[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis
Joe Abley <jabley@strandkip.nl> Mon, 17 June 2024 20:40 UTC
Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6DB3C151093 for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 13:40:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30MS55X6_4e0 for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 13:40:20 -0700 (PDT)
Received: from qs51p00im-qukt01072101.me.com (qs51p00im-qukt01072101.me.com [17.57.155.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C9C6C15109C for <dnsop@ietf.org>; Mon, 17 Jun 2024 13:39:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1718656783; bh=cuf1msN5biBqo1MH2Os6Y0q+nb/rjB1fdz5tsi/Mhv4=; h=Content-Type:From:Mime-Version:Subject:Date:Message-Id:To; b=vh1cgqx4wCh4j15HiHLab3v+dVLYGBu93IfSd23WlSjLkNmr3ywfC5uIoWKsAvt/I nuBU6KcnBYTw+KOlxHIo60xW2hH2WOTuG1H/IcrLjrXoisX/B2TDcqLaLhZw/ehohB cBWbY9Z4sSjhNk/TqTsM+gs5yFOPZgdRm/DioFbTFB7A/4Us6KNKANks/w9j+pZs7x Jc5LrWkkVzldk7n7MNPqW6TvLRhifxyTbW4m9XsgaJD4yOdTGlUEVEn+zyI/aCZxvw xg/3chKtExHBX9eBfuDmYEWxGsuad9CTW+p+eLpKk/wWsuCav3I2KCQdpDWh6MkWDL nHwfKaIJdDbUg==
Received: from smtpclient.apple (qs51p00im-dlb-asmtp-mailmevip.me.com [17.57.155.28]) by qs51p00im-qukt01072101.me.com (Postfix) with ESMTPSA id B7D124016D; Mon, 17 Jun 2024 20:39:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: Joe Abley <jabley@strandkip.nl>
Mime-Version: 1.0 (1.0)
Date: Mon, 17 Jun 2024 21:39:28 +0100
Message-Id: <B7C5C05C-100D-4F7A-9FA6-49126A10ED62@strandkip.nl>
References: <9DE49AD4-13B4-48DC-B68C-9172CB91F5F6@icann.org>
In-Reply-To: <9DE49AD4-13B4-48DC-B68C-9172CB91F5F6@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>
X-Mailer: iPhone Mail (21F90)
X-Proofpoint-ORIG-GUID: mIE1r0iukXFMaKo_RLzmUb2OpzwhXyRu
X-Proofpoint-GUID: mIE1r0iukXFMaKo_RLzmUb2OpzwhXyRu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-17_14,2024-06-17_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=945 adultscore=0 phishscore=0 spamscore=0 bulkscore=0 clxscore=1030 suspectscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2406170159
Message-ID-Hash: CRDEVZONTUJ3N3QFCS7HTUANRLNM6MUE
X-Message-ID-Hash: CRDEVZONTUJ3N3QFCS7HTUANRLNM6MUE
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eZXwQ87Noa-TLZxD9znSvTBpLPM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi Paul, On 17 Jun 2024, at 21:18, Paul Hoffman <paul.hoffman@icann.org> wrote: > The paragraph reads: > > If the "root-servers.net" zone is later signed, or if the root servers are named in a > different zone and that zone is signed, having DNSSEC validation for the priming queries > might be valuable. > The benefits and costs of resolvers validating the responses will depend heavily on > the naming scheme used. > > It is still accurate as it stands, does not lead to an assumption of what name would be signed and, more importantly, strongly indicates that the name that eventually gets signed might be different than root-servers.net. I'm not sure why we would want to remove that. It might be technically true (although I could still nitpick about the assumption that the root server names must necessarily live in a zone other than the root) but I don't think it's useful. I think the paragraph is at best pointless to leave in, and at worst has the potential not to age well. I agree with Tim's suggestion that the document would be improved if that paragraph was removed. Or his idea or his question or whatever it is proper for Tim to do depending on what hat he was wearing. I think any work about naming the root servers or whether the records attached to those names would be better to leave to a different, future document. Joe
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP]Requesting final comments on draft-ietf-dn… Tim Wicinski
- [DNSOP]Re: [Ext] Requesting final comments on dra… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… A. Schulze
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Tim Wicinski
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski