IETF Logo Mail Archive

Re: [DNSOP] DNSSEC as a Best Current Practice

Tim Wicinski <tjw.ietf@gmail.com> Thu, 14 April 2022 14:17 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B683A1B45; Thu, 14 Apr 2022 07:17:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pYjbUerzILkP; Thu, 14 Apr 2022 07:17:45 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B7243A1B46; Thu, 14 Apr 2022 07:17:45 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id w19so9312001lfu.11; Thu, 14 Apr 2022 07:17:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dUuQ40OMmHs+NNIaiqqo8JD1eujZAJLO+ZOfp5rLYBc=; b=C1fwxOWWATCAMAwzBdqJyXzV1glDVjOFoLFQHbuIsBj7wUrarW5gFwCBpdYOFuExG6 da7oKLuaI3q8mJxI8yzqvmU+A7eS7eroJLd85evXI0rEuXBmAG3Exz6An6q9muoqwcAU hnW2pUxn5IvfVd+A3sjMI8MDjDnB2XJRWpFlHPrxPW2iyAzULomERSC2IGp3aGX57aSe tbZkKicqUiypqGIfHvbtEQQPYm0nzd/o2+9kFWx3Mj+A+pRXd8FtNKKDEf0hR77FmLkY m3rxP74ECxkfquyQxNqA4WSIQLZOGzvex466chGWjvvX8490qjDv/kcRsXC8QtAf0ChI zT2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dUuQ40OMmHs+NNIaiqqo8JD1eujZAJLO+ZOfp5rLYBc=; b=R6KKo5BF5oMbfBJxBpPNFw+MR7PJMRXEIwGXiKMFdP/evfU3c2LNqVH9HqhUNcYo6j oQvZeU6pOunge2oN0VdnO1BG8g3ofCa3O+iSeSzFi0JRT7zoP2j1nbaBqfEE6GSvFvE+ b0uz/Y524LsJTxehnw+FJXlV1hyVbYMc3P1vfmkTJaF6ff9lYZoLfNaLJubrUB5qiZfZ piae2A2M/jt8iAXRbh2qaX7+2kS4jYsFPfA49JD9Qeq+hDbdNCRZ6AyCX/fJujgSjlOk 3d8vy2hC7WvgXP90CwOOlHK3QHCL5SDuA/h9l/Bf/Saq7tVYx5U2VMzjY7VhizwqQNaU P1zA==
X-Gm-Message-State: AOAM533DoWJkh0gB4VC/zKj8Gu70+4RzxkYiEXzjB27jVlB37Xx4g50R VdKx7eJAUWEAasWc9kgH81zlrKbqs5m1DUbw71E=
X-Google-Smtp-Source: ABdhPJzIvJW+kA/QW65P06eHtioPF3nihcOjEOe2L8nfW14mYMZLMJtNKgBfFwJIeurHViOVvYgSbYKeh2ns7sqrfeo=
X-Received: by 2002:a05:6512:22d5:b0:46b:c423:826a with SMTP id g21-20020a05651222d500b0046bc423826amr2014822lfu.162.1649945863326; Thu, 14 Apr 2022 07:17:43 -0700 (PDT)
MIME-Version: 1.0
References: <57f1c37b-497c-e1a0-329c-4b9c8b7e197b@necom830.hpcl.titech.ac.jp> <A9F689C9-4ABF-4947-AA6B-56E2F0C17D13@nohats.ca> <9732682e-78e7-f6bf-84fc-685de22d5e12@necom830.hpcl.titech.ac.jp> <350d8ab8-0477-b656-8b08-56f7561a7fda@necom830.hpcl.titech.ac.jp> <CAH1iCiqkAPHq1QBKdkbh86j8UhimjEMG9DU15O9Tkch4BedBjg@mail.gmail.com> <0e2dffab-6afc-b1b6-9028-175f89f0d29e@necom830.hpcl.titech.ac.jp> <b3bf6748-be6d-a287-27e4-87af36ab10@nohats.ca> <dc4a21ee-cc4c-9cb1-9a56-b4992201378c@necom830.hpcl.titech.ac.jp> <c47227f6-5556-1e75-3a48-8aa6bad498ac@nohats.ca> <61b46811-fa52-5ec0-e16b-eb7e9d9560d4@necom830.hpcl.titech.ac.jp> <3ca89d-9aa9-7a28-e7cc-948756eb459e@nohats.ca>
In-Reply-To: <3ca89d-9aa9-7a28-e7cc-948756eb459e@nohats.ca>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 14 Apr 2022 10:17:30 -0400
Message-ID: <CADyWQ+EZsZY9BQVUDu8uU5LWRJ_Zva=UTGs11zjDp+vRqN3AZg@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, "dnsop@ietf.org WG" <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001510d105dc9df514"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/l-zSGDRKPg-MvqXmvI0xJWcRY6w>
Subject: Re: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2022 14:17:54 -0000

I sent this earlier today but I failed to do the Reply-All:

---

>From the chairs,

This needs to stop.  Please send suggested text for the document that can
be discussed, otherwise we are requesting you cease

Thanks
Tim
----



On Thu, Apr 14, 2022 at 10:02 AM Paul Wouters <paul@nohats.ca> wrote:

> On Thu, 14 Apr 2022, Masataka Ohta wrote:
>
> >>>  I can't see any reason why you think the root zone is
> >>>  more secure than TLDs, especially because, as I wrote:
> >>
> >>  Because I am informed about their operational procedures and I
> >>  contributed to the technical design as one of the for the DNS Root Zone
> >>  Key-Signing-Key of the Root Zone Rollover advisory group.
> >
> > So, you mean the root zone is secure because of "operational
> > procedures", which is not cryptographic.
>
> No I did not say that at all.
>
> > Thank you very much to have confirmed my  point that DNSSEC
> > is not cryptographically secure.
>
> > Your point is, surely, conclusive.
>
> This twisting of my words has now reached abusive levels, and I hope
> the chairs will now take action.
>
> Paul
>

v2.23.0 | Report a Bug | By Email