnLofZ2eW/gQcCKSPtNhkjscWLigVYAhzh6uuRT7y7V5MurU9DcUtZX51Nh6/+fTjw099SRoD8SB1GGAV3x7nnkSSD84wKBzuE19xUmf0ah2mvBXCNpT5+hOUgciLJLT0up6C8vrVgPAedeJTkipTsy7DjEwQdI+3cQOY1pmFtWjkB/DwySqD6USl7yRC5w+6rjc0GTpJ8Zh13bG07EsgEQgQstUMm2mnrdz+BTTB4HTkkWZjb2qeL8d3CHT6GeDw3CCvEZCUA5/Sa/FR2wQZlPKrdTl4UPPV6KhCbI8MgtG0c6PMapKZcP1jVVIXvvjP87eY22pkWeqGRmI3q+MbJbte2gFwCXdCkYFnxoS/XmYKQg+CDyso23bDDN0FFLvZ1ng/vV5qHO+HQcIyFQrdUxqn4Sk/BUWiLTIRu0C2LkHtQ8qqi5/GxC22NeAWPSaoA80NppResgw5EwDnU7EvgpwdNT0I79vnUUTdx9foU701g52BYMGms8v+iB5hDFuIL6VhQsSPwiT2or9b/iOcjH/
X-IPAS-Result: A2FAAgA1H35f/zCZrQpgHAEBAQEBAQcBARIBAQQEAQGCD4NGgQgKgSmDCpEZJoNDN4EylnoEBwEBAQEBAQEBAQQEAS8EAQEPhDsCggkmOBMCAwEBCwEBAQUBAQEBAQYDAQEBAoZRgjcpAYNqAQEBAQIBI1YFCwIBCBgqAgICMBoLAgQKBAUOgxgBglwRqGl2gTKKUBCBOIFThzOESIFCPoERJwwQgk0+hDyDGDOCLQSQHYJlAZNBkRQDB4JohEuCX442hQofgxOKBJQWhFOrA4NfAgQCBAUCFYFrgXtwFWUBgj4+EhcCDY4rFxSOEHQ3AgYBCQEBAwkBjTaBEQEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Wed, 7 Oct 2020 16:07:50 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.1979.003; Wed, 7 Oct 2020 16:07:50 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Éric Vyncke <evyncke@cisco.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-dns-zone-digest@ietf.org" <draft-ietf-dnsop-dns-zone-digest@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>
Thread-Topic: [EXTERNAL] Éric Vyncke's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)
Thread-Index: AQHWnI7r1/8dvQaDv0aUuYyL3TLFbamM1QAA
Date: Wed, 07 Oct 2020 20:07:50 +0000
Message-ID: <4E6F88EA-3861-4657-A161-69ABD1177242@verisign.com>
References: <160206406753.9126.4859724450652537152@ietfa.amsl.com>
In-Reply-To: <160206406753.9126.4859724450652537152@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_869EC7A9-5ACE-4453-B3DF-1B6B22A3A2E3"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YGw_H2q835x-DBLMIRIHfnFPbHI>
Subject: Re: [DNSOP] Éric Vyncke's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 20:07:55 -0000


> On Oct 7, 2020, at 2:47 AM, Éric Vyncke via Datatracker <noreply@ietf.org> wrote:
> 
> Éric Vyncke has entered the following ballot position for
> draft-ietf-dnsop-dns-zone-digest-12: No Objection
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thank you for the work put into this document. I really like the idea of
> protecting the zone integrity even at rest.
> 
> Please find below one non-blocking COMMENT points and one nit. I would really
> appreciate a reply for my comment about section 1.2.
> 
> I hope that this helps to improve the document,
> 
> Regards,
> 
> -éric
> 
> == COMMENTS ==
> -- Section 1.2 --
> Why is draft-ietf-dprive-xfr-over-tls not mentioned in this section as an
> alternative for data on the move?

Just an oversight.  The document does (did) mention "a future version of DNS-over-TLS"
which I think was meant as a reference to draft-ietf-dprive-xfr-over-tls when that was
just getting started.  Ben pointed this out as well and I suggest changing the text to this:

   The Transport Layer Security protocol suite also provides channel
   security.  The DPRIVE working group is in the process of specifying
   DNS Zone Transfer-over-TLS [I-D.ietf-dprive-xfr-over-tls].


> 
> == NITS ==
> -- Section 1.4.3 --
> Suggest to add "(RPZ)" after the first use of the expansion.
> 


Done.

DW