IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-12

Geoff Huston <gih@apnic.net> Thu, 03 May 2018 21:40 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BDEF12EAEC for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 14:40:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xrw25gQh17c for <dnsop@ietfa.amsl.com>; Thu, 3 May 2018 14:40:08 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0069.outbound.protection.outlook.com [104.47.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C684512EAF3 for <dnsop@ietf.org>; Thu, 3 May 2018 14:40:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EPCP75JLJUlYPJDuyJm2dvyrnicEySYcIj0XsTpRnrQ=; b=qIiyXpPlEAuNpONXBG+s9NXQMQyBRa2yv1KO+f340yOul/BYFVBsr0x+8+eti68QLHf2pyprzPZbnpqjFtdwVyPfLax/eiBSbwgAkahxWL5cW87cxUFB/M6KscivrQGsVaNqEJpe7x4dTT3G2qdhD0yeA4Q5uR5WAFrO2c6sT+o=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from 2001-44b8-1121-1a00-7dcd-4d56-9949-2d2d.static.ipv6.internode.on.net (2001:44b8:1121:1a00:7dcd:4d56:9949:2d2d) by HK2PR04MB1170.apcprd04.prod.outlook.com (2a01:111:e400:78ff::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.735.16; Thu, 3 May 2018 21:39:59 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <5AEB417B.5080101@redbarn.org>
Date: Fri, 04 May 2018 07:39:47 +1000
Cc: Suzanne Woolf <suzworldwide@gmail.com>, Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8BE43818-87BC-47F1-BFA0-A53621B78395@apnic.net>
References: <CADyWQ+EE9YCCM03wKvd-HefpoQVqhOfeeLKLV8L2LJj+tqmEzA@mail.gmail.com> <CACWOCC936z-4j8e+d7bvhfr_Mk8tk64tkuiRDTRtrqrBTJBKJw@mail.gmail.com> <CAHw9_iLgTvPHe5jeL-0QZJ4+cxes8bBpCEULuDKThpjXoKzrbA@mail.gmail.com> <20180406134501.GC49550@vurt.meerval.net> <4A943DE7-81BC-41AC-93F7-4EC0975DF6B6@gmail.com> <5E7C31BE-EA5F-4A68-96FE-975CFAF77E42@apnic.net> <5AEB417B.5080101@redbarn.org>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.3445.6.18)
X-Originating-IP: [2001:44b8:1121:1a00:7dcd:4d56:9949:2d2d]
X-ClientProxiedBy: HK2PR02CA0175.apcprd02.prod.outlook.com (2603:1096:201:21::11) To HK2PR04MB1170.apcprd04.prod.outlook.com (2a01:111:e400:78ff::28)
X-MS-PublicTrafficType: Email
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:HK2PR04MB1170;
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB1170; 3:5ndfxPDmY5ZKkG82xYm2PxqwbviD7dNSoRY7N1FE3TkOdQF/zd0YKF0vREATUl2H/bLmopFvKtkAD4RCzuPDc9Wf6Kxd4LCBHRIoqjCNr9z8Ggp/fJZeHGoLtOv1QdQ/+iM0C8RugFPX7e52UrQtnkKekkIDgCY+cyEqs3o2NixxzWTGl8oeRiD7xZnh2sUhlltbI/U/kspxUgLsvFzr2fNYGRkN2OE8agubcIMJ34Vr21TuiAarJ3gxp8vIamb2; 25:X648p0DOqxVcpkdrj1eOCJB9qSfcK9UOw6A/miyMA0/31mI/YzYI1Wfv3peURc+pztguoitoKcjMK8FOpB9hsnMfzi/ibThTLFZKO/1PoJ5Lvqc7HNi0e/6LNDLAcCxev3qFHOC3v2G4l3GtakmBEPJiSCwSf4tSFOojrUC3nCsvvDMFYqfedd++EbCQ2KJ53YgSYyvLQF67lvy5xq6nLCQJzfH1OZCClykjbmxnabbDVmkXEe4listO48IDyK46P8ot5azLVAd+8oljl72mqrsav2a53gOcVH8kySrgzB4hy1dRjNBF1CCWo+Y9gbm118B/0PlAaQPemouLBAE3kg==; 31:e+bo+zXhyK6naEDZ820rqiMoWn8r9f+p8dIlivIPDI6xQco95fOeDs5vtGR8zLyTPTuuc7ETA5gV2wsYckocHClI3xJySoog/6IyVcs03VTrm6fTcLdTC04z24Xj+9pQywIciLcLwNbssaKuRe2mA2V4xg0x/4tH976ZOKig4EjHaFMCH84QjFQWVp2AsPxpfepBNNAs3yr/vmXU3AdEzs2+rM3vrqo8gKPl9b+tVX4=
X-MS-TrafficTypeDiagnostic: HK2PR04MB1170:
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB1170; 20:+jOvp3kbOyClc9zfs4qUEJVfROny9ltePBa2uWkUx6uvQsshVUyHLn1pUq2vKR97NieaTQQUmD0Yfx2phpZUy2+T0fi85o1GIXbkfStGJEwa/vqy54FFD5o6TQOLG+Wd9I9jp1SjgztJ3p9dNYyLbQ1JUaUgJ2V1f1PNNSoHolGDVeouV2UsU9BZ7L+YBSmjlNnMOgoqOQffabPtHg1T+lZdIhPm79INQLMyCkl0foZNdfpwG8hm+FUeaJa9MstG; 4:kirI3dVIl7/hoGcNv/bpNH2zhFivxQV5z7gDcgwDLd8THm9tc2mNLRFDyCDoE6vd3/8iAMUZq0Z7uAPUGJ0cC+hn3dnRV823UzGj7ZAeQ9NEg5xVp0jgbos94NdSb7lEX1NuO7Oo/2cMoAK/t2ff5rzsJiEB6YJDtN2HSReZs5OY7k5+vOG4TxEhMCMNPwLcp3MO2og3M4AQfxg7lepynL9/A4xo7SRtPsYFQJDICw4blvnasO1nsZPhdGxcAgzjEIDp6iz59VGx7CLAebtDjA==
X-Microsoft-Antispam-PRVS: <HK2PR04MB11701A5B49862EC211B4F5B3B8870@HK2PR04MB1170.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6041310)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:HK2PR04MB1170; BCL:0; PCL:0; RULEID:; SRVR:HK2PR04MB1170;
X-Forefront-PRVS: 066153096A
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(396003)(39380400002)(39840400004)(366004)(346002)(199004)(189003)(57306001)(82746002)(47776003)(68736007)(97736004)(6486002)(7736002)(229853002)(11346002)(316002)(2616005)(486006)(86362001)(50466002)(186003)(54906003)(36756003)(476003)(53546011)(446003)(6666003)(46003)(93886005)(83716003)(4326008)(16526019)(6916009)(386003)(52116002)(6116002)(6246003)(6512007)(6506007)(59450400001)(39060400002)(76176011)(2906002)(478600001)(53936002)(23726003)(33656002)(105586002)(106356001)(50226002)(305945005)(5660300001)(81156014)(25786009)(8746002)(8936002)(8676002)(81166006)(52396003)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:HK2PR04MB1170; H:2001-44b8-1121-1a00-7dcd-4d56-9949-2d2d.static.ipv6.internode.on.net; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB1170; 23:Y+iRirnVLOZoxlGxDrlZy3y9w5mnOOX9ZlrtSfJR0HQYs5fQR+6B5mCju5wyRPOOR1NOimUGG8Z4XCUIVJUfD9ZBc+Z2a7rXrsjUBkKhtwrE104QhHpMLc7VCnEZfdu7cG5VsWRPjypTiWRQHGADMotLxnZZFBIIuAyKKb3/QjVMkkXxnxd1wCOMct/AJqWCPpCyocCEJJaRx0mtydhziyRmaCzYjtqK3P3J1ukMQiUPhQMS+vMQ0Wb1T14OPw8N7MLG8OCTlPYpzBGTYjkD/jwU5CJO/J/+JZtW8453hnsH8hq1VIDVSV4woiiwfuQOQ+A16+v2GepSINuh9A702qc7EMAqgym28SIFEuzcz+ZxtV56ANGi+PDQK3kG9IfbJBwxZ/fL7L87siFlDsRoUqoz7U/HCveJgEQ7iod2O3YmOI3izMTAu+V3AZLx9pk9s4s7QzBMGXCfB44lqmQnYFjOhAeHsW5nOmkBeQjYzvJeNg5x/OtfphKYvcGSH0YjJSIisPopDTFw8Iwo6IjOyEQF9lK6U8Wxbp2bN1OXOgLXVKjRmJeZLL4dqwjzLnuyyCppzkJRTq5JWBBX5+odEvS0AX9i8dgKC0BfLkzEZOn6F5DYYSzoN/39lC6b1BEkraUaCQpnNSEgmtp4H1HXyqyNNewt+0CToSZ5T/M7ZOrSwW2wVav+VNzOqr9SGLmmwVJvpXmePGB0Ge4Mn309m3hHWrJ8JpGYlvF65gIvJkNpKqkmrGYYGCqpaZvfejaFudPvrBuIiF6IZsodEfL2n5pR/vi7EN2PdamhwbvTRdBIzD1wjAzkNYdG36h+NEMOL0/LxyxL8eR7EKYCoH0w7RWmv8ozdGND7UbA14Jcc4A9Gv08X8F15AAu5SqloBf83gKUK+1fbQrE+OrBtVXTdEWYss5q7D/7U