Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse
Warren Kumari <warren@kumari.net> Thu, 15 December 2016 14:55 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E63E812963D for <dnsop@ietfa.amsl.com>; Thu, 15 Dec 2016 06:55:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oAZINcnAefCr for <dnsop@ietfa.amsl.com>; Thu, 15 Dec 2016 06:55:34 -0800 (PST)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4AF612965A for <dnsop@ietf.org>; Thu, 15 Dec 2016 06:55:33 -0800 (PST)
Received: by mail-qk0-x232.google.com with SMTP id t184so4868067qkd.0 for <dnsop@ietf.org>; Thu, 15 Dec 2016 06:55:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fFSfHeCJNsjodFUoPku/tho8n5e+tPOmqgFICMHEiIg=; b=ivOJ1XuF03BmqtUvNOaaoDPHK2nuFmicSPy5+p/ERXeLOnmShAp5cRNM//uYYwM2v2 W5OeNJyAJcCr1+ml7NT2kePdcI6nrcqYJ8ZIL4iMoaPjsE2d3G534emcyTldt6UA7f+Y bOs7MJDFghGYoCqrci9jj2AUHqw161NApifXY92E2QG0H9AtH9i3fcrvviZUPO6SL9In YNSKKlwtEivRuecfDG9+6dFyL5yzpK8zORyJsfcqtH59bq51fi3gu6OvAbtoecNBvQl/ hhOGq/riDimbkURQl2JFu72ilCFptuO6YZFy3PwH9CAXZJv0m58egpiN+HsNHv1ePCq5 h7/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fFSfHeCJNsjodFUoPku/tho8n5e+tPOmqgFICMHEiIg=; b=cwsUdcaXbDRVIZM/CtN09c0sRkqHFHQjYgDIPVs0FtVUH/tCd7kNf5wrQyAjvSS1p+ blZNx12/WKe1INgSiWj5mPdIlxBXOP+Ei+naCKCCOWfpQmR6+Vn/1nBYMtj9Hjj67RkX m6TS/VUF+HB/qyTlTgsm46EX8Gp55eMQiyTDJsyrYSfB4zjpLVSBoH2PgFIpRyBUO71k vbiqnDFA+N4eueN5CUIG4WMoCUYIsVDnx8B29Z3G6TB7P+iO7vOS0ycmQRuElXAewH0b Umtx0DCLs8Nnr6B/MbVMSc6T0dpyZXWyJfCaiRxjt30xEFVk4NXyNJ2hziE47aO+qgiK Uvnw==
X-Gm-Message-State: AIkVDXJs1VTEFApRd7+iZVzbNrsbAEUWZYfT/3XENKF40ZZWEvWWNSKzt7CcMYxUNHAhWe1qkJinRY+jIaDZy0wM
X-Received: by 10.55.52.7 with SMTP id b7mr1463774qka.223.1481813732649; Thu, 15 Dec 2016 06:55:32 -0800 (PST)
MIME-Version: 1.0
References: <CADyWQ+EJ0LO=pU-yUdEHwC3aP5KdXxsnD9kEvmmTeAoe0BxK3A@mail.gmail.com> <20161214135300.gl7t7zwrd7huqdq2@nic.fr> <CA+nkc8D2BQ7B827YeuEn7nDDUxcqOW8Qmdr0zcc0zxTuNOG_qg@mail.gmail.com>
In-Reply-To: <CA+nkc8D2BQ7B827YeuEn7nDDUxcqOW8Qmdr0zcc0zxTuNOG_qg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 15 Dec 2016 14:55:22 +0000
Message-ID: <CAHw9_iLiEKJ6PUqApEn0wLXU7ThrkUfvTn_GFKsdMT6pu0eShg@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Content-Type: multipart/alternative; boundary="001a114778e2288b270543b3a5ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/c3NEwiaRHWEJWYEFBenlw_jxu-w>
Cc: tjw ietf <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 14:55:36 -0000
On Thu, Dec 15, 2016 at 9:38 AM Bob Harold <rharolde@umich.edu> wrote: > > On Wed, Dec 14, 2016 at 8:53 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> > wrote: > > On Tue, Dec 13, 2016 at 02:13:27PM -0500, > tjw ietf <tjw.ietf@gmail.com> wrote > a message of 94 lines which said: > > > This starts a Working Group Last Call for: > > "Aggressive use of NSEC/NSEC3" > > draft-ietf-dnsop-nsec-aggressiveuse > > I've read -07 and I believe it is OK and ready for publication. All my > (many) remarks have been addressed, I think. > > Two details: > > > [RFC8020], and [I-D.vixie-dnsext-resimprove] proposes first steps to > > using NXDOMAIN information for more effective caching > > IMHO, RFC 8020 supersedes draft-vixie-dnsext-resimprove, so it is not > necessary to mention both. If you prefer to do so for historical > completeness, may be you should mention them in the chronological > order? > > Yup, I think that having them both is useful, both for historical purposes, but also because resimprove contains much worth reading -- I like you swapping the order suggestion... > > As these benefits are only accrued by those using DNSSEC, it is > > hoped that these techniques will lead to more DNSSEC deployment. > > This sentence should really be deleted. It seems to imply that DNSSEC > cannot work on its own merits and need extra arguments. "NSEC > aggressive use of caching"'s goal is not to promote DNSSEC, it is to > improve the DNS! > > That was certainly not the intent, but rather what Bob had suggested below -- this adds yet another point to the "how to justify spending the $$$ to management / bean-counters" list. I *do* understand where you are coming from, but am not sure how to word something appropriate -- would "These benefits are only accrued by those using DNSSEC, it is hoped that these techniques will speed the deployment of DNSSEC validation". That makes it more clear that DNSSEC is the right thing to do anyway, and that this just helps us get there faster? > I would like to respectfully disagree. I read the sentence as saying that > this adds one more benefit to running DNSSEC, which makes people like me > want to move DNSSEC closer to the top of my priority list. > Yup, that was the intent - many people want to deploy, but need to juggle priorities, or convince bean-counters why this is the right thing to do. Waving the security flag makes them shrug, but pointing how this might help save money gets more management buy-in for the ask. W (Yes, I did use "management buy-in for the ask." in an IETF mail. It was oddly thrilling :-)) -- > Bob Harold > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Second Working Group Last Call - draft-ie… tjw ietf
- Re: [DNSOP] Second Working Group Last Call - draf… Warren Kumari
- Re: [DNSOP] Second Working Group Last Call - draf… Matthijs Mekking
- Re: [DNSOP] Second Working Group Last Call - draf… tjw ietf
- Re: [DNSOP] Second Working Group Last Call - draf… Stephane Bortzmeyer
- Re: [DNSOP] Second Working Group Last Call - draf… Bob Harold
- Re: [DNSOP] Second Working Group Last Call - draf… Warren Kumari
- Re: [DNSOP] Second Working Group Last Call - draf… Matthijs Mekking
- Re: [DNSOP] Second Working Group Last Call - draf… Stephane Bortzmeyer
- Re: [DNSOP] Second Working Group Last Call - draf… Ralph Dolmans
- Re: [DNSOP] Second Working Group Last Call - draf… Paul Wouters
- Re: [DNSOP] Second Working Group Last Call - draf… Stephane Bortzmeyer
- Re: [DNSOP] Second Working Group Last Call - draf… Paul Wouters
- Re: [DNSOP] Second Working Group Last Call - draf… Warren Kumari
- Re: [DNSOP] Second Working Group Last Call - draf… 神明達哉
- Re: [DNSOP] Second Working Group Last Call - draf… Stephane Bortzmeyer
- Re: [DNSOP] Second Working Group Last Call - draf… Stephane Bortzmeyer