Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 15 October 2020 10:38 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006503A11D1; Thu, 15 Oct 2020 03:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CXz1CtVT; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=h4eg088P
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzM_ajNsmoqR; Thu, 15 Oct 2020 03:38:54 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55E613A108D; Thu, 15 Oct 2020 03:38:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2998; q=dns/txt; s=iport; t=1602758334; x=1603967934; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=C29Z5AvhSy04cPlFzUsHBeqPhfq4GFjAyZo86OEdtMY=; b=CXz1CtVT40wVxI/ae11/rygzxkVcZ/Rtty9d4izOB+4CMpGIU8jTuU7O xfvXGcR0nwtrHcAGC+H05w6VbRbYzbrLOFW9ye944NvBWtLP3IduBOYhD SRU2uJnI+yQGfsJASwmNJynj7zifqvOfP/BZryackT9TzWue/jcK2UhnX A=;
IronPort-PHdr: 9a23:37zLEhWWBfeVvwFvZHqza5d+SYTV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBN+Huf5BgvDd9aHtRWJG5oyO4zgOc51JAhkCj8he3wktG9WMBkCzKvn2Jzc7E8JPWB4AnTm7PEFZFdy4awjUpXu/vjIXEw/0cwt4OuqzHZTd3Iy70umo8MjVZANFzDO2fbJ1KkCwqgPc/skbiIdvMOA/0BzM93BJYO9Rg2hvIAGe
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CnAAB9JYhf/4kNJK1gHAEBAQEBAQcBARIBAQQEAQFAgT0FAQELAYFRUQeBSS8sCod5A41QihGOaoEugSUDVQsBAQENAQEtAgQBAYRKAoIIAiU2Bw4CAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEEEigGAQE3AQsEAgEIEQQBAQEeECERHQgCBA4FCBqFUAMuAQOgawKBOYhhdIE0gwEBAQWFGg0LghAJgTgBgnGGMoQSG4FBP4ERQ4JNPoIaQgSBX4NIgi2TEgGkDlQKgmqVY4UtoUahCJJMAgQCBAUCDgEBBYFbBC+BV3AVgyRQFwINjh8LGBSDOopWdAI2AgYKAQEDCXyMOwGBEAEB
X-IronPort-AV: E=Sophos;i="5.77,378,1596499200"; d="scan'208";a="580665302"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Oct 2020 10:38:53 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 09FAcrBt004046 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 15 Oct 2020 10:38:53 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 15 Oct 2020 05:38:53 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 15 Oct 2020 06:38:52 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 15 Oct 2020 05:38:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SJvQAAp3nHnhDqFYUSDmHiwlL/vtwGyb6VwjvNartc+819/6uOqE9N3Lc0sZBY+Wmy4P5xOwOp8/5+uquSRpf9NBu2QK637hfuJ+cX5t7x3ugN15Ln+YsNeRnkWO2qQFdgj5tMxNh3FOfusQocLFlpCweJoELprdwFqWrPVfkhaA5oub+P6X0ZSeOOLJES4mBFefsLnqH4+a/VyWz9tqK8e9excB17VTiaLOC6+A/iBd1dvK5N6iWTro59gdYupNm3Fh4YkKB3iSwuW62vKq6gwpXjbNslQ1XNTAJ0B4zR8OphGifYrKMU1WAI3LSsByWTDTjP1E2qP/B5p8XKegHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MMWxq8r/e7T5sr8YAdsF0j02FrTfpJ18ygfNdyc5N6I=; b=MchGU9VgX6WJ2/U/SJRV6pWGtrmXLTyShoPL66HLXP7duRS6W9G6tUyQ3XyQLsZbribwD7tgbzrZaDm7d8ef2GPYkRVPYWpzeAQ9sNPTm0uYPjMSew/xrpHar7sT+VnFBHbYUXC852ZqTXzJQIZQvV3hzDqAg1+sNLQ8j45S04f2wow/aDAt+c0IvI+6zl+mQ2H/JT1ub0+yEFZzgFusMA2AYyuAup4M7P5TulHacU5jrJjhRxcZZQYLtIYKSxZ2CPodF6doclu/2w06YkZoaluA+4nXIS2nafR+LQVo+YKbXCsKjOB9cGD45S+s9FJSKWVTNNmimHSGUAJP7vDbmw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MMWxq8r/e7T5sr8YAdsF0j02FrTfpJ18ygfNdyc5N6I=; b=h4eg088PEw7g6R63xuyGdWcmJGCW0LaidabnNx4SypKznUr3nrnaR3cCG9M7aIHrWys1XeGFbGXj1hAyOcRuGtDjricfvHmEvB54o/+wNvCLqB/F7TvC5W63sqlq0eIgn+SM0BQu6BnYcBSxwmKVX4d9nX9rGPDoHIzTS8F59AE=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4662.namprd11.prod.outlook.com (2603:10b6:208:263::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20; Thu, 15 Oct 2020 10:38:51 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::d84a:115:9ce0:8241]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::d84a:115:9ce0:8241%4]) with mapi id 15.20.3455.035; Thu, 15 Oct 2020 10:38:51 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
CC: "draft-ietf-dnsop-dns-zone-digest@ietf.org" <draft-ietf-dnsop-dns-zone-digest@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Robert Wilton's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)
Thread-Index: AQHWnWTLXBOmQTmNGkG7AmGk8bLrYqmPm2kAgASDkdCAAvMagIABcYcA
Date: Thu, 15 Oct 2020 10:38:50 +0000
Message-ID: <MN2PR11MB4366618DA4A0BBE5DADBE765B5020@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <160215590178.19643.8185294724542473578@ietfa.amsl.com> <514C5EA8-2814-42AA-9787-455445BA828D@verisign.com> <MN2PR11MB43665A8B2DE4ECFF99CEAB7EB5070@MN2PR11MB4366.namprd11.prod.outlook.com> <1C5BF513-7FDD-404E-AC0E-09C0379864E7@verisign.com>
In-Reply-To: <1C5BF513-7FDD-404E-AC0E-09C0379864E7@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.12.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 81af20a2-c5e9-4c50-fe97-08d870f68198
x-ms-traffictypediagnostic: MN2PR11MB4662:
x-microsoft-antispam-prvs: <MN2PR11MB4662059C36F697DD66D7600FB5020@MN2PR11MB4662.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EBxBq06ndoHM/anFRE4nK2ZyZZHOzKw7/uQ9bNnDuMG6EWAs0jXTVJhxdNiZCRrHdBiHji0SADtjKktvOg3zlhQiiDLd1C14e7KQZ6rGzDBlgELog8NrkAj4dof0+nedz/cqY8AkgjJFOIiZwTScqvo+JQdGPhuNl59GD10OLRQd9Mp/uWLwvWQNMlI3wXVdWkY2U2pto1EMSLagnIQX4T+6coQVUStNT0ZRiAy1kZmZRRwejtmdlYZsYZbNolbTay1Tdqeqv0C5ayElK7gq3jI4rkWw7q7G+iWYJ62e7bVbV6QfA29W0uBGBbFyJ/JbhX7LFuQPKwDV1QG9NdOKuQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(136003)(39860400002)(376002)(346002)(9686003)(6506007)(66446008)(53546011)(8676002)(186003)(76116006)(66476007)(5660300002)(66946007)(26005)(64756008)(33656002)(66556008)(2906002)(8936002)(52536014)(316002)(4326008)(55016002)(478600001)(7696005)(86362001)(54906003)(83380400001)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: cafjpBD2HXTXGjsUM+n5epVYZPwCpi6j7m6E1SbBeSMNkHzfEykp+8W7sqLdI+89vvwsr3RjZlkWN6CbrCzq5neNz3JuWX7kUMiTA1B9UOc0qyIuwVfsMl+WWhk8M0EguDpYe+anypTQFHl3MgYMHcsDH2yB7FIAVgu6aANYkSUPFxVbiWKzmGUKUsn2nITbPke3hIdz3UWS4B9RVi35qlMiEMNj0nVRMjFpdwaoPCeUzmnvC3H3LK4TNDfi8By6kf6iECcwianpVKbma9mztxyj1B3VNQhWdxPhTalaYhoz7YLVsOLR3+EwdBcOm/xO1bMXlDeSvm/kOjp0iVSC/ju6XcU79XssvDB4nWyTmjhyZAye/dy3jQdbbv85WGMQFYPxdH/cB3RLpBGZk0bFtZO1R1QpLPAc3jUB+7Cqo5DjFtAHcIaQPYipE3zydZgbikXjWkq388gFSw0ZIZZ+mzTNlxmYZL3Aa1wQgYFEz+8hdsYae8+BTP4qBthLWxFR+SiIGxH17XNHY5fVtFKic5KV54XjAdBV/EdZbTsjyfpXaxZpzSJgzbtgk24p427iLugaRqA3v1eRTOwGk7aomWqYPvuJf+h9Ois4ZZTwqFn4QFmBzS2NMrAlChmMKhuqpzBSzlT5CQx0cXKdGrvPcQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4366.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 81af20a2-c5e9-4c50-fe97-08d870f68198
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2020 10:38:51.0209 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r4ueP5tWweFRkxaZKf70wOi/otMF0C1xB9cufq1ViYyJCzFVDv6vDRql49oPYL/0/F3Nq7XjGad6xWKOwGSK2g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4662
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hht5b2v5u28fVORaZRB_gI90hks>
Subject: Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-dns-zone-digest-12: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2020 10:38:56 -0000

Hi Duane,

That looks good.  Thanks for accommodating.

