Re: [DNSOP] I-D Action: draft-wessels-dns-zone-digest-06.txt

"Wessels, Duane" <dwessels@verisign.com> Mon, 20 May 2019 22:26 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E95012011C for <dnsop@ietfa.amsl.com>; Mon, 20 May 2019 15:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Knei55iFpULS for <dnsop@ietfa.amsl.com>; Mon, 20 May 2019 15:26:30 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DD4A12004B for <dnsop@ietf.org>; Mon, 20 May 2019 15:26:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7905; q=dns/txt; s=VRSN; t=1558391190; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=FBd9WzaywKSZAKNFxiA+zGCH/FIHUXqQjTDuE9AgFWo=; b=ZL1iOeIlPp1VE7LLZcgFTdp1wMvjFyC+lsrRIlvMDr+xGdgk3nw/vRpt sXxq/6PoKrMk3jrF0PcoxOCp7PpeqYPW4eCIc9f7ITAS0B3Oo+JM8YNgb v5qiFRlFe8qFfMrc/GRHrVWbSE11cwG1ioCHIAZDRj3L4se+3GbfOgHSA M4GwkDaerOsOJUbEwUCn/V/2Xydzo4naKUwBPoBtnOLWPct3msDa+Wpak wfsvhrbkGdTe5vduGJvPqal+XStam7xIUnN2Vc+TLVuOXXHg/dtst+Kvg lny6+uG0G8NAvjpisQk4kWzFPdzFFpzqQlxSxGUBudgXwy5gPlsouie5y g==;
X-IronPort-AV: E=Sophos; i="5.60,492,1549947600"; d="p7s'?scan'208"; a="7620108"
IronPort-PHdr: =?us-ascii?q?9a23=3AwPc18RNQH5f0JSFLQfol6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0I/jyrarrMEGX3/hxlliBBdydt6sdzbOO4uu4CSQp2tWoiDg6aptCVh?= =?us-ascii?q?sI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFR?= =?us-ascii?q?rhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTagfL9+Ngi6oRnVu8UZnYdvKbs6xw?= =?us-ascii?q?fUrHdPZ+lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2?= =?us-ascii?q?465MvwtRneVgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVz?= =?us-ascii?q?mu87tnRRn1gyocKTU37H/YhdBxjKJDoRKuuRp/w5LPYIqIMPZyZ77Rcc8GSW?= =?us-ascii?q?ZEWMtaSi5PDZ6mb4YXD+QPI/tWr5XzqVUNoxuxBwisC//gxTJTiX/6wag63v?= =?us-ascii?q?49HQ3awgAtGc8FvnTOrNXyMacfSe65w6nWwjXYdPNZxzP96JPQfhs8r/+MQK?= =?us-ascii?q?h/cczPxkUhCgjIiUifqIL7MDOOzeQCrWyb7/F7WOKxlWEnsQBxoiOuxscjjI?= =?us-ascii?q?nFnJ4aylfB9Shgxos+ONO2SEl+YdG+EZtQsTmXN4poTcM+TWFkoiE6yqcJuZ?= =?us-ascii?q?O9YSMEy4wnygbCZ/CbaYSE/xDuWeiLLTtlhH9odqizihm2/ES41+HwStO43E?= =?us-ascii?q?tIoyZZiNXAq38A2h/J5sSaSfZx5kmh1iiM2gzP7+xJJFo7mKnfJpE6x7M9mI?= =?us-ascii?q?QfvlnCEyLzg0r7iK6be0ch9+Wm5enqYKjpq5mBPIFukA7+KL4hmsmnDOQ9NQ?= =?us-ascii?q?gBQnaU9Pyn1L3m4U35WLJKjuAqkqXBsJDVO8AbpqmhDgJIzogt8wuzADe+3t?= =?us-ascii?q?oXnHYLMExJdAiZj4f1PFHOOuj4Ae2ljFuxijtr2erGPqbnApnXMnfDl7Lhca?= =?us-ascii?q?58605a1gUz0chS649IBr0bPf7+WEH8uMbFAhI5PQG42enqBdFl2oMbQ22PA6?= =?us-ascii?q?uZMK3IsV+P4+IiO/SDZYELtzbmMPgq+frujWQilF8DY6apx5oXaGu5HvRpJU?= =?us-ascii?q?WVe2bjgtAEEWsSpAoxUPTqiEGeUT5Uf3uyWKY85jU6CI+9DIbMWIGtgKCb0C?= =?us-ascii?q?inGZ1cfnpGBUyUEXf0a4WEXO8BZz+UIs96lTwETaOsS44/2hGyug/20b1nLv?= =?us-ascii?q?Db+n5QiZW289xx5qXtnBcy8j59R5Ca12WMZ3N5n39OTDhgj45lpkkogGiOyr?= =?us-ascii?q?N1h+ccXfBO7vVEGE9uOYHR1Pd3D8vaRA/bf8yIR1DgSdKjV2JiBuktysMDNh?= =?us-ascii?q?4uU+6piQrOim/zW+cY?=
