IETF Logo Mail Archive

Re: [DNSOP] On Powerbind

Olaf Kolkman <kolkman@isoc.org> Fri, 17 April 2020 09:27 UTC

Return-Path: <kolkman@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 212333A11A8 for <dnsop@ietfa.amsl.com>; Fri, 17 Apr 2020 02:27:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFqmsaJ_iu8p for <dnsop@ietfa.amsl.com>; Fri, 17 Apr 2020 02:27:13 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680072.outbound.protection.outlook.com [40.107.68.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F2D53A11A7 for <dnsop@ietf.org>; Fri, 17 Apr 2020 02:27:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QpuA0Q5WgXrXiOKTP1/LHb1LeT1gCyi8jDQNs+0hPlCJ2PTunOZoSz4f8IsdWl3oNEGEkRKfsUhErHUnTcopIG35fgSR6HBTp9d4Z0D+YEPW+xWDq7JiHoRr1DigF6xwGrfFYO8kLy/OiNDZIwOyTh7gzwTDw63bCduHYAEmWH0XoFarPpBYhYb2/nT4GoY+sHK1Ob+L/MwBSDPq9LF+NhAxXYtcBkwzaD6WH9sQENjGyTLwiQwmNJt1AGTUtLQQ4oTujpKgYAn4w9V5UP48b/tLfIZKrXSVOm8EBJfSi5qM8R0zHgTmpSScHVnZ8s0X/4gqukRcCBXch0HTTxT+fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SqdN6PHDGS6hDNfiAkdDZWW/2dJ59wOoXprxyHCtf5s=; b=T7VA9P98mmNqUdUq6uceoacKG30bMZC9cc/wQCZO5C4efxkqd27gml508o7P+PN3edhZszu5O5ZZagbUAMChQvxPc07yqH07ZOql8ZFIwnVhhT5sOVQ6gUuNENib9X+Krzg0do0+UsICWTlULrU+eZkOT6grYortS+cYN9QkoUj4YPt7Xul4PkLKil4ZFDT/m3nvdMzg+fJ3eOUhWpV2a8fJpOOdPdv+5uR23pUpmCFhqCQC5T7CHDZ8FIFsAqUidn5urVNrgVPQdID2/tSwR6EzGfuA9b+lD02fP7HP3Gz2s5lOXtlyyavRoNhbYyX/AWVJ0RDCY4Y3KMq4cBd+Fw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SqdN6PHDGS6hDNfiAkdDZWW/2dJ59wOoXprxyHCtf5s=; b=XLPHby0TQN0UAtP7PoEvtAy29H9EEwffTwdoKN7gaUC0waIZYtypZNKXg9arojGaodLh6pGRWeprdnYoqnoJpwhGR+FQCfhzo4OUa8RKiQmFXKmA+av1P1GajjjZOzD9SktsJYrYJT8DiwWsoND5O1qfOEZ6STUMyp8Xoxvrn6Q=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kolkman@isoc.org;
Received: from DM6PR06MB6473.namprd06.prod.outlook.com (2603:10b6:5:256::9) by DM6PR06MB4122.namprd06.prod.outlook.com (2603:10b6:5:90::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.17; Fri, 17 Apr 2020 09:27:11 +0000
Received: from DM6PR06MB6473.namprd06.prod.outlook.com ([fe80::e006:3790:ee54:fd0c]) by DM6PR06MB6473.namprd06.prod.outlook.com ([fe80::e006:3790:ee54:fd0c%8]) with mapi id 15.20.2900.028; Fri, 17 Apr 2020 09:27:11 +0000
From: Olaf Kolkman <kolkman@isoc.org>
To: Dick Franks <rwfranks@gmail.com>
Cc: Warren Kumari <warren@kumari.net>, dnsop <dnsop@ietf.org>, Paul Wouters <paul@nohats.ca>, Wes Hardaker <wjhns1@hardakers.net>
Date: Fri, 17 Apr 2020 11:27:05 +0200
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <D63AAE46-C174-470D-88F0-2F7196CEBA80@isoc.org>
In-Reply-To: <CAKW6Ri6pzs_-iQJeTfBuLtHaduBPTOHf-QainWn=6XvxvX1oWA@mail.gmail.com>
References: <CAHbrMsAbHV8M2GR95nyZ-vCZOGghgxrdVD5NaTC=05q16HBd5Q@mail.gmail.com> <ybllfmxvhlr.fsf@w7.hardakers.net> <CAHbrMsAg4KMmMzntS-sWSeYJ3CWywC=Jv5pqBFdmCFmsY3tjUw@mail.gmail.com> <alpine.LRH.2.21.2004141951540.5865@bofh.nohats.ca> <CAHbrMsDgih9f2Et7x627JuYnZhinfWn80Zi_cBoO7UXR-gMGfg@mail.gmail.com> <CAHw9_i+yMHgjZzjCEhKghGb=m+zPqXep0tHgEwcojG_VpphTqw@mail.gmail.com> <CAKW6Ri6pzs_-iQJeTfBuLtHaduBPTOHf-QainWn=6XvxvX1oWA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="=_MailMate_9BE64CB9-3252-4BB3-9017-EBE2E9098FB1_="
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AM0PR05CA0089.eurprd05.prod.outlook.com (2603:10a6:208:136::29) To DM6PR06MB6473.namprd06.prod.outlook.com (2603:10b6:5:256::9)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.178.21] (2001:980:2282:1:9916:f416:1b7a:2312) by AM0PR05CA0089.eurprd05.prod.outlook.com (2603:10a6:208:136::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25 via Frontend Transport; Fri, 17 Apr 2020 09:27:10 +0000
X-Mailer: MailMate (1.13.1r5671)
X-Originating-IP: [2001:980:2282:1:9916:f416:1b7a:2312]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c18caa4b-20e9-4e71-bc45-08d7e2b181e0
X-MS-TrafficTypeDiagnostic: DM6PR06MB4122:
X-Microsoft-Antispam-PRVS: <DM6PR06MB4122531B2717AEB29B26E719D9D90@DM6PR06MB4122.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0376ECF4DD
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR06MB6473.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(366004)(136003)(376002)(346002)(39850400004)(396003)(54906003)(6666004)(33656002)(2906002)(66574012)(4326008)(2616005)(5660300002)(478600001)(8676002)(66946007)(16526019)(186003)(81156014)(66476007)(33964004)(6486002)(86362001)(966005)(8936002)(6916009)(53546011)(52116002)(316002)(36756003)(66556008)(554534003)(72826003); DIR:OUT; SFP:1101;
Received-SPF: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: vfLuELWNrAyoSyEU5tpDe/AiWQjcCpt1hZAd8CQVwbB5ZHiNlNMZjFEQTh5ZBq5dRMGSXPskrRAQVO56qxUUJaS5xP8TZOAzGGK6zaBXuDVd7Myjkw3CBsMUGPx1Pk1+yQC+62Nz52AW6PQoCmYLmLfhLfl4jOIEY3S5MRq3mA2ef4ebXyHOD/gGviG1GmpuMBqjmRtKpFeN+/HXdWClXJtEHWUlBmTQrLixisGz7O2tUUMoOC0c5MBw2mqe3BpkVz/4MB0Fsk/KBO4L/qyvMaR2780hpaF/HP28N4arPsnfxtfbFrf+54MYQziCPorGX9prrVy+nO/EVmHvyeCBzeCxjRmDSSWyv28Nw40L+xgI7vLfWSuBTpugB6naJ0bDvb0ES31HZVaayuWyz4Y2gqVND+OWhMHMFwHSV4LSBRuXwC/UXl9So7LUF+3BTMmGhkfAOxnwd4BKIqnQ+fQR7W2ofcsBDhNrdI2XbSYgfBA6fs49a8V36VKRxEIZa3cgqcAdBBa+RygSoenPJGB71FE2IyBUd0JFR4H471Ci3lH0nxZOpErF2hDMsnB7FMTT6ThWfSuchTB/FOGrXADuFeSrAvCPIw865lQ7v98/6EM=
X-MS-Exchange-AntiSpam-MessageData: 12zgT33MAVcis1vMDgJw1TzxzFOIZXU5E5OeMi+NsmWbDPGDcHSLvZqTWxiibAOVPjSGRoeMBi5GbQSmyWhtFyH8YlzJ0YGEDzjjh93yvNbVOkcj/WGyBD+ECQJppMv3xyLla2XCHE5aFKjBxPM5zdqm3AfxyisYvb0TMECsf2Tys6H4drDlaooDuvGa0ir6jvJfbZwurxgMyGo6Vf1LmQ==
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: c18caa4b-20e9-4e71-bc45-08d7e2b181e0
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2020 09:27:11.3377 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: e/yoh6HULKZmJ9YQjme6M6br8jNcosCybyU+yhwX1BMsAwE8N5EPFQ2R/jb4OmhtMXO/T0e8cyT2GDB7vqQiLw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4122
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/l-hgWUhqZMjh1f_5cNlgVA8BpyY>
Subject: Re: [DNSOP] On Powerbind
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 09:27:16 -0000

Looking for this: 
https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml ?



—Olaf

PS. Haven’t looked at this code for over a decade. That last croak, 
Postel principle violation?

On 16 Apr 2020, at 23:08, Dick Franks wrote:

> Warren,
>
> Comments in line
>
> On Thu, 16 Apr 2020 at 20:31, Warren Kumari <warren@kumari.net> wrote:
>> 8
>
>> Just checking - the DNSKEY Flags field is 16 bits, and we have so far 
>> burned:
>> Bit 15 - SEP
>> Bit 7 - Zone key
>> Bit 8 - Revoked
>> Did I miss any (I wasn't able to find a registry for this)?
>>
>> If not, we still have 13 bits left, and so using one for this seems 
>> ok
>> to me, especially if recursives doing something with it is 
>> optional...
>> (I had mistakenly remembered the Flags as being only 8 bits)
>> I'm still not convinced that DNSSEC Transparency will come to pass,
>> nor that many zones will use this flag, but I'm now much more 
>> sanguine
>> about giving it a bit...
>>
>
> The lack(?) of a registry is indeed regrettable.
>
> However, there seems to be some historical meaning attached to some of
> the other flag bits.
>
> If I look back at Net::DNS::SEC 0.17, bequeathed to me by one Olaf
> Kolkman, the DS create() method contains the following mysterious
> (perl) lines, for which I can offer no coherent explanation:
>
>     # The key must not be a NULL key.
>     if (($keyrr->{"flags"} & hex("0xc000") ) == hex("0xc000") ){
>         croak "\nCreating a DS record for a NULL key is illegal";
>     }
>
>     # Bit 0 must not be set.
>     if (($keyrr->{"flags"}) & hex("0x8000")) {
>         croak "\nCreating a DS record for a key with flag bit 0 set ".
>             "to 0 is illegal";
>     }
>
>     # Bit 6 must be set to 0 bit 7 must be set to 1
>     if ( ($keyrr->{"flags"} & hex("0x300")) != hex("0x100")){
>         croak "\nCreating a DS record for a key with flags 6 and 7 not 
> set ".
>             "0  and 1 respectively is illegal";
>     }
>
> which would seem to indicate that some of the other bits were thought
> to have some meaning circa 2013.
>
> Perhaps Olaf can shed some light on this topic.
>
>
> Dick Franks
> ________________________



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Olaf M. Kolkman                                     Tweets as: @kolkman
Principal - Internet Technology, Policy, and Advocacy
Internet Society                        https://www.internetsociety.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

v2.23.0 | Report a Bug | By Email