Re: [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
Ben Schwartz <bemasc@google.com> Fri, 25 March 2022 15:17 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F593A0F02 for <dnsop@ietfa.amsl.com>; Fri, 25 Mar 2022 08:17:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.609
X-Spam-Level:
X-Spam-Status: No, score=-17.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08WYuukVGH8K for <dnsop@ietfa.amsl.com>; Fri, 25 Mar 2022 08:17:40 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6E723A1131 for <dnsop@ietf.org>; Fri, 25 Mar 2022 08:17:40 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id r2so9221538iod.9 for <dnsop@ietf.org>; Fri, 25 Mar 2022 08:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9crjtWW1O6K0H0KO3DFHpfoxRMeb6I+oh7EHuBF4lpc=; b=q1qEITs8Gu6PWGq8c3/vr/Svwcidg2fSFgZvzCK911wpexKoodK4hMQeFIosJEH6zB e1ZdvoUFYRVVWJZTFIh3rCjXtrxRXnJ567Gqrj77DhqP3YnQ2Oa9f92L3ghmozH5oYHH snD5ZAljrNMvRCsr6e0+UPoMLAJ2746PRkyotPeJEy2OB+UaUjSSDHpI4eY+8BxZ6I51 k4pCNJZQK3kl9LsnpZD9wPjlwoe2MgciPcroBk9gmCSU+mSE89e3ZQ7hsAolbYCjFRF+ zQEQRJ2kx/hPaR7D7uD3vz5DxTa993fVGl68BKe18glfA45ezdFJyvzMtDhuvi6s0FiH zVzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9crjtWW1O6K0H0KO3DFHpfoxRMeb6I+oh7EHuBF4lpc=; b=G47hEKfTFgGLpGLsLdlscyaVYk5QE9y1jgjgeRLkerIfRJAoEElD55WxNeTcCp7co3 EGemOJAHuh80XD/nOiMW+noItOBp0zoE2m4i17MQmUtbKapbdS4K69xCBDitTqMLRodC mhDcS0FJS0v3fWTxgwq/83JMN7IyqbGKLjFJt3zg003v0GpSw7BkrIR4uQg+LZXUzPTl QA+RM2+MO6cAzBUVCdi5d7GYmAmb98tNasfjNeolP6YdmdVhlfWSt0cAWz94XuccBF48 fK3UaEaJj9FLjxLMuBz4+g1GyOC5aPREV0YIKIxw3U70V6xSMeEEblegCes6HeGGF3ph YJ/A==
X-Gm-Message-State: AOAM530tMSMn9ciqouF0ENCECxhc+4nsjUPWNqg7ebHtv7iW83FuwXJu YUOj7w0SccfH5j9PG8Q13oq0UV3QHW/U2wKcupz7p1feyp5A+Q==
X-Google-Smtp-Source: ABdhPJyA2Jv8oAhWq7MlmxtmtNTrMascmuP4gRICaQr3ng4PU2m8yJM1ygIVN/uykKeNtcA06Q55iYgsGfoevpNU4aU=
X-Received: by 2002:a05:6e02:12ee:b0:2c8:3333:d824 with SMTP id l14-20020a056e0212ee00b002c83333d824mr5471860iln.185.1648221148808; Fri, 25 Mar 2022 08:12:28 -0700 (PDT)
MIME-Version: 1.0
References: <CADyWQ+F88aupZ6krjmVY54OuqUaUq71myGpszyu6gnS240vWhg@mail.gmail.com> <D38F869A-CE35-4D46-BDC8-DC4F6FA391BF@nohats.ca>
In-Reply-To: <D38F869A-CE35-4D46-BDC8-DC4F6FA391BF@nohats.ca>
From: Ben Schwartz <bemasc@google.com>
Date: Fri, 25 Mar 2022 11:12:17 -0400
Message-ID: <CAHbrMsCu1_=5BEB+BU_0dLa3KVMGgmbm4RnE+1FUxzK-wSci4w@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000009d370a05db0c762d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Z4z5PTkPFb9HUsdbEv1274C3Ckw>
Subject: Re: [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 15:17:46 -0000
I support adoption of this draft. I appreciate that it acknowledges that deployment has been lower than some advocates hoped, but I think the text following that is misplaced: However, this low level of implementation does not affect whether DNSSEC is a best current practice; it just indicates that the value of deploying DNSSEC is often considered lower than the cost. I would suggest a different caveat, perhaps: Nonetheless, the majority deployment of DNSSEC within certain major registries [1], and near-universal deployment across Top-Level Domains [2], demonstrate that DNSSEC is suitable for implementation by both ordinary and highly sophisticated domain owners. [1] https://stats.sidnlabs.nl/en/dnssec.html [2] https://stats.research.icann.org/dns/tld_report/ On Fri, Mar 25, 2022 at 6:37 AM Paul Wouters <paul@nohats.ca> wrote: > On Mar 25, 2022, at 00:08, Tim Wicinski <tjw.ietf@gmail.com> wrote: > > > > If you attended the most recent DNSOP session, you've heard Warren speak > about creating a BCP for DNSSEC, including all of the DNSSEC related RFCs, > in order to make life easier for implementers and DNS operators. > > Please do. As an author and reviewer, I have ran into issues and then > inconsistencies on how to normatively reference DNSSEC. > > Paul > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Call for Adoption: DNSSEC as BCP: draft-h… Tim Wicinski
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Brian Dickson
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Paul Wouters
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Ben Schwartz
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Wessels, Duane
- Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BC… Paul Hoffman
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Joey Deng
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Bill Woodcock
- Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BC… Paul Hoffman
- Re: [DNSOP] DNSOPCall for Adoption: DNSSEC as BCP… Wes Hardaker
- Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BC… Masataka Ohta
- Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BC… Peter Thomassen
- Re: [DNSOP] Call for Adoption: DNSSEC as BCP: dra… Tim Wicinski