X-IPAS-Result: =?us-ascii?q?A2ERAAAEKeNc/zGZrQplGgEBAQEBAgEBAQEHAgEBAQGBV?= =?us-ascii?q?AIBAQEBCwGCeYEsCpkjg16WcgkBAQEBAQEBAQEDBAEjDAEBAoQ+AoJgNwYOA?= =?us-ascii?q?QMBAQEEAQEBAQMBAQECgQUMgjopARRNawEBAQEBASMCRCwBAQEBAgF5BQsCA?= =?us-ascii?q?QgYLgIwJQIEDgUOgxQBgXseqBmFSIRiCgaBNAGBTooZgUE+gTgfgkw+gmEBA?= =?us-ascii?q?QIBhRqCJgSLN5xhAwYCgg2DE4IYgQOMaZYfkz+OTgIEAgQFAhWBZYF6cBVlA?= =?us-ascii?q?YJBixKFP3IBjSWBIQEB?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 20 May 2019 18:26:28 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1713.004; Mon, 20 May 2019 18:26:28 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Olli Vanhoja <olli@zeit.co>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] I-D Action: draft-wessels-dns-zone-digest-06.txt
Thread-Index: AQHVD1sRJIVIt5MEh0y3ato8MUTRng==
Date: Mon, 20 May 2019 22:26:28 +0000
Message-ID: <CBFC1866-EDC7-4639-BD01-75B17F8FE7E4@verisign.com>
References: <155009468256.9559.12509906855495134896@ietfa.amsl.com> <923006F8-EB5A-4098-81A2-782BC90BF220@verisign.com> <CAAiTEH_GmvNVgAZzwG+oaQrtNd_b=kpDSRz7ErbmTjuXrzziWg@mail.gmail.com> <CABrJZ5FBYpFrjpm-a+B9FF8rbVNXwy=V-MP0TPS8fG87OJeteg@mail.gmail.com> <0E8CD2BB-C8C6-4387-8FAD-DAC84B381557@verisign.com> <CABrJZ5GBrFFqW8cnHAfM07jb1nE79TeW97nCODxtpMPVDqy1Bg@mail.gmail.com>
In-Reply-To: <CABrJZ5GBrFFqW8cnHAfM07jb1nE79TeW97nCODxtpMPVDqy1Bg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_D79B7298-5130-42D8-91A5-1665D22DEC98"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/_sV3xBogO7BpDG1FKT3LUr90Eo4>
Subject: Re: [DNSOP] I-D Action: draft-wessels-dns-zone-digest-06.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 22:26:32 -0000

> On May 17, 2019, at 12:14 PM, Olli Vanhoja <olli@zeit.co>; wrote:
> 
> I believe this has been in a bit stall for some time. I'm finally
> trying push for some real production implementations.
> 
> I have one note that I wrote when I was initially reading the draft:
> 
> - Canonical RR Form comes from RFC 4034 s. 6.2 and it doesn't require
> require normalization of SPF and CAA records. RFC 6844 specifically
> allows any string formatting allowed by
> https://tools.ietf.org/html/rfc1035#section-5.1
> 
> Not sure if there is any real issue with this one but in theory I
> guess there could be functionally equivalent records with a digest
> mismatch. Maybe it's even desirable that those are not normalized,
> just a note.

Hi Olli,

Can you expand on this?  I'm not sure that I follow.  

ZONEMD doesn't operate on presentation format of RRs.  It only operates on canonical wire format.  Are you saying that some RRs can have different valid wire formats?  That would surprise me since DNSSEC signatures are also based on that format.

DW