IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-00.txt

Bob Harold <rharolde@umich.edu> Fri, 22 April 2022 18:46 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7BD3A155F for <dnsop@ietfa.amsl.com>; Fri, 22 Apr 2022 11:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNv6jbuQABLq for <dnsop@ietfa.amsl.com>; Fri, 22 Apr 2022 11:46:48 -0700 (PDT)
Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15CC73A1560 for <dnsop@ietf.org>; Fri, 22 Apr 2022 11:46:47 -0700 (PDT)
Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-2ef5380669cso94680437b3.9 for <dnsop@ietf.org>; Fri, 22 Apr 2022 11:46:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8//yI+MIfN8KVf/JNp8xhMq6fGfJgby5nRNAVybKKPo=; b=VDFNKTfJLchtLu5HZ2aTQReY4AIMV59i0aoFrf8MY41z++17o3A0yOJQ68sN8PZat2 8qACixUT5HIwI0DIpXYIWEyyTKQDE+Gi4ZRAxXv23CjrdY3Nw4IHbDx8YlyknAqiyLzJ 4mvXBefmuEpZzuAutWRwUVOGuPVioAtXVWOEkPB8sMndi0fCdETfWDzj8mRgfaht1zZC o0XrXb72+QUTEtD3Jrh32LvvzFBDrdTAPouwJoCFdeITayKSxSwvrGM0SvLtZlAjTTsC Kys1T47Qiee09yCYeqQX6CZKzRsI2El4rSlFwTOYbypoXVm5AdTSuPfvKLsHa7JtW8Rd lTNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8//yI+MIfN8KVf/JNp8xhMq6fGfJgby5nRNAVybKKPo=; b=7sIL/DXaW5c1e8n4sDcsFEUN3AXubNp5Q/P4ko7L4xqXTPY+zcxmADa+s9sTu/OWcb gUkjo51epNxzBlxqQxJ3Vj5B+/CVgCPU1iqHgnt22itFvq4Gcl9JiuCIZlw5lyTpc+wc 5n+sbmuRp9y6kAhtCE9ujQTqKFaC/axZ1GDAMrMsFBp2bm6fXS6x5AtO1syODlbrb/y0 FPxF/ChuXHInCD7186XK8QfpRllT6Lj4LdPWGXcMBTGv0dSXnJ7oT8qxatFQDtUz5VLX QyVOesrjiX9rXWh2Z9dnIFKSsTMkRnFMk9CDtbLQaqUVkJZ00y+DMBePSOIOt+Nob0yo KIkA==
X-Gm-Message-State: AOAM532A2mAV4FTZYEngzhQZXl9uRGwEtQh+IX/X0SZYo9bkisHXTLMp dp/kptjhKJqRBEh8g4riaXrsI8OFtsI5Id7s6+zNzv9FNvtwcA==
X-Google-Smtp-Source: ABdhPJyiftfdbApwmfpVaQqAFaUMdOjZQtNAq4jZ0euM59l8xq+lxCud0SpgVaM8ek+81HNnA74uiPuds2C794wiB10=
X-Received: by 2002:a0d:ea8e:0:b0:2f4:dd32:4968 with SMTP id t136-20020a0dea8e000000b002f4dd324968mr6218057ywe.133.1650653206623; Fri, 22 Apr 2022 11:46:46 -0700 (PDT)
MIME-Version: 1.0
References: <165060179936.9371.9524090867766025543@ietfa.amsl.com>
In-Reply-To: <165060179936.9371.9524090867766025543@ietfa.amsl.com>
From: Bob Harold <rharolde@umich.edu>
Date: Fri, 22 Apr 2022 14:46:35 -0400
Message-ID: <CA+nkc8C8cxGUadjmFBntL535WFVUiU9XdDhp=t8jwK8r3ETSNw@mail.gmail.com>
To: dnsop@ietf.org
Cc: i-d-announce@ietf.org
Content-Type: multipart/alternative; boundary="000000000000074a5605dd42a634"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ku12Y3uwcbiLRivc_aJbF6HNtbw>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 18:46:53 -0000

On Fri, Apr 22, 2022 at 12:30 AM <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Domain Name System Operations WG of the
> IETF.
>
>         Title           : Automatic DNSSEC Bootstrapping using
> Authenticated Signals from the Zone's Operator
>         Authors         : Peter Thomassen
>                           Nils Wisiol
>         Filename        : draft-ietf-dnsop-dnssec-bootstrapping-00.txt
>         Pages           : 14
>         Date            : 2022-04-21
>
> Abstract:
>    This document introduces an in-band method for DNS operators to
>    publish arbitrary information about the zones they are authoritative
>    for, in an authenticated fashion and on a per-zone basis.  The
>    mechanism allows managed DNS operators to securely announce DNSSEC
>    key parameters for zones under their management, including for zones
>    that are not currently securely delegated.
>
>    Whenever DS records are absent for a zone's delegation, this signal
>    enables the parent's registry or registrar to cryptographically
>    validate the CDS/CDNSKEY records found at the child's apex.  The
>    parent can then provision DS records for the delegation without
>    resorting to out-of-band validation or weaker types of cross-checks
>    such as "Accept after Delay" ([RFC8078]).
>
>    This document updates [RFC8078] and replaces its Section 3 with
>    Section 3.2 of this document.
>
>    [ Ed note: Text inside square brackets ([]) is additional background
>    information, answers to frequently asked questions, general musings,
>    etc.  They will be removed before publication.  This document is
>    being collaborated on at https://github.com/desec-io/draft-thomassen-
>    dnsop-dnssec-bootstrapping/ (https://github.com/desec-io/draft-
>    thomassen-dnsop-dnssec-bootstrapping/).  The authors gratefully
>    accept pull requests. ]
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/
>
> There is also an HTML version available at:
>
> https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-00.html
>
>
Interesting idea.

Minor edit:

In "1. Introduction", third paragraph, first sentence:
" these dependencies result often result "
the first "result" should be removed.

-- 
Bob Harold

v2.8.7 | Report a Bug | By Email