Re: [DNSOP] WGLC for draft-ietf-dnsop-zoneversion

George Michaelson <ggm@algebras.org> Thu, 27 April 2023 04:30 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C30DC1519AE for <dnsop@ietfa.amsl.com>; Wed, 26 Apr 2023 21:30:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWHnC-i4F2Hp for <dnsop@ietfa.amsl.com>; Wed, 26 Apr 2023 21:30:04 -0700 (PDT)
Received: from mail-oo1-xc35.google.com (mail-oo1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3868CC15154D for <dnsop@ietf.org>; Wed, 26 Apr 2023 21:30:03 -0700 (PDT)
Received: by mail-oo1-xc35.google.com with SMTP id 006d021491bc7-541b60e0a7fso4315224eaf.1 for <dnsop@ietf.org>; Wed, 26 Apr 2023 21:30:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20221208.gappssmtp.com; s=20221208; t=1682569802; x=1685161802; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=XvKJwAXkt7MpMEErBMNudMt1KsZBqrS8lb7yGsgpAFE=; b=b9ZV49dJmHrAhSqJBergiU29WG/L26ZzugzqgaJxVGdhUJhjW/0FnsJ5eIYLV9wJyG Y4S6qlTKjjudcump+sa/7mOmEeuznqNAA/KqpZBgT313WKqoQNfbhNp6nix+SF0bIQkJ oUdAAMD0sQgwUoB1BTFQDBrGZLZf1SGX1bubH3obFQeepirr6ZM/43lv0oipcvcZ5Sre ktJDqt+jyFnERlMivh4EPwWi9H0HcFL75TshNH2oWBm6J4r+VRHRoyteJKeVlskhR4ry p2Pa+qUAj0vrLKXTqKcuNbz/9mnJU3TgJ73qqDs6ZNg1w2AlEhDdLmACjtaykopnzAEn 5MIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682569802; x=1685161802; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XvKJwAXkt7MpMEErBMNudMt1KsZBqrS8lb7yGsgpAFE=; b=bk6Q1FUyB7jYJUJC+YpdoSBO7D1zxMPVjAglWwuFxPMoB+8YnZxjc4kbg4w0XOR9Lq XY8qFV483XT86m6uY+M+aC73MavYDnsTqGDcbTibfcBc/IxtiRf4z6l9sNwYKklcJvY/ yfUqvlVE2Wtf2PmpVTTpZp3LSzsP/nW/SvMew1wsCX1jWYTiBb3tfqfo9PB6XBoQ81zg 5jwBFHHQ3O+v3XjjXN9goEjqylNT0XrpDoTG62Zi6vJZm3/PvaGq1GfeBsJjba1LOqI9 yEWWKyg1drhjxqtx+t4RS/+RCp6x0vDq8k/ZHlFPoPEkT+orkiAQyPBH6DBYOxxbPcbO qU8w==
X-Gm-Message-State: AC+VfDwVNa2eqZJlNrt6o1YqWvB6ji2+NO+3CbY7/pXdCTau4ZcOefR3 v5o+ZAok2bX1zJfMmGZ9kvZvsZfF0C+UUNVynvfTTVsCYId7YGMr
X-Google-Smtp-Source: ACHHUZ4DwdnF32wN14ht1JWJ1BJBMkmQCJ4EMOEU/hmF5PBxc3U7G9ybTI/isyY7+wc1bcgxoP86wclKUnWeIhINv2M=
X-Received: by 2002:a54:4403:0:b0:38d:e3dc:fd05 with SMTP id k3-20020a544403000000b0038de3dcfd05mr76457oiw.48.1682569801740; Wed, 26 Apr 2023 21:30:01 -0700 (PDT)
MIME-Version: 1.0
References: <2233B06E-126D-455F-90BA-6C0C00C06508@pir.org>
In-Reply-To: <2233B06E-126D-455F-90BA-6C0C00C06508@pir.org>
From: George Michaelson <ggm@algebras.org>
Date: Thu, 27 Apr 2023 14:29:50 +1000
Message-ID: <CAKr6gn1Xc5-LotsfHgiKGU_K-ArEJOCO34QxfmiHn+h+OPBS2w@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YbNRQn7v7AaeFY3DuFoYXs0fdRo>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-zoneversion
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 04:30:08 -0000

I've read this draft.

I think its a simple and straightforward proposal. It explicitly notes
the security issue that its not covered by DNSSEC, it has
implementations, and it had a good discussion run 2021/2022 which was
overwhelmingly positive.

I had no problems understanding the intent. its really clear and
straightforward.

It's a debug tool. It isn't going to be something I expect to use, but
I like the idea if something goes awry in the responses I am seeing I
can ask the authority to tell me what SOA serial I should expect to
see, that has the response state they're giving me for the specific
query. Thats distinct from ZONEMD which is a DNSSEC signed state of an
entire zone (assuming it can be done) which is a different class of
check on zone state related to serial. I like both. They're different.
That said, you COULD point to ZONEMD in this one in the security
considerations, but I wouldnt make it normative. It's just another way
to check the state of a zone.

The non-transitive thing is about the only point of "well...." -but
its unsigned data: how could you trust it, if you can't verify through
a third (transiting) party? And the draft says this: it's undefined
behaviour.

I truly think this is that very rare bird: "looks good to me ship it"
in 2 WG adopted draft edits.

On Thu, Apr 27, 2023 at 1:08 PM Suzanne Woolf <swoolf@pir.org> wrote:
>
> Colleagues,
>
>
> This email begins a Working Group Last Call for draft-ietf-dnsop-zoneversion-02 (https://datatracker.ietf.org/doc/draft-ietf-dnsop-zoneversion/).
>
> If you've reviewed this document and think it's ready for publication, please let us and the WG know, by responding on-list to this message. We particularly need to hear from implementers and operators whether this EDNS option is implementable and useful.
>
> If you don't think it's ready, and have specific concerns or suggestions, please let us know about those too.
>
> The Last Call will be two weeks, ending on Thursday 11 May.
>
> Thanks to everyone who's offered comments and suggestions on the draft to date.
>
>
> Suzanne, Tim, and Benno
>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop