Re: [DNSOP] WG review of draft-ietf-homenet-dot-03
Brian Dickson <brian.peter.dickson@gmail.com> Mon, 20 March 2017 22:08 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0033F126DFB for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 15:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9V-uHaWmQ2T for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 15:08:45 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B41129404 for <dnsop@ietf.org>; Mon, 20 Mar 2017 15:08:44 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id l7so38485690ioe.3 for <dnsop@ietf.org>; Mon, 20 Mar 2017 15:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Z6XiP4ZnTynAnBbE82F+DIJIztHQh9YPIocxi4xB8Ng=; b=DwCCmP3jEBhI43AoQ/hvuitwinfKusHZoA1soEdt8RyfiP7dNYrCDSfJQaf7utJp8U TinlZ8/IR/Rf88LTi/EDhbPbQjwOkWDKBuPSR39DwGsbxrdLBGMH3aNMIx/V9EEoTX8t 9r23JOZaJckR1TzipWCBXdvTAXrWUEynML7Kbj3M6Ijwdih/zvIrLCw7fp4A43NOLsnU XLmxFqC4vC97DJTroyIF3ieDX3xij155M2xXRNGq7vonJdGvo18A4hRrw3wV6uzCe1Gy JJ8mt4oWhQcF2TBc7kpIQ+ukR4zVaHZ6AWyHjJBLa0ceBdjRVbW3pu3nAcPk4ecYiYJ1 VRhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Z6XiP4ZnTynAnBbE82F+DIJIztHQh9YPIocxi4xB8Ng=; b=qTUSrg6WBuB2YRBmlDgWPbn11vA53UHYbMsrKcO+obbEegBkk3LZice2rTkmg/H31G qE8GP5pfTyfHGIzIAkvEbKRc61pNjCuzYFOvuKUchumWOW7wlnvi43iFcKM+BVLTTaNV lpZmWRrWK89VjaPtWadVPFKBtgaAy3sZEt8gjLdVe/QJgzPp++r2hyN0+RPzMOUEU7zY 8ypExOTipoB04rBLAWjNtbPbO7Sfvceg2E5JT9Du+fdBTMFXk6382B7CdaPDYeAURnxa jNuL4oG6wjBYgsOZwmiUE6t7kAEUOH2OosmWCJhOSg1kT3bO8ukfdVXEvLOOLN2QIIvv MQ3g==
X-Gm-Message-State: AFeK/H0HVZvEgsK8JGa56080Z4H6skIuVfJ87PwJGyzHhQLGzcwUUHGAAJ2Frni4Nx26VghNclXo91xA4Tt3Lw==
X-Received: by 10.107.180.200 with SMTP id d191mr27335428iof.42.1490047723576; Mon, 20 Mar 2017 15:08:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.88.210 with HTTP; Mon, 20 Mar 2017 15:08:43 -0700 (PDT)
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Mon, 20 Mar 2017 15:08:43 -0700
Message-ID: <CAH1iCioEAfgS-Efj1OYsL1vG4STnwod=ARrtEKWsHYMCzRdq-Q@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0685ce434e95054b30c544"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YVV0pfzz0f8ZP9cT7Sk_kN4D_SY>
Subject: Re: [DNSOP] WG review of draft-ietf-homenet-dot-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 22:08:49 -0000
> Hi, > The INT Area Director who oversees the homenet WG, Terry Manderson, has > asked DNSOP participants to review > https://www.ietf.org/id/draft-ietf-homenet-dot-03.txt, "Special Use Top > Level Domain '.homenet’”, with the following aspects in mind: > 1) in terms of RFC6761 > 2) in terms of the _operational_ position of an unsigned entry in the root > zone as requested in this document, to break the chain of trust for local > DNS resolution of .homenet names. > I'd like to ask some questions about homenet and the TLD. These are mostly clarification questions, but might (together) lead to an alternative solution. 1. The homenet TLD is intended to be used in such a way that queries should never reach the root servers. Is this correct? 2. The main issue driving the request for the insecure delegation, is the ability to have a proof of insecurity anchored at the ICANN root-of-trust, aka the KSK for the root zone. Is this correct? 3. Resolvers doing "homenet" need to be able to serve current "proof" responses, whose signatures' validity periods are "current". Is this correct? 4. What is required for the above, is generation of DNSSEC records including RRSIG(NS), NSEC, and RRSIG(NSEC), for "homenet" TLD. Since the queries are never meant to reach the root servers, the presence or absence of "homenet" in the root is mostly moot. The only technical requirement is that suitable DNSSEC records be generated, and that the special-purpose homenet DNS resolvers are able to have up-to-date copies of these DNSSEC records. As a technical matter, this does not require publishing these records in the root zone, although that would be one way of achieving the necessary requirement. Perhaps the homenet WG folks could talk to the ICANN folks about ways of accomplishing the above, without the need for publishing the unsigned delegation in the root zone? The benefit of not publishing, is that any queries that do hit the root servers, would get a signed NXDOMAIN, which IMHO is a more correct response. (It also prevents the problem of what NS values would need to be used on the unsigned delegation.) Brian > This document is the product of the homenet WG, which has asked the IESG > to approve it for publication, so our comments are strictly advisory to the > IESG. There was some discussion of the draft on this list shortly after it > appeared, in November 2016, but it’s always the AD’s prerogative to ask for > additional review. > > > thanks, > Suzanne & Tim
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Hoffman
- [DNSOP] WG review of draft-ietf-homenet-dot-03 Suzanne Woolf
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 George Michaelson
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Russ Housley
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Russ Housley
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Jim Reid
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Russ Housley
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Vixie
- [DNSOP] Fwd: WG review of draft-ietf-homenet-dot-… Russ Housley
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Russ Housley
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Steve Crocker
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Steve Crocker
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Brian Dickson
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Wouters
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Brian Dickson
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Viktor Dukhovni
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Andrew Sullivan
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Steve Crocker
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Brian Dickson
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Viktor Dukhovni
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Wouters
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Andrew Sullivan
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Vixie
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Vixie
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Mark Andrews
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Mark Andrews
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Mark Andrews
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Suzanne Woolf
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Philip Homburg
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Wouters
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Jim Reid
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Philip Homburg
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Wouters
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Paul Wouters
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Jim Reid
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Suzanne Woolf
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Jaap Akkerhuis
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Suzanne Woolf
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Mark Andrews
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Jim Reid
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ted Lemon
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Suzanne Woolf
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Tim Chown
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ray Bellis
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Ralph Droms
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Tim Chown
- [DNSOP] .arpa Jim Reid
- Re: [DNSOP] .arpa Patrik Fältström
- Re: [DNSOP] .arpa Suzanne Woolf
- Re: [DNSOP] .arpa Tim Chown
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Tim Chown
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Tim Chown
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Ray Bellis
- Re: [DNSOP] .arpa Andrew Sullivan
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Andrew Sullivan
- Re: [DNSOP] .arpa Ralph Droms
- Re: [DNSOP] .arpa John Levine
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa John R Levine
- Re: [DNSOP] WG review of draft-ietf-homenet-dot-03 Matthew Pounsett
- [DNSOP] draft-ietf-homenet-dot review limits Re: … Suzanne Woolf
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Andrew Sullivan
- Re: [DNSOP] .arpa Suzanne Woolf
- Re: [DNSOP] .arpa Ray Bellis
- Re: [DNSOP] .arpa Ralph Droms
- Re: [DNSOP] .arpa Suzanne Woolf
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Ray Bellis
- Re: [DNSOP] .arpa Paul Wouters
- Re: [DNSOP] .arpa Ray Bellis
- Re: [DNSOP] .arpa Ralph Droms
- Re: [DNSOP] .arpa Paul Wouters
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Matthew Pounsett
- [DNSOP] Homenet implementation plans by vendors? … Dan York
- Re: [DNSOP] Homenet implementation plans by vendo… Ted Lemon
- Re: [DNSOP] Homenet implementation plans by vendo… Ray Bellis
- Re: [DNSOP] .arpa Matt Larson
- Re: [DNSOP] .arpa Ralph Droms
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] Homenet implementation plans by vendo… George Michaelson
- Re: [DNSOP] Homenet implementation plans by vendo… Ray Bellis
- Re: [DNSOP] Homenet implementation plans by vendo… George Michaelson
- Re: [DNSOP] Homenet implementation plans by vendo… Ray Bellis
- Re: [DNSOP] .arpa Ralph Droms
- Re: [DNSOP] .arpa Ozgur Karatas
- Re: [DNSOP] .arpa Suzanne Woolf
- Re: [DNSOP] .arpa John Levine
- Re: [DNSOP] .arpa Richard Lamb
- Re: [DNSOP] .arpa George Michaelson
- Re: [DNSOP] .arpa David Conrad
- Re: [DNSOP] .arpa George Michaelson
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa George Michaelson
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa George Michaelson
- Re: [DNSOP] .arpa Ted Lemon
- Re: [DNSOP] .arpa Patrik Fältström
- Re: [DNSOP] .arpa Ray Bellis
- Re: [DNSOP] .arpa Patrik Fältström
- Re: [DNSOP] .arpa Jim Reid
- Re: [DNSOP] .arpa Suzanne Woolf