Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
Paul Wouters <paul@nohats.ca> Wed, 06 January 2021 22:11 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13A693A133A for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 14:11:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QdltbiYPr4jg for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 14:11:30 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A18333A1338 for <dnsop@ietf.org>; Wed, 6 Jan 2021 14:11:30 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4DB3VS6bsNzFJP; Wed, 6 Jan 2021 23:11:28 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1609971088; bh=yaAKnBNi2MX/Z+FapW2xhWs+KRrbzp+p/EILKeWaaDA=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=mJIlzDNHUtF1lSgHixD/hHD7ZToah3GuqevW1N1jPC7XKXnQgwUqG6KgZq+QYtxS8 Q3Vt8D/UsPeOaWTOHTzJLoHF9pa0O3/wpDIiqBFLrr84CTuqmPZSEm3rez2ek/GICA rqFKuU3UJfZYRKWxcCI+DSZVj+3BGyMZE5wfGCho=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id ktfWPDXXceBG; Wed, 6 Jan 2021 23:11:28 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 6 Jan 2021 23:11:27 +0100 (CET)
Received: from [193.110.157.220] (unknown [193.110.157.220]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 935C56029A47; Wed, 6 Jan 2021 17:11:26 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Wed, 06 Jan 2021 17:11:25 -0500
Message-Id: <1AACE627-3ABD-42F2-A715-F092925E7640@nohats.ca>
References: <BE8EEAE6-A33A-41FF-908E-821FB3850422@icann.org>
Cc: dnsop <dnsop@ietf.org>
In-Reply-To: <BE8EEAE6-A33A-41FF-908E-821FB3850422@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>
X-Mailer: iPhone Mail (18C66)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/izcjcYzT_qAj1CmN5Fg08_mo1MQ>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 22:11:32 -0000
On Jan 6, 2021, at 16:30, Paul Hoffman <paul.hoffman@icann.org> wrote: > > On Jan 6, 2021, at 1:19 PM, Paul Wouters <paul@nohats.ca> wrote: >> Remember also that TLS ciphers are negotiated. > > A better analogy might be "although TLS key exchange and encryption ciphers are negotiated, the signing algorithm on the server's certificate is not negotiated". DNSSEC signing is much more akin to the latter, I think. > >> There is no negotiation >> in DNSSEC. > > Quite right, just as there is no negotiation for the authentication in TLS. I stand corrected. You are right. Paul
- [DNSOP] Call for Adoption: draft-hoffman-dnssec-i… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Olafur Gudmundsson
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Valery Smyslov
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Vittorio Bertola
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- [DNSOP] Code Point Assignment Suggestion - was Re… Brian Dickson
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Василий Долматов
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Василий Долматов
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla