Re: [DNSOP] Is DNSSEC a Best Current Practice?
Tim Wicinski <tjw.ietf@gmail.com> Fri, 11 March 2022 09:39 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FD5B3A0D42 for <dnsop@ietfa.amsl.com>; Fri, 11 Mar 2022 01:39:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUjGQXbEqbx0 for <dnsop@ietfa.amsl.com>; Fri, 11 Mar 2022 01:39:12 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BDF93A0D3E for <dnsop@ietf.org>; Fri, 11 Mar 2022 01:39:12 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id w12so14027466lfr.9 for <dnsop@ietf.org>; Fri, 11 Mar 2022 01:39:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2BHWyLm06K82q7UD91MYnzza3yAF7dEl7DVasGNHBbA=; b=hQxXRH+huqZbS1bpC/NgUKmxiYl8KRCn0dFumLWfam0Z9rQSSj7Q3258CufY5V+XuF LsUU5Z7CpM/5R8VPA8w+fqIzzSP1F6xDrZzofN0rWhXdvDBGbg5fnG0cACu0opSduwk4 N+9Gg6zHswGOahx1+T/Bo6mVWRprtIT/B35GEDFdZIjCzLE/9QGEOd8kFkyCHBavaA4z fSgEWCT8OqSCrRRgYCy8/RuO3skoAcGqPIROC8jZK0z1QeALHy0WdQ7xRMsrCi9Wjyf8 5r7WNFGqWAUbTeXgKVWnAsTqBQutA0asuMokE6CweX4FNt+zEXOpZtuQgjxILIFMsivk oHCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=2BHWyLm06K82q7UD91MYnzza3yAF7dEl7DVasGNHBbA=; b=zPUpKoQG1m4fELfbCSiMlr6kqSVRslJ5HgCdoOcLEi2Tvc5HQxkZViU6wX6c4UqxzD o43kp4fFQ8LN4ZGjO2AuwNgxSA/+CKJzJXREnEVOJd8uWyHTHPLaFgs25CvO9V5qPVVG /vng2sJQtsEkUmsbKdtABIGYjBfd8gqW5coHAQNvdN+V54lxBqezNUu4DCicJk8LA3LM yDLhv+xgWeQhzI/eDggNT7q2guvGiXFVKJIeCXVH8mJjSg4lY0+PHmI1aZT/ug06SUEH 9wVgNZl4ntJWMxlqtwKHu7a0ZGtBEKxlmzFSSSuMAQ4vUaLU+4w2E3gSlAfRGiRq0/a2 GPyQ==
X-Gm-Message-State: AOAM530yFj3DehufXa+EgNPurL5kU1TsOZR+T6iH3SyQ1b+JUlyP4RD0 FBAUFJHpCwE4k/cdhyv2qtU0z8C0/3IKzg3XdVGYVMwk
X-Google-Smtp-Source: ABdhPJxfDXPE4KhOIUZt7fVfgPshyUphfreql3NkEKCi9HWxpVKIGz6pT0l6m7CY/iQ8kbSRcHiQq8aq1BLcbt9EpJs=
X-Received: by 2002:a05:6512:3ba2:b0:448:4c02:7b6f with SMTP id g34-20020a0565123ba200b004484c027b6fmr5739215lfv.62.1646991550003; Fri, 11 Mar 2022 01:39:10 -0800 (PST)
MIME-Version: 1.0
References: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org> <20220311.114445.338879450243418596.yasuhiro@jprs.co.jp>
In-Reply-To: <20220311.114445.338879450243418596.yasuhiro@jprs.co.jp>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Fri, 11 Mar 2022 04:38:56 -0500
Message-ID: <CADyWQ+GWrjjSxb2cvLHL0Juvx95iaO__p_8--NqwwmMCTz61vw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000493d7805d9ee1afe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eFpTI_A-vHDnsjLUD6YSuBJwJRs>
Subject: Re: [DNSOP] Is DNSSEC a Best Current Practice?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 09:39:18 -0000
I have been thinking the same thing this evening about 1034 and 1035. Thanks for bringing it up. They do not need to have BCP status, but for several years now I have felt those two need to be republished with all the updated text from the many updates (28 for 1035, 18 for 1034) in new documents. This does not include any other changes, and it feels like a thankless task. tim On Thu, Mar 10, 2022 at 9:45 PM Yasuhiro Orange Morishita / 森下泰宏 < yasuhiro@jprs.co.jp> wrote: > Paul-san, > > > In the big picture, I think it would be good for the DNS to be able > > to refer to DNSSEC more easily. Thoughts? > > I think it can be said for RFC 1034 and 1035, too. > But it's much more difficult than DNSSEC. > > My friend Takashi Takizawa maintains this horrible figure. > > DNS RFCs - ttkzw's site > <https://emaillab.jp/dns/dns-rfc/> > > -- Orange > > -- > Yasuhiro 'Orange' Morishita <yasuhiro@jprs.co.jp> > > From: Paul Hoffman <paul.hoffman@icann.org> > Subject: [DNSOP] Is DNSSEC a Best Current Practice? > Date: Thu, 10 Mar 2022 18:54:07 +0000 > > > Greetings again. My motivation here is kinda trivial, but I've heard it > is a common complaint. When writing a about DNSSEC, I need to reference the > RFC. But it's three RFCs (4033, 4034, and 4035), and possibly another > (6840). It would be awfully nice to refer to "DNSSEC" with a single > reference like "BCP 250". > > > > To get there, we need to update the RFCs and say that we want an BCP. > This is mostly a paperwork exercise, but this WG isn't terribly good at > getting those done. Maybe we could create a short-lived WG for moving > DNSSEC to BCP that just the DNSSEC-y people need to pay attention to. If we > do it, that WG would not take up any new DNSSEC-related work, just spruce > up the base RFCs. > > > > In the big picture, I think it would be good for the DNS to be able to > refer to DNSSEC more easily. Thoughts? > > > > --Paul Hoffman > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Is DNSSEC a Best Current Practice? Paul Hoffman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Wouters
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Stephen Farrell
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Bill Woodcock
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Colm MacCárthaigh
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Livingood, Jason
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Yasuhiro Orange Morishita / 森下泰宏
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Vixie
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Mukund Sivaraman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Masataka Ohta
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Viktor Dukhovni
- [DNSOP] DNSSEC as a Best Current Practice Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice David Conrad
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Joe Abley
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Vixie
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jerry Lundström
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice james
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Tim Wicinski
- Re: [DNSOP] DNSSEC as a Best Current Practice Mukund Sivaraman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta