Re: [DNSOP] DNSSEC as a Best Current Practice
Bjørn Mork <bjorn@mork.no> Tue, 22 March 2022 08:53 UTC
Return-Path: <bjorn@miraculix.mork.no>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DC223A0CF1 for <dnsop@ietfa.amsl.com>; Tue, 22 Mar 2022 01:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mork.no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPwcGIPdO_Ze for <dnsop@ietfa.amsl.com>; Tue, 22 Mar 2022 01:52:58 -0700 (PDT)
Received: from louie.mork.no (louie.mork.no [IPv6:2001:41c8:51:8a:feff:ff:fe00:e5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 315D93A0CE8 for <DNSOP@ietf.org>; Tue, 22 Mar 2022 01:52:56 -0700 (PDT)
Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9f:8600:0:0:0:1]) (authenticated bits=0) by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 22M8ql4O537041 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Tue, 22 Mar 2022 08:52:48 GMT
Received: from miraculix.mork.no ([IPv6:2a01:799:c9f:8602:8cd5:a7b0:d07:d516]) (authenticated bits=0) by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 22M8qkt31369364 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Tue, 22 Mar 2022 09:52:46 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; t=1647939166; bh=g3yf33Em8b176X9Y3SWPb+PxFbUvKqWS5sEV41Z3EWM=; h=From:To:Cc:Subject:References:Date:Message-ID:From; b=ovdeUR4AV3uv3luz15/Uu+CJwsYRdBkWsbglLwABUgo2krUGJeYvJwv791PuEeCTi RSxXfkZcFUbgHxnHPoZysvEGezFfYIH82oweAMnAplCL3yS/5YuhcJWad48i2fSrDr 0lvGbWpbAuENfCcrXbYabmp3fea67qQmq2v61QF0=
Received: (nullmailer pid 997768 invoked by uid 1000); Tue, 22 Mar 2022 08:52:45 -0000
From: Bjørn Mork <bjorn@mork.no>
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc: "dnsop@ietf.org WG" <DNSOP@ietf.org>
Organization: m
References: <7aaed092-8877-ec15-9b7b-5d488e383d04@necom830.hpcl.titech.ac.jp> <7C43871E-60AF-485D-8AB3-65E72539F831@nohats.ca> <59fdc791-4482-141b-03b4-bc27e8824f31@necom830.hpcl.titech.ac.jp> <1cd37a4-2f80-5a8c-f377-d224a363d76@nohats.ca> <6d46abd6-60ca-d896-6408-fe83a83895cf@necom830.hpcl.titech.ac.jp> <CAH1iCir6OdMWZLFnP_=me+PFhYL+FxTjhEjKFO32+g61JgjnNg@mail.gmail.com> <4a33bbc9-b085-e8bc-4183-f55933e57786@necom830.hpcl.titech.ac.jp>
Date: Tue, 22 Mar 2022 09:52:45 +0100
In-Reply-To: <4a33bbc9-b085-e8bc-4183-f55933e57786@necom830.hpcl.titech.ac.jp> (Masataka Ohta's message of "Tue, 22 Mar 2022 17:19:42 +0900")
Message-ID: <87pmme8j36.fsf@miraculix.mork.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.103.3 at canardo
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kWCX7IJ4DxjYo6bu-xMq5o_3WDU>
Subject: Re: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 09:04:32 -0000
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> writes: > Plain DNS with long enough message ID is secure enough. Hello! Can you please point me to the set of RFCs (or draft) which describes this "secure enough" alternative to DNSSEC? I must admit I'm a bit lost wrt precisely what that alternative is since you haven't given a single reference AFAICS. The whole point of the draft being discussed here is to define a BCP pointing to the relevant standards. Please contribute to that. Thanks. Bjørn
- [DNSOP] Is DNSSEC a Best Current Practice? Paul Hoffman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Wouters
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Stephen Farrell
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Bill Woodcock
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Colm MacCárthaigh
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Livingood, Jason
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Grant Taylor
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Yasuhiro Orange Morishita / 森下泰宏
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Paul Vixie
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Mukund Sivaraman
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Tim Wicinski
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Masataka Ohta
- Re: [DNSOP] Is DNSSEC a Best Current Practice? Viktor Dukhovni
- [DNSOP] DNSSEC as a Best Current Practice Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice David Conrad
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Joe Abley
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Dr Eberhard W Lisse
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Ted Lemon
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Vixie
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Bjørn Mork
- Re: [DNSOP] DNSSEC as a Best Current Practice Brian Dickson
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Paul Hoffman
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Masataka Ohta
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jerry Lundström
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] [Ext] DNSSEC as a Best Current Practi… Jim Reid
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta
- Re: [DNSOP] DNSSEC as a Best Current Practice james
- Re: [DNSOP] DNSSEC as a Best Current Practice Paul Wouters
- Re: [DNSOP] DNSSEC as a Best Current Practice Tim Wicinski
- Re: [DNSOP] DNSSEC as a Best Current Practice Mukund Sivaraman
- Re: [DNSOP] DNSSEC as a Best Current Practice Masataka Ohta