Regards,
Rob

> -----Original Message-----
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Wessels, Duane
> Sent: 14 October 2020 13:35
> To: Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org>
> Cc: draft-ietf-dnsop-dns-zone-digest@ietf.org; Tim Wicinski
> <tjw.ietf@gmail.com>; dnsop@ietf.org; dnsop-chairs@ietf.org; The IESG
> <iesg@ietf.org>
> Subject: Re: Robert Wilton's No Objection on draft-ietf-dnsop-dns-zone-
> digest-12: (with COMMENT)
> 
> 
> 
> > On Oct 12, 2020, at 8:56 AM, Rob Wilton (rwilton)
> <rwilton=40cisco.com@dmarc.ietf.org> wrote:
> >
> >
> >
> >>
> >>>
> >>>   2.  The ZONEMD Resource Record
> >>>
> >>>      It is
> >>>      RECOMMENDED that a zone include only one ZONEMD RR, unless the
> >> zone
> >>>      publisher is in the process of transitioning to a new Scheme or
> >> Hash
> >>>      Algorithm.
> >>>
> >>> I'm not quite sure how well this fits with sections 2.2.3 restriction
> >> that
> >>> SHA384 MUST be implemented, and SHA512 SHOULD be implemented.   As a
> >> recipient
> >>> of the zone info I understand that I would need to implement both, but
> >> as a
> >>> sender am I allowed to only send SHA512, or both, or must I always
> send
> >> SHA384?
> >>
> >> As sender (publisher) you are allowed to publish whatever you want.
> > [RW]
> >
> > Okay, taken in conjunction with 2.2.3 that didn't seem clear to me.  My
> reading is that the sender SHOULD only send one, and [everyone] MUST
> support SHA384, effectively implying that is SHA384 that MUST be sent ...
> Perhaps the RFC 2119 language in section 2.2.3 needs to be restricted to
> receivers processing ZONEMD records?  ... or some other way to convey the
> difference in requirements on algorithm implementation between senders and
> receivers.
> >
> 
> 
> Hi Rob,
> 
> To address this, here is what we suggest:
> 
> In sections 2.2.2 and 2.2.3, rather than saying "MUST/SHOULD be
> implemented" we'll say "MUST/SHOULD be supported by implementations."
> 
> The paragraph about multiple digests at the start of section 2 will be
> moved to this new section 2.5:
> 
> 2.5.  Including ZONEMD RRs in a Zone
> 
>    The zone operator chooses an appropriate hash algorithm and scheme,
>    and includes the calculated zone digest in the apex ZONEMD RRset.
>    The zone operator MAY choose any of the defined hash algorithms and
>    schemes, including the private use code points.
> 
>    The ZONEMD RRSet MAY contain multiple records to support algorithm
>    agility [RFC7696].  [RFC Editor: change that to BCP 201] When
>    multiple ZONEMD RRs are present, each MUST specify a unique Scheme
>    and Hash Algorithm tuple.  It is RECOMMENDED that a zone include only
>    one ZONEMD RR, unless the zone operator is in the process of
>    transitioning to a new scheme or hash algorithm.
> 
> 
> DW
> 
>