Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-07.txt
Mikael Abrahamsson <swmike@swm.pp.se> Thu, 01 February 2018 08:03 UTC
Return-Path: <swmike@swm.pp.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 974891315CA for <dnsop@ietfa.amsl.com>; Thu, 1 Feb 2018 00:03:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EACrXS23Ipw5 for <dnsop@ietfa.amsl.com>; Thu, 1 Feb 2018 00:03:54 -0800 (PST)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEE7C131578 for <dnsop@ietf.org>; Thu, 1 Feb 2018 00:03:52 -0800 (PST)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 34D86B1; Thu, 1 Feb 2018 09:03:50 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1517472230; bh=hUF9kbmWKvCclSYunlm6/oXJjLD86U/i1o5C8gd4rhE=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=KxiaHpqs6TpIgRgijLnUFFHz4AvoOkyDv+0vuzmxCd7TG0OkoQClGyiWmUVDBiEyw 3/uJmNaSjBgPIDa7waVzzhhuaLBkjl4iiMt3qfKn3ylyIAbaHu2kuRua9t13DeJ5A8 F/YWPieDs4zfa10wokcyNg9k/y+0jeujKWtnX0jY=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 1BEA5B0; Thu, 1 Feb 2018 09:03:50 +0100 (CET)
Date: Thu, 01 Feb 2018 09:03:50 +0100
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: JW <jw@pcthink.com>
cc: dnsop@ietf.org
In-Reply-To: <201711190950.vAJ9oDKN011534@atl4mhob07.registeredsite.com>
Message-ID: <alpine.DEB.2.20.1802010838110.8884@uplift.swm.pp.se>
References: <201711190950.vAJ9oDKN011534@atl4mhob07.registeredsite.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dz2BGC70zm2y-A_i0Yh61321NvU>
Subject: Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-07.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 08:03:57 -0000
On Sun, 19 Nov 2017, JW wrote: > Hello, > This draft was released a couple weeks ago and includes what we feel are some very noteworthy changes. > Please take another look when you have time, as always we look forward to and welcome any questions/ comments. > I am disappointed I was unable to join the group in Singapore but am optimistic I'll be able to meet again in London. Hi, I am brought here because of the notification of this in v6ops. I am supportive of the general idea of having these kinds of bulk records standardized. I read the draft, and if I understand correctly it currently proposes to not have DNSSEC support without on-the-fly signing. I am extremely opposed to introducing new features into DNS that doesn't support DNSSEC. Going from not supporting DNSSEC to supporting DNSSEC on your device/server/whatever should never mean you lose features. So if anything new is proposed that doesn't support DNSSEC (at least on the server side), then we need to have a "let's deprecate DNSSEC" discussion at the same time. If the consensus is that we shouldn't deprecate DNSSEC, then whatever feature is proposed that doesn't support DNSSEC needs to go back to the drawing table. With that in mind, I'd rather have this feature be a new RR type that would involve not generating records on the fly at all, but instead sign this RR type using regular DNSSEC, and then the resolver needs to be updated in order to actually use/understand this new RR type. I know this (probably) brings in another world of hurt as now (I guess) the resolver needs to fake PTR entries towards internal APIs that don't support these bulk RRs? Anyhow, suggesting this without support for offline signed zone files is a no-go for me (unless that of course is deprecated and we're saying DNSSEC now is all about on-the-fly signing, then that discussion of course changes). -- Mikael Abrahamsson email: swmike@swm.pp.se
- [DNSOP] I-D Action: draft-woodworth-bulk-rr-07.txt internet-drafts
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Bob Harold
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Dave Lawrence
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Dave Lawrence
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… JW
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… JW
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Daniel Shaw
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Woodworth, John R
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Mikael Abrahamsson
- Re: [DNSOP] I-D Action: draft-woodworth-bulk-rr-0… Woodworth, John R