IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-chain-query-05.txt

Mark Andrews <marka@isc.org> Tue, 17 November 2015 08:04 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D82821A014D for <dnsop@ietfa.amsl.com>; Tue, 17 Nov 2015 00:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.465
X-Spam-Level:
X-Spam-Status: No, score=-1.465 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lALzTUJ29wp8 for <dnsop@ietfa.amsl.com>; Tue, 17 Nov 2015 00:04:49 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D7901A0105 for <dnsop@ietf.org>; Tue, 17 Nov 2015 00:04:49 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 1924F3493BC for <dnsop@ietf.org>; Tue, 17 Nov 2015 08:04:48 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 48EEB160048 for <dnsop@ietf.org>; Tue, 17 Nov 2015 08:05:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3A96F160059 for <dnsop@ietf.org>; Tue, 17 Nov 2015 08:05:40 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8ohEoEIyZmlE for <dnsop@ietf.org>; Tue, 17 Nov 2015 08:05:40 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id E7022160048 for <dnsop@ietf.org>; Tue, 17 Nov 2015 08:05:39 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 728DD3CDD50A for <dnsop@ietf.org>; Tue, 17 Nov 2015 19:04:44 +1100 (EST)
Cc: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
References: <20151117070537.8572.17899.idtracker@ietfa.amsl.com>
In-reply-to: Your message of "Mon, 16 Nov 2015 23:05:37 -0800." <20151117070537.8572.17899.idtracker@ietfa.amsl.com>
Date: Tue, 17 Nov 2015 19:04:44 +1100
Message-Id: <20151117080444.728DD3CDD50A@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/aHwakn1O7yx9TTYdlM36ZjYo4-k>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-chain-query-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 08:04:51 -0000

   A DNS query that contains the CHAIN option MUST also have the DNSSEC
   OK ("OK") bit set.  If this bit is not set, or if the Checking
   Disabled ("CD") bit is set, the CHAIN option received MUST be
   ignored.

Why disabled on CD=1?  If you have the contents cached and validated
already what does it hurt to send the trust chain?  If you don't
have a element of the trust chain you can still fetch it and return
it unvalidated just using the signer names.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email