Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec

Shane Kerr <> Wed, 20 November 2019 15:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ED350120835 for <>; Wed, 20 Nov 2019 07:52:30 -0800 (PST)
X-Quarantine-ID: <jyN_yTEIlHdD>
X-Virus-Scanned: amavisd-new at
X-Amavis-Alert: BAD HEADER SECTION, Improper folded header field made up entirely of whitespace (char 20 hex): X-Spam-Report: ...T_ADDRESS@@ for details.\n \n Content previ[...]
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jyN_yTEIlHdD for <>; Wed, 20 Nov 2019 07:52:27 -0800 (PST)
Received: from ( [IPv6:2001:470:1f14:77a::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BE63D1200F5 for <>; Wed, 20 Nov 2019 07:52:27 -0800 (PST)
Received: from ([2001:470:78c8:2::9]) by with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1iXSHG-00010N-Ne for; Wed, 20 Nov 2019 15:52:25 +0000
References: <> <>
From: Shane Kerr <>
Message-ID: <>
Date: Wed, 20 Nov 2019 16:52:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Score-Int: -28
X-Spam-Bar: --
Archived-At: <>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Nov 2019 15:52:31 -0000

Benno and all,

Overall the document is clear and I hope helpful to organizations 
pursuing a multi-DNS vendor setup who want to use DNSSEC (as all do, I 
am sure).

One minor thing I noticed while looking through the document. It 
mentions the Brazilian ccTLD as background why using a liberal rollover 
is workable:

   In fact, testing by the .BR Top Level
   domain for their recent algorithm rollover [BR-ROLLOVER],
   demonstrates that the liberal approach does in fact work with current
   resolvers deployed on the Internet.

However, the BR-ROLLOVER reference is to a presentation which discusses 
the plans to try a liberal rollover in Brazil, but doesn't actually 
claim that it works. Was there further published research that can 
support this idea?



On 16/11/2019 03.42, Benno Overeinder wrote:
> Hi all,
> The WGLC date has passed and we think the draft is in good shape. Still
> the chairs would like to see some comments and feedback.  Positive
> feedback that the document is ready to go is also fine.
> Thanks,
> -- Benno
> On 31/10/2019 16:47, Tim Wicinski wrote:
>> This starts a Working Group Last Call for
>> draft-ietf-dnsop-multi-provider-dnssec
>> Current versions of the draft is available here:
>> The Current Intended Status of this document is: Informational
>> FYI, I will not shepherd this document, as it was written with several
>> of my coworkers.
>> Benno Overeinder will be Document Shepherd.
>> Please review the draft and offer relevant comments.
>> If this does not seem appropriate please speak out.
>> If someone feels the document is *not* ready for publication, please
>> speak out with your reasons.
>> If there are normative issues, agenda time at IETF106 will be set aside
>> to address them
>> This starts a two week Working Group Last Call process, and ends on:  15
>> November 2019
>> thanks
>> tim
>> _______________________________________________
>> DNSOP mailing list