Re: [DNSOP] requesting WGLC for 5011-security-considerations

Michael StJohns <> Thu, 06 July 2017 17:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 68D7113184A for <>; Thu, 6 Jul 2017 10:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8qElh1X-8ZnV for <>; Thu, 6 Jul 2017 10:43:01 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C8686131865 for <>; Thu, 6 Jul 2017 10:43:00 -0700 (PDT)
Received: by with SMTP id r30so8523862qtc.0 for <>; Thu, 06 Jul 2017 10:43:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=cOnbb3/nit8tgCG03+MeEFk3iUKSb0w8qqJXu73/wr4=; b=r1Rhm+22A0/1o7MESjOuOllzjHc26uO4J7+iQu0HcWc/QdvO6dusN+UQQ8Cq6Fm6qO RAGb9ZpoQoCPQ5S/2824/Qyze9UTTcQFRFOEMRcEI9pCLOcy+bPVk/KCRBpEVk77OFuZ x2sPx7Ffc8i4pGgXINi4PCbkEPmvzpw5dds9lP3i+T0qUQlU0FMGUVRr+T9EzOQjPSGD iYso5SCZAH30mrkaUIqErhLB9M8COUtjGI5YIdIxfKmkc1WtcN6u9Unz3u/RcP2OsYNx RMMGG3gtrWYnMqE+Tsvsgk6LpbJzZ3iOApLcIg/pfjUgrVcjacWXGlFfYJ7ZDNEkkU2d 3blg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=cOnbb3/nit8tgCG03+MeEFk3iUKSb0w8qqJXu73/wr4=; b=CXgiefw57hDn1seAgwEm0rsaa+WNRJpxKJ6Sv5rTD0SUNaXln74+VJ9UqPlNf+TP0q 3Uwp8IvziLQVJWwFs6eWw/OVKTRohEuN5iCZkal6x0jvXX09X5uAUdyO4NdaZVSRdop3 cosQOSSOCTdlM139iM1baYUkiO1CbAcgGrp1HQvymDnHXzFNsxApdQj5wb4z0RT+BEPp IQNY41z6ml+rmeC2MqtYNy+dvqn6okb+L5tfR/nInQWhwwMwqfzE+5pKCEiziYs76gty lJIjdBqhFch3+MmcqHXKmFFSCOzZ8ULccSsf4boepKnogM7/57aige6nmaKnTBRxwquR eQlQ==
X-Gm-Message-State: AKS2vOxk/1v+MKv7h6hKdkHyQX9BzVULu2IRatapbE2UU/fI5I5ds9SN GcUzJrXs36hTt5UelBg=
X-Received: by with SMTP id v49mr60250219qtc.97.1499362979670; Thu, 06 Jul 2017 10:42:59 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id w72sm577170qka.63.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jul 2017 10:42:58 -0700 (PDT)
To: Wes Hardaker <>
References: <> <> <> <> <> <> <>
From: Michael StJohns <>
Message-ID: <>
Date: Thu, 06 Jul 2017 13:42:57 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [DNSOP] requesting WGLC for 5011-security-considerations
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Jul 2017 17:43:02 -0000

On 7/6/2017 1:40 PM, Wes Hardaker wrote:
> Michael StJohns <> writes:
>> I'm sure you think that... but the small changes you've made to
>> address some of my comments haven't gone far enough.  There's also a
>> need for a grammar and syntax pass on the document.
> Thanks for the review and suggested text (the previous messages you sent
> didn't provide as many concrete fixes, so we can now incorporate you
> exact issues now that they're more directed).  We'll try to put together
> an update to address the issues you've pointed out shortly (which really
> can't happen till Monday of IETF since we're after cut-off).

I didn't provide concrete fixes because the general model was missing 
the point and the re-write could have been substantial. Now we're 
finally on the same page that this only applies to "exclusively signing 
with the new keys" we can make progress.  It wasn't until this last 
version that you'd adopted those changes.

Later, mike