IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Evan Hunt <each@isc.org> Fri, 27 July 2018 04:34 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B691130E3C for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 21:34:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLrW9p8_P1vU for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 21:34:34 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64B55130E2D for <dnsop@ietf.org>; Thu, 26 Jul 2018 21:34:34 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 7547B3AB042; Fri, 27 Jul 2018 04:34:33 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 5AA47216C1C; Fri, 27 Jul 2018 04:34:33 +0000 (UTC)
Date: Fri, 27 Jul 2018 04:34:33 +0000
From: Evan Hunt <each@isc.org>
To: Mark Andrews <marka@isc.org>
Cc: Davey Song <songlinjian@gmail.com>, steve@shinkuro.com, dnsop <dnsop@ietf.org>, mweinberg=40verisign.com@dmarc.ietf.org
Message-ID: <20180727043433.GA15778@isc.org>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <CAJE_bqcELQbQeHPvvEBHOxpRyWYL76BmT_-G4jW4pTnUUXFMUw@mail.gmail.com> <CAAObRXL2LoB3f=296ZPE1Pp1nHkG---pRPAmyO1trTROxneHDQ@mail.gmail.com> <CAHPuVdU8YjbnsVGP4qEVoMA4ZdBo3_bHjV+PxgAOEGsKd742Uw@mail.gmail.com> <CABf5zvKnV_YodJSE3UcEXVfJaew0enCzDg_T7Ni=D8xS=s8zAg@mail.gmail.com> <CAHPuVdX6XQbBBLnp180Pak==_J1MqtonskR7qFxh5nOhZ5Goiw@mail.gmail.com> <CAAObRXJSQinCN9=6fWydbmjnAPMJ54xZTkpwPrVp9A98MosCJw@mail.gmail.com> <20180727040406.GA15431@isc.org> <CAAObRXJEFz0JC=mWvgrh2dadz_6dnhZuteADMFPmU+UkEE3cMw@mail.gmail.com> <390DA8B8-5D97-4BD7-89FB-403150C9FC39@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <390DA8B8-5D97-4BD7-89FB-403150C9FC39@isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fnDt_I_uOWY_1_fbQ2-6bLxT4Mc>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 04:34:38 -0000

On Fri, Jul 27, 2018 at 02:18:46PM +1000, Mark Andrews wrote:
> 	just because A => B, it doesn’t mean that !B => !A.

(... it does mean that, actually.)

> On 27 Jul 2018, at 2:13 pm, Davey Song <songlinjian@gmail.com> wrote:
>  I mean zone digest is not for zone transimition with channel security. On page 4, the authors compare zone digest and Channel security.

I think this is meant to explain why channel security mechanisms like
TLS have limitations, and ZONEMD can do even more.

But that doesn't mean the use cases for ZONEMD is restricted to the ones
not handled by TLS.  You can use ZONEMD with AXFR, too.

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.

v2.23.0 | Report a Bug | By Email