IETF Logo Mail Archive

Re: [DNSOP] sentinel and timing?

Geoff Huston <gih@apnic.net> Fri, 09 February 2018 06:09 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 507C7124319 for <dnsop@ietfa.amsl.com>; Thu, 8 Feb 2018 22:09:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 72YSOYZq_u2V for <dnsop@ietfa.amsl.com>; Thu, 8 Feb 2018 22:09:19 -0800 (PST)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0044.outbound.protection.outlook.com [104.47.125.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0215E1241F5 for <dnsop@ietf.org>; Thu, 8 Feb 2018 22:09:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IScvNjnQRXIoIZgwXpix8E2AC0rlpiR5WM/j3XdVhBo=; b=KNTkF0JwVDeNigh71axyLdSHM5V6be7RwF5qXFFgCSY54kE1wJxlc3zreLGUYKXNNGXPePw/t0f7xYyZIIJC1YKakjcm97ptMimWLCu25pmt3TsQzFHbujCSB1CsTG1Szh82l2qJW0087aSR6lzw9H8lt9eXIqohYNZfabW2/jA=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from [192.168.217.18] (203.27.104.254) by HK2PR04MB0690.apcprd04.prod.outlook.com (2a01:111:e400:5892::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Fri, 9 Feb 2018 06:09:14 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <alpine.LRH.2.21.1802080059480.6658@bofh.nohats.ca>
Date: Fri, 09 Feb 2018 17:08:58 +1100
Cc: Robert Story <rstory@isi.edu>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A63BB96-4EF7-4DFE-8BEA-4656C3040CC5@apnic.net>
References: <alpine.LRH.2.21.1802071035280.6369@bofh.nohats.ca> <20180207215502.46daf6bc@titan.int.futz.org> <alpine.LRH.2.21.1802080059480.6658@bofh.nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.3445.5.20)
X-Originating-IP: [203.27.104.254]
X-ClientProxiedBy: SYXPR01CA0125.ausprd01.prod.outlook.com (2603:10c6:0:2d::34) To HK2PR04MB0690.apcprd04.prod.outlook.com (2a01:111:e400:5892::20)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 51e6c205-48b8-446b-367a-08d56f83a55a
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:HK2PR04MB0690;
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB0690; 3:C2w+KbwzXXyUQ6n/uU1yLPwWCRGYwtpzTi8WX+JD/z8tzsTi4khlVhfAexHcvjduzBDN13sjHL8cRx59fJqYamrp64pmjnAHlM9kV8BWvT+G7PW4Z2pnVj/z6LOg/TiHuIDWpBTKg2tGEBSCi8y8UxcwAxLzQqAx/YxmPagLEl9oy95JVryFVAUvUThaWpBI9Q3kuBpuWjnvZwueZt3FSEwEKO+hdfyuN+qkFtOtVlCG7XaGpDL8SgPFhSollw39; 25:fjBhopyuqmF6DyxtsNXkU7FIvZ61hrCMAYXVmKwEjgdOmG1uAeFqmojBpLePxRbpCwS4C5XwkqblMLZYhZlJyP+GkC2x2t+UV9SA3a34sKxV2mSlU0SvWcuZzzcunW9/kKFbUZgBDqer+L8VlR7irzbSGo7E2ZRFzpY3aMXjcwU5i+LvvZ8SVsOQ4bFzp5F7HGwuq26eOyuvEpB1C2QLlDcKGeHqESgwr0F/t1Uc1osSBL5lM2r1kl/eeE0OMCCfktr+QVk00GI/GvqFtUQXolycFBZ3Ve6CmtRwc/bRd3z4HK8UEdRCPT4cLaNltvO/V5WwwGnv8/VWiPFA22cbMA==; 31:zr7L05LvJK0NI2/dvQuYNWy2v0a8jYADkoEdhPKExuat5jfco2OiFXwLYpU2M6ouQ3VrjpsokU+8f8sAFzB60cAnB8TNTSTAtKOX0GxIcPoerhrrYWEB9l8P8zkQ1GJJgiLUKlFlt0T7a8VM9igp30N2aJGMrsE6SvciiAnRzN6T6oUy99LX5uaM4xPhXSeOlNUIyEZb573i4lIL+ATibKcDDIq0BsroWg4AZQ7K5UA=
X-MS-TrafficTypeDiagnostic: HK2PR04MB0690:
X-Microsoft-Antispam-PRVS: <HK2PR04MB06903E2B550735DC6A460468B8F20@HK2PR04MB0690.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(2400082)(944501161)(3002001)(93006095)(93001095)(6041288)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:HK2PR04MB0690; BCL:0; PCL:0; RULEID:; SRVR:HK2PR04MB0690;
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB0690; 4:cDXk4blUC7b/zPCaI8GR+Vkg0nr5iDz8MFsJ9aZEWakYeYGam800nAvGHFkmdGnY59FzIvfTJHiMtjFIb6DujjZz7mdafpFlkQ5a6D2vZ7G+3X2dvncJeNh067XrMdqWz7iWEput35EWTxwPr8+bDW/Q7/kZkqbUsst7zj6YweMbq+QNNkxhMN14P1GcrxrxceEF6OOVAQTs2J2aP1mmXaS46TP+nb6GCGbHVW5zli3Fi4vZ/u+xggcYqEWyAvw/F4+5aUvCtI0uwzk025KK/w==
X-Forefront-PRVS: 057859F9C5
