[DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
Paul Hoffman <paul.hoffman@icann.org> Fri, 02 August 2024 00:34 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02058C14F70C; Thu, 1 Aug 2024 17:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3MQw08_WPQR0; Thu, 1 Aug 2024 17:34:11 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) by ietfa.amsl.com (Postfix) with ESMTP id 86B34C14F70B; Thu, 1 Aug 2024 17:34:11 -0700 (PDT)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa4.dc.icann.org (8.18.1.2/8.18.1.2) with ESMTPS id 4720PwFq007603 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 1 Aug 2024 17:25:58 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 1 Aug 2024 17:34:05 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.1544.011; Thu, 1 Aug 2024 17:34:05 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Joe Abley <jabley@strandkip.nl>
Thread-Topic: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
Thread-Index: AQHa4z0kyPuqGRqL4UCzJvdq81Xy87ISAmEAgABgxYCAATMUgA==
Date: Fri, 02 Aug 2024 00:34:05 +0000
Message-ID: <F7AD5DAF-27E6-4EDD-AB76-924822C15722@icann.org>
References: <C5054E75-79B2-4BDF-BA77-60CEB6479AC2@icann.org> <003BDE3E-6058-45A4-A028-EA7FFCC14EE7@strandkip.nl>
In-Reply-To: <003BDE3E-6058-45A4-A028-EA7FFCC14EE7@strandkip.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="iso-8859-2"
Content-ID: <513E1EB4916B0941B78981B5D1AA1498@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-01_22,2024-08-01_01,2024-05-17_01
Message-ID-Hash: GHGDGQBO54M4JJNHT22BCLQMXRUTFX5X
X-Message-ID-Hash: GHGDGQBO54M4JJNHT22BCLQMXRUTFX5X
X-MailFrom: paul.hoffman@icann.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsdir@ietf.org" <dnsdir@ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>, "draft-ietf-dnsop-rfc7958bis.all@ietf.org" <draft-ietf-dnsop-rfc7958bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ha450_bvmbyTCV6coHx38Jq9dc8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On Jul 31, 2024, at 23:15, Joe Abley <jabley@strandkip.nl> wrote: > > On 1 Aug 2024, at 02:29, Paul Hoffman <paul.hoffman@icann.org> wrote: > >>> Is there implementation experience with the new format? What was the >>> implementer feedback? >> >> We have heard informally that some implementers have added the new features with no problems, but they obviously can't test it until there is a new trust anchor file from IANA, and that's waiting on the standard to be published. > > Why obviously? Because they can't test whether a fake trust anchor is actually signing the root zone. > The software that generates the file is not secret, and presumably there is equivalent hardware to that used in the KMF that is available for testing. It seems like it ought to be straightforward to generate some test files. Testing prior to first production use seems like a sensible thing to do. That would be testing whether the software could ingest a trust anchor file, not whether what it ingests would actually work. > Similarly, it seems like testing the adequacy of the standard before it is published is the right the order to do things. It's much harder to correct ambiguity after publication than before. Of course. We'd be happy if anyone was doing that testing now. --Paul Hoffman
- [DNSOP] Dnsdir last call review of draft-ietf-dns… Petr Špaček via Datatracker
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Joe Abley
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Joe Abley
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Paul Hoffman
- [DNSOP] Re: [Ext] Dnsdir last call review of draf… Petr Špaček