Re: [DNSOP] future-proofing (Re: Working Group Last Call for: Message Digest for DNS Zones)

"Wessels, Duane" <dwessels@verisign.com> Thu, 16 January 2020 00:51 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7679112085E for <dnsop@ietfa.amsl.com>; Wed, 15 Jan 2020 16:51:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMvOAwjGhNL2 for <dnsop@ietfa.amsl.com>; Wed, 15 Jan 2020 16:50:59 -0800 (PST)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 931B31207FB for <dnsop@ietf.org>; Wed, 15 Jan 2020 16:50:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7718; q=dns/txt; s=VRSN; t=1579135859; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=1pEr/gk8VQZTnv+c/C/GwFEEFYt3nYrRRtigijAJ12I=; b=gncHT28OAlcoJXOaK7Rnw0w2i4aA13lVGlfENHkjIpWtochmhSomCm4e RBs+PbdcnXnDrciGHFBjX/rHj06FiE/CPm8IgUhJQOniB+Wv9SJxnoPtH I2yAwPD6GYD8kWwQAAFNwSiUVSBJtJt7IM/4/q/CygT19Ftbv/qjkKvrl 58Swc7qmEZiNMtcQf+YNC48qomVSqGdsuy/1UBkpKCG/zO+CdQuNrBlRn +EAwvZAvaTgULjMq7lq2GdSzitdYdfQaQM2J6O5qo8pJKOwF2HKkjO1s/ brXC37uaz2KOKMc8ZRH+8DNVxaWaJt+gFILMT3IB1Q3zdCV1Lkdu8MlpR g==;
IronPort-SDR: fvBSCOubSbI0VWhq8mTbhzzUGxBxKfEpi2h9tcLq/UUn2yHpC0NeVCjL5XfjXfVnVrtgtt/ooq 0gOnnQfHNufKjvxFfVCeDpauqAOdp2V/3dQ/LMw9gQGbWdn9+ucJEagMReH+/nWF9D9sGFmaVL I5Ag04rtV/KLKAWUNsN1P6tfYFEcliYSqy1/sagZkgzhBa4ve/IVbSRgtzvhOagwb3XXY4YZbF f+H8lRKXGTk2tOxj8FaLR/KTUABVnroD0NjBe7YSRcw9BbuXq4pOWRKZK6WuH8qZfSy2Fmkpc4 5Ho=
X-IronPort-AV: E=Sophos;i="5.70,323,1574121600"; d="p7s'?scan'208";a="32795"
IronPort-PHdr: =?us-ascii?q?9a23=3AZEZBnR8pZLjbTP9uRHKM819IXTAuvvDOBiVQ1K?= =?us-ascii?q?B22+0cTK2v8tzYMVDF4r011RmVBNmds64P0bGe8/i5HzBZutDZ6DFKWacPfi?= =?us-ascii?q?dNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV?= =?us-ascii?q?3wOgVvO+v6BJPZgdip2OCu4Z3TZBhDiCagbb9oIxi6sArcutMKjYZtJao91B?= =?us-ascii?q?XEqWZMd+hK2G9kP12ekwvy68uq4JJv7yFcsO89+sBdVqn3Y742RqFCAjQ8NG?= =?us-ascii?q?A16szrtR3dQgaK+3ARTGYYnAdWDgbc9B31UYv/vSX8tupmxSmVJtb2QqwuWT?= =?us-ascii?q?Sj9KhkVhnlgzoaOjEj8WHXjstwjL9HoB+kuhdyzZLYbJ2TOfFjZa7WY88USn?= =?us-ascii?q?RdUcZQTyxBA52zb40TD+oaIO1Uq5Dxq0YSoReiAAWhAv7kxD1ViX/sxaA00/?= =?us-ascii?q?ovHxza3AIuHNwOvnbbotL0NKgOXu+416bIwSnGb/5M2Tfx9JbEfxY8qv+MR7?= =?us-ascii?q?Jwds/RxFEhGwzFkFqQspflMC2R1uQWq2SQ8uRuVf+1hG4htQ59rCWky8AxhY?= =?us-ascii?q?jHmI0V0UvE+jt9wIYuPtC4VlB0YcSlEJtLtiGaOI12Ttk+TGFvvSY307sLso?= =?us-ascii?q?O4cigS0Jkr2gLTZ+aaf4WK7B/vTvudLDd2iX5/d7+yhA6+/VW8xuHmS8W50k?= =?us-ascii?q?pGojBYntTDtX0BzQHf58ufRvtz4Eis2iqD2gXW5+5eIk05kbHUJpsvz7Iui5?= =?us-ascii?q?UesEHOETTylUj3jqKbc0sp9+aq5uv6ZLjtu4WSOJVuig7kN6Qjgsm/AeMlPQ?= =?us-ascii?q?cQR2Wb4uG81KH7/U3+XbVKkuU6kqnHv5DeIsQWvrO0DRNN3Io+6xmxFzio39?= =?us-ascii?q?UEkXUaNl5FZg6Ij4/zO1HWOvz3F+qwj06ykDdx3PDGOKftDYnKLnjGiLvhfL?= =?us-ascii?q?B95FBAyAcr0NxT+4hYBqwDLf/9QEP9qdzVAxEjPwG7wOvrENB92ZkfWWKLDK?= =?us-ascii?q?+ZKqTSsVqQ6+0yLeiDepQVuC3jJPgh/P7jlmE5lkEHfamoxpsXaX+4HvJ8L0?= =?us-ascii?q?qFZnrsh88NEX0WsQomUOzqlFqCXCZIZ3ayRa084C80BZm6DYfCQ4CinqWN3D?= =?us-ascii?q?uhHpJMeGBJFFSMEXP2eIWeQPcAciWSItVukjYcT7iuV5ch1Q2ytA/907doM+?= =?us-ascii?q?zU+jYftZL7z9V15vPclQ089TBuCMSdyW6NHClImTYzRzYw0ehcrFZnggOY0a?= =?us-ascii?q?F+jtREFNleou9TWxk3MZrR1fc8DMr9DFHvZNCMHRyZT869DDUqCpod3tYIbg?= =?us-ascii?q?w1T9m9gwvY0i6xK6EYjb2QBZMytKnb2i6idI5G13/a2fx53BEdScxVODjj3/?= =?us-ascii?q?Yn+g=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2FCAwDHsh9e/zCZrQplHAEBAQEBBwEBEQEEBAEBgXsCg?= =?us-ascii?q?z6BBgqVI4Nul0kJAQEBAQEBAQEBAwQBLwEBhEACgiQ5BQ0CAwEBCwEBAQQBA?= =?us-ascii?q?QEBAQUDAQEBAoYsgjspAYNOAQEBAQIBHVwFCwIBCBgjCwIwJQIEDgUOgxgBg?= =?us-ascii?q?lsRqwaCJ4pEEIE2gVOKX4FCPoE4IIJMPoRIg0OCLASNRaF/AweCOINlgjiQL?= =?us-ascii?q?ppupjCDLAIEAgQFAhWBaoF6cBVlAYJBPhIYDYg5jg50jE6BEAEB?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Wed, 15 Jan 2020 19:50:56 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Wed, 15 Jan 2020 19:50:56 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: Shane Kerr <shane@time-travellers.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] future-proofing (Re: Working Group Last Call for: Message Digest for DNS Zones)
Thread-Index: AQHVzAcDfE9Irw2z6UK4H/lNJ4ML2w==
Date: Thu, 16 Jan 2020 00:50:56 +0000
Message-ID: <D65BD5BE-D24F-49AB-A70D-8DA36B39EA86@verisign.com>
References: <CADyWQ+G1w9_vcU3oO9MsKcP4hTLPXKFb+xY7LJGExbAfjzsDMw@mail.gmail.com> <D9E20677-B76F-4028-A283-6FA5DEEC22AE@verisign.com> <b3132d4a-8b91-27ff-83af-0204a47ec2c3@nthpermutation.com> <28189634.PH2fhW1m7e@linux-9daj> <57C19AE6-CE64-42F4-BFF1-7FD5C442CD4A@verisign.com> <4c9cee8f-c05f-1cb4-6a2d-4e61371bf045@nthpermutation.com> <C34B2364-13D8-461A-B15C-090C1C2F6200@verisign.com> <94fc8dac-0735-67af-f413-004e6f84c349@time-travellers.org>
In-Reply-To: <94fc8dac-0735-67af-f413-004e6f84c349@time-travellers.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_4181895A-769E-4ED8-A66C-8071C2832C84"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/gKNEDoX62JBA3qyZsItoyyjgvSk>
Subject: Re: [DNSOP] future-proofing (Re: Working Group Last Call for: Message Digest for DNS Zones)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2020 00:51:01 -0000


> On Jan 15, 2020, at 12:14 AM, Shane Kerr <shane@time-travellers.org> wrote:
> 
> Duane,
> 
> Honestly thinking about it more, I'm not even sure we should consider supporting an incremental version of zone digests in ZONEMD at all.

I could be easily convinced to take that route.

The first few revisions of the draft were designed that way.  WG discussion back then seemed to focus a lot on the need for having it work with incremental updates.  I felt that it could be accommodated with the addition of an extra field and some future work to hammer out the details. 

>  There's no harm in introducing a new type with its own syntax and semantics if we tackle that problem in the future.

Yes, I think that is a perfectly reasonable approach.  Brian mentioned some potential complications, and I'll respond to his message.

DW