+fB2qgQ4cXGuybQ/xmZa5GiN2aCOixlJCd1pJ12CPXtfilvDjqJc6wIRDqUk6ZwdhW6O/4iTJ+2OyqW1N2tu70WBO1+Z1qbZOUleJdfmBfJRssIFkMLLtsWt9oNhgVGTh42wXAa4/nRiR1h62i70OyYGCFiiSwerzcU0qwyTdiA4paFrogh1nC/sgvm6mK9nFged6pHwp7BLnP2ODxS1NDw2KTNSv3ApAjBCHUq5q63BJhW0cZJbeuwA5t2vbP4N5C6szjjDh3DlN2KcqmU45CHE8LducBfqLhlCXbx5ALmoC3l+7gfeNpt9gW/HYnLYqMpVsea0KVxdPtbDQk+PIZZ7E0MtDkjrHx8NrMbTdDFx1a7Q9br6aKER0/nqAOwksh0XnOJ3pwhFuDcmNATXMvJ+C61pbGZrED4jH/GFO+GCH/sGFtg9lBRuTPeOGLVrJbBc4qjG+M=
X-Microsoft-Antispam-Message-Info: G4vI+bDJ3YqnlKkRRAFXUSq8aooppEAEt1RpfoRu+R89xfUrjNQtrzIgcyMiuWHQZj0l+pDToi1QtCEade8Pq7PnTSzNUYO5mf+Xhs8fa+4P0C9rIhHZy2VtKcFhHjGPlPPvWv/z+eXqvdARBetKZ75RkRhxrlwoG2wa9IDE+fXJoDPTB26U/itaU5jGFPWk
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB1170; 6:CU/iQZRRtt5uj7evjjiMuFcEJMjJUtYxZzYYz85YWo4yu4q423SMTqE7p2S0cUTEa8RLoeouKcHLRHVOHGzAl/vxo+aNwoKtE0fDuu8PWWGEBulaeVZnDfrqaHYkYqNVCtZNhWEAaF2SDLZwq2bjWfQxcQyOgasfW8dst9+XXrVWOaRygI3SBxPpSkFs/u6K9gv5h5S8zHMnz57ktc1Sa9DB0Z2adIa0x1rPhV7yqhOmCHhvVsoXQAk+5ghgz+uCt5edUZzbQPTwrDvvxx+OeTbr6o/4I4fwiEajKTQ+UjekXpbmQJozWcLpmCCwInw8x2nDkdJBRWh+mlFGM8hNQZvU9EQnSaVXPf6EwLKvzIOGIPFTnAzSLkmS4zcw8GrqrQg+LGPT0En6Pkmt+Z2AoJS/QB1HdiuMJWMerR1qwFFu3amNNOT7sLZbJfHlMGo9VkSKrxS2AbhF3RSbwOlwYA==; 5:YX5Z6JASQ/dNK3M7GVGXwjp5z4ezTA/BK9VpD8Pdi3qrqJ7O3Yj+g2HoDWMwgp/T89fKkD1RXih/kRHCa3u7AcdrPV/v+9t+GVMF6rRg9YnWyjRIkHU3TmmXdBg0IVtEWc/QAVFRnReduhTOSIYWufXXQk7sVSkU2O/BJq8l/I8=; 24:hCJHIwm8HZdWAXjann8SRZbvtP3mbr45qzN9sXT1rTJDmIB8sT9GhaV4Ao5hO0b5IbNqCSmzHYRhnWK+MTMVu3aDQy1qI2J/+zn0/Q5nIvM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HK2PR04MB1170; 7:bhMMwc15dfkvjfLIqNg66hizbIDtiiXf9Q95vzbJLRtUiTw8WJ0QzDt7WWt84XEtR6nJ5AS8N5HyuUQIjg0EqcXdWSD499z321qOPamDftnLBm0NWRZJ64R3wXxmGyholmfqieSyLL6EaaXmBWe3gJ81ttIEEA0ZuUvjIncXuc0n1u1GxFW3jiaAZrU3C0+94kHtGgnbErNNFGYkfk8pWGAOBuFW3Xuow02tjwYUfVQIWB0Vvj7QAtquW2ehhAdl
X-MS-Office365-Filtering-Correlation-Id: d0336a7f-4d69-477b-174b-08d5b13e6ccc
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2018 21:39:59.0133 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d0336a7f-4d69-477b-174b-08d5b13e6ccc
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR04MB1170
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dbg6VqX7FNYo9wfwemRKQIR2Bk8>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-12
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 21:40:12 -0000


> On 4 May 2018, at 3:06 am, Paul Vixie <paul@redbarn.org> wrote:
> 
> what are the implications for older (pre-KSKROLL) validators when icann eventually rolls the key?

I assume that you are referring to security-aware resolvers that do not perform the actions specified in this draft. There are no implications at all for these resolvers.

Any trusted key measurement conducted using such a resolver will show that the resolver is a security-aware resolver, but is not performing the sentinel method.


Geoff

v2.23.0 | Report a Bug | By Email