[DNSOP] To sign root-servers.net or not?
Geoff Huston <gih@apnic.net> Mon, 17 June 2024 20:33 UTC
Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71264C16943F for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 13:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Hl5UNGS5dF8 for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 13:33:52 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on2180.outbound.protection.outlook.com [40.107.108.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 194E8C169401 for <dnsop@ietf.org>; Mon, 17 Jun 2024 13:33:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e4bQp3shIEARj+LcN97+HPOn2F8u5AghAJQLtXbtFNA6CiyFEEyqn0Ey5v25XgT1oatU4kdSg+ngkvQwMtpnxghNUdv/gxibj8vdkXcjHqQym6X+T/XpeNOop9LeTNDhzaXJCQv9qGImla+pdvOyV6NR2+x1wI7cKo/YzPgCMKqBTknm2CH2NXiUbGUQKDwwZIvFlw0Hd6mhWdtd3ttElHpmxlGXGaYPOOGEk/sRMDhRofUFo/Ep+Pq1iBUJ+B5o2jG2UvV3+cC86LZ2t5oYB4yAr/ehjwl1VCXdk6WW6eRVYFez8qjsEhFKvTQNkyYGWCz5TwavCCtoXC7cC3b6gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KJEYaNE246Wo1r+xReJ7FWVdcZibRvKNMKKV7XpEvn4=; b=NvmJ7XEVzFi3f8Pk+ES3K9NYD5m6a44nZJGZs2mGeN2Ls3GlxXyeYawoMlFC7g78IUOrKIRB1VCrQ24uT4aPgKFpbDA4EfEKsCTVSCLOwne4+PiaNzTdoD+JqY4qlUnvFaFpl0L93opwq/k2VfIxd+dMSs0j0ZwrbSSKYbu+Nrkwou6ve6tN7ujAakEjW5kYkO/Dew1T3IYTglShrjR6XBxWh06zYKTlkrtRqS/507M252w9hjk87FX01oJYZJ4DDLdD3s4zMGtp7EYxeEdaT2YFCkD4g1XWgOGMRbEzztJAJKFq86hhF4iAgskhkzs+Npo80dwAO4t7AwBspx4iGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KJEYaNE246Wo1r+xReJ7FWVdcZibRvKNMKKV7XpEvn4=; b=chab+LB2PhHFl2zlrFkUODNgOmEwHQJp8r5vmyXHBSb4BntWPT2b8ShsFHjIP7EqK9dSFgm+EmQ5hS/Zxomj2eorIsvRSeNPhUOLoDXEzPDCSxA9r07eT7nXQ3aBqkWTFHrM6Icaq377pxWj6naLrXBT8IQhB+NcZcizG0lk20k=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by ME4P282MB0919.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:99::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.31; Mon, 17 Jun 2024 20:33:48 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::52ae:1f1b:3154:7b5e]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::52ae:1f1b:3154:7b5e%6]) with mapi id 15.20.7677.030; Mon, 17 Jun 2024 20:33:48 +0000
From: Geoff Huston <gih@apnic.net>
To: dnsop <dnsop@ietf.org>
Thread-Topic: To sign root-servers.net or not?
Thread-Index: AQHawPWoJ7gg//bjKU6cmh/a2pa98A==
Date: Mon, 17 Jun 2024 20:33:48 +0000
Message-ID: <E257658D-F24C-4B84-929B-47FF3BCC1209@apnic.net>
References: <CADyWQ+GH-8XsxPqCvBQ2p1mDwz1uG0+RPdyrKX8P=LRS6Am_aQ@mail.gmail.com> <426AA277-1698-4EE4-B3E9-745DB9EAA947@strandkip.nl> <CADyWQ+Hn260OEfcF8HEJ0jbfGOvL3GZnQN9=Bpod40TVxY8U_g@mail.gmail.com>
In-Reply-To: <CADyWQ+Hn260OEfcF8HEJ0jbfGOvL3GZnQN9=Bpod40TVxY8U_g@mail.gmail.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SYZP282MB3169:EE_|ME4P282MB0919:EE_
x-ms-office365-filtering-correlation-id: 655c68b0-aaf7-419e-dbd2-08dc8f0ccac0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230037|1800799021|366013|376011|38070700015;
x-microsoft-antispam-message-info: 7XyovF5WlRmLENDHa3tYVRrUi9CwN7yWOfZgJzDUuMMndlBxh/pvtsYyez7C9NyaMD4HAZ826Xllk+/qsqZtMSLPR59lqtFhFiYzdrAfuMPlWy17P3cWj9zEb677OfabXIu9ZSLiYffDtgROsyXik3lPhSTRAB2fAOHJyVkcHWBcwal2qI8SXHezwjBqMnSEqHysFZEaCVldpnhYwt1A9ohPQsQM92aRMKTxVT03M8+e6ugAYYwnwZDJdp/ox7Ybe0JksZKZnNOV3/zEC+Y3USbKA5h46yh1ZQQ3ev7f1/zJjRK8aiCGucG9vrZweRhycYkvsuNWreeQ/Yj6nKcHaTZRgF4t4arWO2Mod2HT22HLT5iXnEpdTSJwlKafrzWPLVHTSra/VxmGpTVpsSZIMieZSn6WNVodHRLPr2krY66CrxNPl43+panaFEJNjwg3In61/Oo68+En31r23wFpfs0DmnwxTXtrK1/pihf3ckjFPHTkKSnP9yC4egcmb03M0QQsYooA/G2urIRzDFR6sFDHgekN3Hk0TwTi9nNFfM0cDod5Myo813agjYSSRH2AeJ2YlbxwktPvh5tM+rYrdoiV2Hq80Ru5VTGOPLZsRrvqTAWoJaXOORfhpaqJt/kfOkvZ4XIF4LyZiBq4VkBhy+9ljCZfJNe8FQuo3sjcnp3Nx2q+Xt1cs97xkE1CKBXd5BIP1ue4iU2HO4m8jgVnFSB5Dd84wwYDgIui0+iDWkZMXH8YLNVmRMP2/NqT0gqa5WHhZH1iDA1TXHDW8TuDTPY80vB0ZjGdyLACNhsNZ4iAtIEjFb/CjlxPDsw7426Z2MGeDRtCPz++b69xvdKso3P/7xbIj0jrlN8Q0u61gHm8dlvAW1J0Xcw5IAfsWngqHCXgjUiRymIilxYRAS4gpcd+784QYRkCtbmVTYmEzy+lGrPevWWp2hR3G9JSKgudrdg+YLTp7OFfA4tHfcmMB4FyRv3ED3M22JTbKbqvzIe9aDMm8K/clxqOu6cP4KvSgEKvvKdCqhztKAB6DEf8tVo8XcyNlEWM+UDMrJmZZh4LVmolLbD3+CWdCbxIesLAdZi15OmFnrgYNzPr+rpoLcSNAT/awNOmhg/58lU80FPqAJyHpopPivOp66ik7VZ40wOwbX/oPUg11CzxQy6f1rDVS2TKAyk+kZRQX9GDoWBQs6CXAv3KKaeLdWGb/BoZrZO0TYahqqrfFlo6jnIACGXcXK0zVUqKmNrsiIJ6WepezAxmL431ohXUOj1TwE/q6hREeEn98oUlYB60Q3qSy6Xs3DX8dzUJwTSiiTBjDTcGLauH75Ft7FvO2b8zTf4n5RxLBgyTXEADYqtmHm5MS1NJNYMlqtOKUYe4jZD1GcKQrPkhkHqIl/1UlE+DcUq7
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230037)(1800799021)(366013)(376011)(38070700015);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8enmpcWd51cu40btItkC1sZwjRF0wpeDtL/DmkYkdBpdQJWtNxF9uknpja0kv9a7/zXJgdqpWs6zPgk2wCvCU9pqfoub4MzHe5As+8blDP74el6O1T+XpV55LkClhVhHOutzlFNKCagLx8d69QwpcjRoqio8e1d+hmwQovyRtVhz8ysjOJ73pgrSJb4y5N0Qemx603fhX0EiCEyEjUC2pdbegESS0xorC775rLsYM/11Is5Bq4Q9biskH9pqTSHDAO/JHrhy/0cbO3MmnyEDCsswDrCMmyF4HW+OinzZJm69gtJ1TeaRkCQl+HH9NnAb2ZPXW/yU+H1E0zsK171dN3xEoYYuo5K6/f2rbnXM3AokyygvY4q0C90qOYBfuPuPMjjbIX93wzICbvcobTDknthOhK51a97Qpcko8TBFo+VawA72fFkvuTyfjORB6ycsEbI8Clm6f7C9c9lsi3e5rZgwpsuPzPM1jGKztqZoCLzyPwhAtLP5vH2CTgC1tKnzl6GZ3dKJL/RNrSf4hj9mehm23VtMTXMkqPmVySEFCa3NstrevgS2FubcFFTyXYD8w374iU9fCWql7ZojaM0zwdRntqAuvi5l0YQJJxx7bg7M2o1ZEgZSZWp5wc3/dkFbwHxhzQQ+u8mPcvqQ7N1KLjkk2DuxgsmIb0mkoYrNqieSw99DplHiVo++6DaJHOPcW+YROy0gncz0c4Yg4UYUc9M8LR3llwFBcWuwSSAPTiKfC4xAPhXzUQd+Otd0VS9twpuIAZydzhJ79D6qdNNqEeTgCRGqhthl27fgqrlxtFD90cfQJYF2wG3Vg005+5VtUFicn2aVYXjxSryPyBGsEefKk2RLRDGRmtDGl11KIZ3PtrCyj2IzQMwMVv6XlUHC4mp7HImL12AoStJVZQVmtCPqUDaO8V3v+hodNTV4RKP3/QQ2CBR0w7hVUJJ0tViiVyMJVNhhTUYwNXZ+yQT1Vq004D0Kxttsr+tj59SpJl4iRgMYr8qupJmABlQv03zQHAvG7j0keHZe8kTr13x2Twecd4asYvWoKoDnkInL/xhdnFSFxEYYyVVaihndIRTKmCjBJw2kyEPIdF3QxuPWdQtayHTzOPhMRBQQP+qlL6nREcxxWnVCwXmvTEoEe7cQVUf3U8t+uHnhV631Y1ffDgMofNoYhuTNQWiwADhSjEaujIithRU8qiCgLLLHqrHjxSoPM5xvqa/6i1p1b07w2e24vUfw8tlNi6u+1Rhv7ELJwDAngTC2K8Txh/5kC9i/WG2NgE6fYS/mnNfJBFmeldG95kV1VMufp2b/yGHFg/6C+277GOaCvSQizM54FZOHIOyceM/4euzDShb7JfnDA2KVyxbeWejIx6ksqXBrIYzjn8lqo/rmVtTU0AUCEdJxT47DQhIsbmOcM1vkp5Wnytzdrd+LWp+LQK+JsYRV0ConY/toM9SfjFgGyyFNHWejC0SOmxzc44tJ906JFjRTnXnzp7aLXFNBJeV5zgvs4T5yMVNkg2qG51n7XX6KJEQIvGDsNRSxJPVWcO9ILC/BJPydCcXcZ9F6PjZ8bCihiYkmsx/d9W5kiBhaya9mKoCyzkjEfCiSiMv/xiNkbnDs9MQCt3CNUrFXRvzcdDTIK1gfkEGQB07H4m+rXsuxiiUv
Content-Type: multipart/signed; boundary="Apple-Mail=_5B5F22C6-6DD4-48FC-AFEE-FFEBEC2A8ED2"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 655c68b0-aaf7-419e-dbd2-08dc8f0ccac0
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2024 20:33:48.3349 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1IZEXMxPN0VXXad5INDe1cElmP61FTwoFCrMiOD9BC9HRKuynHeaJUpXn9pkeayb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME4P282MB0919
Message-ID-Hash: XMMNAJMK4A2SS4WIBHJUPHXL5QEHQAQX
X-Message-ID-Hash: XMMNAJMK4A2SS4WIBHJUPHXL5QEHQAQX
X-MailFrom: gih@apnic.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Joe Abley <jabley@strandkip.nl>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] To sign root-servers.net or not?
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bAqrzT0hRQXnQu1L1OIPTadN6gU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
[change of topic] " things that the IETF may not have the final say on." Possibly true in this case, but not having the final say is very different to "having a say" I would find it interesting to understand the current state of thinking in DNSOP as to whether to DNSSEC-sign the root-servers.net zone. Are there folk with thoughts and opinions on this topic? Geoff > > On Mon, Jun 17, 2024 at 11:45 AM Joe Abley <jabley@strandkip.nl> wrote: > Hi Tim, > > Doesn't that text presuppose (a) that the current naming scheme is invariant and (b) the root-servers.net zone will one day be signed? > > I suggest phrasing that recognises current reality is probably better than text that speculates about the future, especially when it comes to things that the IETF may not have the final say on. > > > Joe > > Oh that's a very good point, and does make that assumption. "will be valuable if root-servers.net is DNSSEC signed" does not make that assumption. > > tim >
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP]Requesting final comments on draft-ietf-dn… Tim Wicinski
- [DNSOP]Re: [Ext] Requesting final comments on dra… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… A. Schulze
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Tim Wicinski
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski