Re: [DNSOP] Obsoleting DLV
Samuel Weiler <weiler@csail.mit.edu> Wed, 24 July 2019 23:22 UTC
Return-Path: <weiler@csail.mit.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692CC12027B for <dnsop@ietfa.amsl.com>; Wed, 24 Jul 2019 16:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHdzbAltRvYO for <dnsop@ietfa.amsl.com>; Wed, 24 Jul 2019 16:22:02 -0700 (PDT)
Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by ietfa.amsl.com (Postfix) with ESMTP id 832A912006E for <dnsop@ietf.org>; Wed, 24 Jul 2019 16:22:02 -0700 (PDT)
Received: from dhcp-8906.meeting.ietf.org (dhcp-8906.meeting.ietf.org [31.133.137.6]) by cyrus.watson.org (Postfix) with ESMTPSA id CB23917164; Wed, 24 Jul 2019 23:22:01 +0000 (UTC)
Date: Wed, 24 Jul 2019 19:22:01 -0400
From: Samuel Weiler <weiler@csail.mit.edu>
To: Matthijs Mekking <matthijs@pletterpet.nl>
cc: "dnsop@ietf.org" <dnsop@ietf.org>
In-Reply-To: <56a4b9a1-6e80-be24-0852-fe3b91869f1e@pletterpet.nl>
Message-ID: <alpine.OSX.2.20.1907231804420.14762@dhcp-9328.meeting.ietf.org>
References: <56a4b9a1-6e80-be24-0852-fe3b91869f1e@pletterpet.nl>
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/gA1HbwFrXyJlEmEpy_jrcWg7v7s>
Subject: Re: [DNSOP] Obsoleting DLV
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 23:22:05 -0000
On Tue, 2 Jul 2019, Matthijs Mekking wrote: > Here's a draft with discussion why also the protocol should go > away. We would like to hear what you think about it. The discussion of the private network use case in section 2 has two minor errors plus one bit that is unclear. When we designed DLV, we certainly considered a private network use case. RFC5074 does not strictly have public trust anchors take precedence over ("mask") DLV records [1]. I suggest replacing the text in section 2 starting with "One other..." with: One other possible reason to keep DLV is to distribute trust anchors for private enterprises. The authors are not aware of any such use of DLV. That does not include the argument in the below bullet, which I find unclear. What does "name redirection" mean in this context? o Since the zones are related to private networks, it would make more sense to make the internal network more secure to avoid name redirection, rather than complicate the DNS protocol. -- Sam [1] Specifically, 5074 says to use public trust anchors first. If they give a validation result other than "Secure", then do DLV processing. I'm not 100% sure of how BIND's logic works here.
- [DNSOP] Obsoleting DLV Matthijs Mekking
- Re: [DNSOP] Obsoleting DLV David Conrad
- Re: [DNSOP] Obsoleting DLV Paul Wouters
- Re: [DNSOP] Obsoleting DLV Dan York
- Re: [DNSOP] Obsoleting DLV Warren Kumari
- Re: [DNSOP] Obsoleting DLV Joe Abley
- Re: [DNSOP] Obsoleting DLV Jim Reid
- Re: [DNSOP] Obsoleting DLV Erwin Lansing
- Re: [DNSOP] Obsoleting DLV Paul Vixie
- Re: [DNSOP] Obsoleting DLV Loganaden Velvindron
- Re: [DNSOP] Obsoleting DLV Tim Wicinski
- Re: [DNSOP] Obsoleting DLV Samuel Weiler
- Re: [DNSOP] Obsoleting DLV Samuel Weiler
- Re: [DNSOP] Obsoleting DLV Tony Finch
- Re: [DNSOP] Obsoleting DLV Matthijs Mekking
- Re: [DNSOP] Obsoleting DLV Mark Andrews