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(366004)(376002)(39840400004)(396003)(39380400002)(346002)(199004)(377424004)(189003)(51444003)(6246003)(2486003)(23676004)(4326008)(54906003)(52116002)(68736007)(76176011)(117156002)(33656002)(26005)(186003)(77096007)(386003)(478600001)(16576012)(305945005)(83716003)(97736004)(5660300001)(53546011)(25786009)(36756003)(105586002)(8676002)(16526019)(229853002)(316002)(50466002)(81166006)(6486002)(2950100002)(7736002)(6916009)(8746002)(81156014)(82746002)(106356001)(3846002)(6116002)(8936002)(2906002)(52146003)(53936002)(86362001)(50226002)(57306001)(47776003)(6666003)(66066001)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:HK2PR04MB0690; H:[192.168.217.18]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;HK2PR04MB0690;23:FFCVZTBkesXYg69XZp+IRUXw29Qkq3J/kAKVPHU2l5+8h+XKwZGwd8qXARuvWODfKVwBQ/90KdX4Nv/Lx7x/K2S3BrG+Hq0ewC4QbMv4uqN/Mt9IbVncRuN/MzNIN2AApSUSur25fTud9Ax4EEve1jG3llG3GtClyQjaBEltb2b9UkiQnNtrGxCwLrntL9jKqImSpW4Ktpv20O0RvEBfZ3n/dEyLbvLHaw/PY9Lu3xK5lU2yp+d/db3Ca/O3K6YJHQR1j9Pf6sVEQya6/xf+2MBVkedmZV91YNUH9oWIyuJjrGhgaM5lQj8tTT/7Yy2Estgd9Ikq6Ix0e3RDLG823MbHvOrG7UIcIxmm8VDyQBeU0H96Q4iIbW/kmB5Ksuc6nCMndZApXKZPdtz0T9e8vtosei0jNqozEDi8A1ApYZ1zGNEnbMiSNg6Kw0SRE832vYUTV0f6ooDXLii2pEeFGGhJJxmPEJlfeouaCXJGlC2xa70ZhAWz6dALZZOjXUO2iLoeCXUIesnq2jBdBlAgZyVEJxxq9QAtf6OgagET+xUMSW618vXKSu4lxSdXcVsBJaKIYzfrSaLZ2+9U1T8BG8HJTIRx2alQ/AKqIAwOi5jyB9EV5DvHBTJFkbILexnd7uT4s4C5C2EeAPKdyT67iqFzx3ZkjCmBzK8bXkIWE2okIL+woxd4w1yL1X9zPT3igWpd3Q+9f1ejxZr8qdVXq7Fu+nDt1g4Gd7MqdzRGG8X7LsC7AYwl96EGDSwMe2jW4r7rqhVdeQA46ESM2dVhnoyiJ5IadakrGveUF+e3VIN6iHy0qZBL5tNmMv4XhPC/f+46KZiX6/RdzbtVd8NVXdhO9kc9FyokexXkhU3gbOVk6YBaEKe3mxeNjF2ruFZxmR/3+Jp/MnwU7HxtFnSlRn94f8d2eeVuie0+HN3AokqN4FgnTif9TiTiplpNueFsQPONv7tvNwNWs+GuzPodvXZRh7cQSALdnhmcxRVH8VOZeXfT0EULJ9dVFZNJatEr3/kmJMZn60pGFZM7wbGh1XJkkRIw5vGWtatlw6hQ+Vc/MJXX4mOgPF6Cx8OU0mLJmZ/Q+Q7/UixjFMYt5Eb7Q8Vqoa38b7qu3H4xhGNCckbGgPDBbVDcTZgF0POO7jov4sa/aIxH3f0a9fjJQ8u1Aze3nHfhggsU6X1v9bHye8v7yAs7+pYQ3ypQHo7FAnTFksYHXvqxSVDvrtsu87vh6SuY4FfPxdRLCDdD3juHrHwSLbODJpcj3nuLzM56GZFqmtjpRnaJuipIMS+5dYT7dXwio7RAqvxNsGYLLCgw0uWNuXEZznQmLyv4MgMvHksnukEYWdMMvr8If5cXsP2WTNrSX+Y4t+ACqaj/B2GgIjPzUezL9gkh9dqpyH2TFNMd
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB0690; 6:LeQUGavSjY6GN1+rj+3VFMdPOiwf3agfZIuGLxk/AcT/oxCX9obGJcs3ZGylJCfeN+f14h8WpQnjcWD1YtW08pHdzAx2XDy9wJnvw/J8597UC+113K66a21OfmjrxMQHNA4g7J6/KGiWdpuMgQxeNjwdZ1q4FGJWigRZ5plI/TIaicHKOv33t518Bdj9BZdfekWV+XhAEecrzYvMq+dea4HIZtbErUXtpN8IM51afbdEdlNRu1EPNtuIR914kG3p29CE3WpHXUqeIAKPXlhPkvFFtfXViVXJh42b/zkt1MkKRAC7xmoxoOd8q0TUyRV3xR2Uz9zccMhNrnC+nC4X9T6B0VprRxxe+7IyLR22sDs=; 5:8SZ3M2gdruPuKBtY1I4LHKDFJzKRPlXAzWUFO2PR7XF5EYkY+10Kc/y6mjEdNotRFZOMCZ8HQE5LULpZD9m+7RKrk7tdzf3uO5fvDLGAPIOyIS+BhByekvA0gj2Nn51hOSluuhzTtUvGXKoqiU5Z66Ijzc8irXPLAjzMzpNI6A4=; 24:pkeJPMgLRDTCOP1Vn4bgx+AcjKzqbyCPM5WRZ+FINdSpyIJApIQ32DHWrDphoa1B0L2JArqSBIAE71LNLnE/6Nl8NC9be0Xxtsx2Vwdh1pE=; 7:eG0Hui28XmKpCeGNk25t0aTgRcrfQsiNLljrnwC4paxevSVGh60Jjn9VKya59PzbokiIXdFR6OkUg5RcKt/qbUB2KLdA2WvuGeySnda+iKyCw59D3iUG7Rjg7j8AIYR0NGtGkHIpRs1leK608h2dyhnET5LI4yxj4d+rfalYE9qsYdCsS33CrGpCt51WY0ZSvDz4+ixMuesy/+hJOw/RQrVNWeC9x8nE+rnuFbBkXH888ULOgAre/QA6aJ3dnXQ6
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2018 06:09:14.0688 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 51e6c205-48b8-446b-367a-08d56f83a55a
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR04MB0690
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/btARx40sEzV7eqIJHqSVoELkHDs>
Subject: Re: [DNSOP] sentinel and timing?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 06:09:22 -0000


> On 8 Feb 2018, at 5:02 pm, Paul Wouters <paul@nohats.ca> wrote:
> 
> On Wed, 7 Feb 2018, Robert Story wrote:
> 
>> On Wed 2018-02-07 10:43:16-0500 Paul wrote:
>>> How about using this query to also encode an
>>> uptime-processstartedtime value? Maybe with accurancy reduced to
>>> minutes. I think that would return valuable data.
>> 
>> -1 for feature creep and the technical reasons Joe mentioned.
> 
> We have a giant hole in our understanding of why there are updated
> nameservers running the latest software with the older keys. We
> need to gain understanding and we know we need more data.
> 
> Getting more data is the core mission, not feature creep. If there is
> a technical better way to do this, it's worth considering.
> 

The sentinel mechanism is proposed to be capable of posing a question to a user’s
“DNS Resolution cloud” - it is not intended capable of posing a question to
an individual DNS resolver.

What I am trying to say is that here is a big difference between a question of:

"will this user be impacted at the point of the roLl of the KSK”

and

“what are the trust keys for this resolver?”, or
“What is the process uptime of the DNS process on this resolver?”

My intuition is that the mechanisms to implement a measurement
framework for these questions would necessarily be very different.

Geoff

v2.23.0 | Report a Bug | By Email