IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Mark Andrews <marka@isc.org> Fri, 23 March 2018 10:07 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D2812D7EA for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 03:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-eMI1Ts0AuJ for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 03:07:29 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77EF5126CC4 for <dnsop@ietf.org>; Fri, 23 Mar 2018 03:07:29 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 31A603AB002; Fri, 23 Mar 2018 10:07:29 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id E04B4160051; Fri, 23 Mar 2018 10:07:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id CA2B7160067; Fri, 23 Mar 2018 10:07:28 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id tTQbJCuOIfx3; Fri, 23 Mar 2018 10:07:28 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 233DA160051; Fri, 23 Mar 2018 10:07:27 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net>
Date: Fri, 23 Mar 2018 21:07:25 +1100
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net>
To: Geoff Huston <gih@apnic.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YqXxxGrBNooAlxxPC4Wx5hDw5YU>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 10:07:30 -0000

Geoff you are wrong. Titles should tell you what you are about
to read especially technical documents. There are WAY TOO MANY
RFC TO READ EVERYONE ON THEM.

If I had a TA for andrews.wattle.id.au the current title would
indicate that I could test resolvers to see if there is a TA
installed for it.

The current draft *is not* generic.  It is root TA specific.
That needs to be reflected in the title.

As for the label it can be used for more than rolling KSKs.
It can be used to see what resolvers are supporting new TA
*when you are not rolling keys*.  The current name reflects
*one* use, not all uses.

Mark

> On 23 Mar 2018, at 8:21 pm, Geoff Huston <gih@apnic.net> wrote:
> 
> 
> 
>> On 23 Mar 2018, at 12:55 am, Mark Andrews <marka@isc.org> wrote:
>> 
>> This title of this document DOES NOT match reality.
>> 
>> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be
>> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”.
>> 
>> kskroll-sentinel-<what>-<id> really needs something other
>> than “kskroll” as the first field.  “root-key-sentinal-<what>-<id>”
>> really more clearly matches what it does.
>> 
>> Any other changes that follow from these two changes”
>> 
> 
> I personally think this is getting into bike shedding at this point.
> 
> The title of the document is an adequate description of the content
> and folk who want to know more should read the document, not guess
> from the title!
> 
> The label is a piece of syntactic convenience and is entirely
> arbitrary. We could start an almost infinite discussion thread
> over which label is better, but in the end its just a label.
> 
> 
> regards,
> 
>    Geoff
> 
> 
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email