Re: [DNSOP] updating fragile dnssec, was Fwd: New Version

"Patrik Fältström " <paf@frobbit.se> Fri, 18 August 2017 05:21 UTC

Return-Path: <paf@frobbit.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72551320CF for <dnsop@ietfa.amsl.com>; Thu, 17 Aug 2017 22:21:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zM8cV63Dfz-c for <dnsop@ietfa.amsl.com>; Thu, 17 Aug 2017 22:21:14 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2AA71200C5 for <dnsop@ietf.org>; Thu, 17 Aug 2017 22:21:13 -0700 (PDT)
Received: from [192.165.72.145] (unknown [192.165.72.145]) by mail.frobbit.se (Postfix) with ESMTPSA id 9B589204BC; Fri, 18 Aug 2017 07:21:10 +0200 (CEST)
From: Patrik Fältström <paf@frobbit.se>
To: John R Levine <johnl@taugh.com>
Cc: Mark Andrews <marka@isc.org>, dnsop@ietf.org
Date: Fri, 18 Aug 2017 07:21:10 +0200
Message-ID: <8C160AEC-989A-4D29-A988-FC773440E4BB@frobbit.se>
In-Reply-To: <alpine.OSX.2.21.1708172230120.64415@ary.local>
References: <20170816230917.4475.qmail@ary.lan> <20170817034747.0F82D8298B68@rock.dv.isc.org> <alpine.OSX.2.21.1708171013140.63290@ary.local> <20170818001153.37E9082B0500@rock.dv.isc.org> <alpine.OSX.2.21.1708172112530.64140@ary.local> <20170818013601.473E582B17D6@rock.dv.isc.org> <alpine.OSX.2.21.1708172230120.64415@ary.local>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_98F1D587-DF64-4E0A-B510-846CBE91EF7D_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (2.0BETAr6090)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/i4s-JFvCHpCfwbsq0Rwj8MmVB8k>
Subject: Re: [DNSOP] updating fragile dnssec, was Fwd: New Version
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 05:21:16 -0000

On 18 Aug 2017, at 4:39, John R Levine wrote:

> Some do it one way, some do it the other, and the registars and registries I've talked to feel very strongly about whichever way they do it.

Correct, and that is why my only strong view is that both mechanisms can be implemented by the solution IETF develops (including ability to say "NO" to the not chosen option).

   Patrik