Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt

Warren Kumari <warren@kumari.net> Wed, 03 August 2016 20:33 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 197D112B01D for <dnsop@ietfa.amsl.com>; Wed, 3 Aug 2016 13:33:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xu0yQXfz0Cpa for <dnsop@ietfa.amsl.com>; Wed, 3 Aug 2016 13:33:28 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC3D512B015 for <dnsop@ietf.org>; Wed, 3 Aug 2016 13:33:27 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id w38so150170311qtb.0 for <dnsop@ietf.org>; Wed, 03 Aug 2016 13:33:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=YD7l2gejHOCMpnRMm9P3vbMVA11g9GP4Jz4XnOTN6dE=; b=wFPm2wjCf6H8UhIoRbpHM+8UUjCoRJLpaYCVYkHeJMJDcIl7VX8PfTyLp9Uhq9owms bTG6W6YAFFH6pIFwHVIdtIAERO0RW75eYZLdD3wLEKdtdzHTXQeJJIZRsTlfUsKLqh4J o34QlhBOsPCe/U3x3KblsiZIql56ASg/7BXqir4WWh6nJzyRsZlJs0b32PgKevs1RwWq I271XGnqp6YKu316fyKislyyN/ErrNfKnDmmYsbrYYLmbwMdsMyeGVXdMvXPYpdz9jaH AdE2H/mlWcoK8xuoLAnXvd3Im7/Mn+221m8OYGVW0OPhyEIVIyZBcSIuIxjGaZ41aVd4 NS0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=YD7l2gejHOCMpnRMm9P3vbMVA11g9GP4Jz4XnOTN6dE=; b=OFSdQB5JGy1v4O2u+yfIs6Xb/GXtY3Q8ysSzBPTdgLcEPsQcLi9jhjlCL5CyFFvZVd rZ940s40iiCRmwbvF8nsbSeoPeBTbS0HP2zY6XgeOgVRFC7dyMaLj2KaDLk/H6N6WCpu ygN46NwYPMkBJnHIGig2Au+TciXquB05xKdNzIyHa6NB3p3m0K5poHBPQlVH8Ee4Ap8E UwKtVxfijEVpKcOQGOTFAnk6BLPXyvO0+Diqcq8I/7d124wWpoHKBzbFG/YgEccpGr2+ oxs/qdU01CFGwGya39cKl97B5VKGLdlfkFxpmwAH7QD2A5k0vjf3PDSRGOee6HY+0O7S t1Sg==
X-Gm-Message-State: AEkoout5Hu/xNprvkOQI8hr6B+YCqDVMDNbQtNds4csleQk7tAwY3xOfCUdXXujOKPWOnAKAZkYOPOtkEUfZHZtJ
X-Received: by 10.200.45.8 with SMTP id n8mr2306925qta.57.1470256406701; Wed, 03 Aug 2016 13:33:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.176.199 with HTTP; Wed, 3 Aug 2016 13:32:56 -0700 (PDT)
In-Reply-To: <20160803191756.6121.3153.idtracker@ietfa.amsl.com>
References: <20160803191756.6121.3153.idtracker@ietfa.amsl.com>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 03 Aug 2016 13:32:56 -0700
Message-ID: <CAHw9_iJDCbbHHhXEo31yZPJmfuAr-cKFshmrcAq__6v011BFLw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mYs_C6rBeG24J7mnIEf8HKn8y30>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 20:33:30 -0000

We have updated this document with comments and feedback from Berlin.
We have also gone through and done another editing pass, removing a
significant amount of text which was intended to drive the discussion,
but would not really be useful in a published RFC.

Please review it, we believe that the document is ready (or almost
ready) for WGLC.

W

On Wed, Aug 3, 2016 at 12:17 PM,  <internet-drafts@ietf.org> wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations of the IETF.
>
>         Title           : Aggressive use of NSEC/NSEC3
>         Authors         : Kazunori Fujiwara
>                           Akira Kato
>                           Warren Kumari
>         Filename        : draft-ietf-dnsop-nsec-aggressiveuse-01.txt
>         Pages           : 12
>         Date            : 2016-08-03
>
> Abstract:
>    The DNS relies upon caching to scale; however, the cache lookup
>    generally requires an exact match.  This document specifies the use
>    of NSEC/NSEC3 resource records to generate negative answers within a
>    range.  This increases resilience to DoS attacks, increases
>    performance / decreases latency, decreases resource utilization on
>    both authoritative and recursive servers, and also increases privacy.
>
>    This document updates RFC4035 by allowing resolvers to generate
>    negative answers based upon NSEC/NSEC3 records.
>
>    [ Ed note: Text inside square brackets ([]) is additional background
>    information, answers to frequently asked questions, general musings,
>    etc.  They will be removed before publication.This document is being
>    collaborated on in Github at: https://github.com/wkumari/draft-ietf-
>    dnsop-nsec-aggressiveuse.  The most recent version of the document,
>    open issues, etc should all be available here.  The authors
>    (gratefully) accept pull requests.
>
>    Known / open issues [To be moved to Github issue tracker]:
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-01
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf