Re: [DNSOP] Terminology: validating resolver
George Michaelson <ggm@algebras.org> Tue, 03 April 2018 00:21 UTC
Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2956C12DA21 for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 17:21:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QkA4V6cA5CGb for <dnsop@ietfa.amsl.com>; Mon, 2 Apr 2018 17:21:38 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72CA212DA1A for <dnsop@ietf.org>; Mon, 2 Apr 2018 17:21:38 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id j73so16911782qke.6 for <dnsop@ietf.org>; Mon, 02 Apr 2018 17:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XC+0Q2+Z1FJ+KsBJMFnEwKcYJ2G4c72P9YD10Fp2m60=; b=H83AqUhVqaYs/HY2G0s9B4VNlo+l8ZePA9dQXZXHuA0w4PwyfZK6rj6ejLobnd5t70 ZdAkasE1x5E6+rJDoR6dCJofxylUtoFj9eL3OsAsRlN2TpLUc5TvPAp9p5WBPs6WW1qA vcvlPIii8NOBTmS56NoL5fjt45zJvlepfwOlHn6KxGDrYCDskmMuiE0qvOG+jBOPgAkF ySc2yvQjncnhGHalT2k0ndiSxQmZIqO8wu93jZX9qFT4DThWClMjxyoy766xrJtg1jU1 hAMhz1hMVQoLKcLCKMAjSC3pGeQnFaAvvj2p4o/qoXaeCglEPb+sr+JW0UsX0rruknNN iL4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XC+0Q2+Z1FJ+KsBJMFnEwKcYJ2G4c72P9YD10Fp2m60=; b=qrL6DH7j7ZVk7yX1vIKkIx3Pd0Kk8Hlxog5y7HuhvmV2u9jkvv+GGYADfSmrxYSXUz NUfR1dNXOnPRK7GKs/gXmaavlFVk0qG1vYeDA8JdO3UdUSYG0/iFp8jf9xrXJaBFX4KF vPec1Et1v0NN8Ql5qriMt6TznwrZf7TrqICBrOlLMw1rqyuOHRW2+L3Wz5fa+wLJU3dW Z22GWFTrahTlaE4NHN5MFZokWHbGcRAvzhI9blh2QLWymaB3dKcLvcqSEbFr8AvJSFvi wI3kYN6pv9RwfxU1sZjzkIMbTu1pjDWYgPgQ7lQhr6t2XwDjmFShP7SDIAzuCaNgq/ky SXvg==
X-Gm-Message-State: ALQs6tB9in+8kS3ULiabSfjIsXnnl6T/z1oEVvw4F4pgIf/AreD6MAci Zd0gR3XB/SYR0E9AzonO9GoYvxHfZMHkjx2XuQmkcA==
X-Google-Smtp-Source: AIpwx495xwLOTGWs6fIC7k2c70/LCJfPYa1vatHn4POb2W3vrEFHevnl/55+lSFGnEETBw5e8nap/DfdVfgqxnaS7BE=
X-Received: by 10.55.198.217 with SMTP id s86mr15715837qkl.153.1522714897591; Mon, 02 Apr 2018 17:21:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.50.87 with HTTP; Mon, 2 Apr 2018 17:21:37 -0700 (PDT)
X-Originating-IP: [2001:dc0:2001:210:b991:dffc:4ae8:85f5]
In-Reply-To: <7E0BA54D-00F6-43F2-95F4-CCD6C8831E45@vpnc.org>
References: <BE8B724E-016E-4AAB-BA6F-751A193C97DB@vpnc.org> <CAKr6gn1VVUf_o51B9ZEB0nmazAawrUdObYC5_pRn2hmxy2SaGg@mail.gmail.com> <7E0BA54D-00F6-43F2-95F4-CCD6C8831E45@vpnc.org>
From: George Michaelson <ggm@algebras.org>
Date: Tue, 03 Apr 2018 00:21:37 +0000
Message-ID: <CAKr6gn35cEzDTNrKi0kO+S7_rnuSu-BuJ8y3VJA7HrQyf1A-sQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: dnsop WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/d7lQnWd9AY2NYgx5D0RV0wWcOSU>
Subject: Re: [DNSOP] Terminology: validating resolver
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2018 00:21:42 -0000
On Tue, Apr 3, 2018 at 12:13 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On 2 Apr 2018, at 17:05, George Michaelson wrote: > >> RFC4035 section 3.2 looks like it has usable words surely? > > > Maybe I'm an idiot, but I see no definition of "validating resolver" there. ok. So what is the 'resolver side' of a 'security aware' nameserver in 3.2, 3.2.1, 3.2.2, 3.2.3 and 4? You're not an idiot. I make many inferential leaps which aren't subsequently justified, but it felt to me like the definitional language around security aware went to validation. > >> not from those words, but in my personal opinion, Any resolver which >> is able to understand and apply the semantic context of DNSSEC >> signatures over RR should be considered a validating resolver. >> However, a validating resolver may also be seen NOT to perform >> validation because it receives queries with the CD bit set. Therefore, >> you cannot say that all queries through a validating resolver >> necessarily demonstrate it is capable of validating. Its not entirely >> subject to external views of its behaviour without the full context of >> what was in the query received. > > > Errr, could you give that specific words that you would want to replace the > current definition? I think we're a bit of a way off that stage Paul. If you don't think its defined in an RFC, we're "inventing things" and I always feel very nervous about that. -G > > --Paul Hoffman
- [DNSOP] Terminology: validating resolver Paul Hoffman
- Re: [DNSOP] Terminology: validating resolver George Michaelson
- Re: [DNSOP] Terminology: validating resolver Paul Hoffman
- Re: [DNSOP] Terminology: validating resolver George Michaelson