Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-17.txt
Bob Harold <rharolde@umich.edu> Mon, 22 October 2018 17:01 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E576A130EBF for <dnsop@ietfa.amsl.com>; Mon, 22 Oct 2018 10:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sJ2mcoh1SpO for <dnsop@ietfa.amsl.com>; Mon, 22 Oct 2018 10:01:41 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD82A130DC5 for <dnsop@ietf.org>; Mon, 22 Oct 2018 10:01:40 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id l1-v6so11200155lfc.3 for <dnsop@ietf.org>; Mon, 22 Oct 2018 10:01:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+ehqRh0X9GvA3o7JGnHJfyDkXIgBLKYu8lnQbO8E1H0=; b=LWe/QiLvzfuMKVpoqT0a7FGJfTm65kpTwOA/4hVHXR4ibx2/OOoU93HmzfT+x3yyhc Ji05IfcMyhlvUkdAyFIiQANeCswanTmTOKZw87Q4AYK6sAgDjvvFRt32UHsx8XlI06Pe yKO79fe4YluuMkmhPXYHZJOQ0R1AXFgojgmQrj+/4OpQMrQDvaGju1dO6mpYC8+/1uZd xHeZS7ZSuvAVzof3yTwgGB3ftH4ewCJoV3B6WWpNaDwBcfpCzIbv8T2EtxqCufCskbYx kdPfC55QlFC7SrrnxN33/1eVlZsGtnzlvSmknxuFk8/mADzBWhbTG29D35qmLchayLcy K2yA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+ehqRh0X9GvA3o7JGnHJfyDkXIgBLKYu8lnQbO8E1H0=; b=YY+WhE4DGO20HhfxqZr3YxdToQXZPKSidcKQinfYcJCdjwUcs1I/cYt7vrwcgqPUkK QiPQxx02YrrCX38xy+oDuhDvmRTEA9xHCtI9XTJZsRgZUlNWlTvhWflPL83t0c4EtDUL J+UT403OI4prGELFQ00WdkJSyypXwUwKXjb36apG/WrO8WXVmKAAVgbpRtC/IxaRNbDp yjOar1Uo9NgN6CkbR5b09HYYyla1qAG8XoR7Dez62eM81sdLwAEFD1+2GpgzaltB+3TO ChhFNSrtIiNmytq6UqFjDiiCUZdk1x+oGwka/XI65jwTsEPdDEJpo2ZMVqLuptjaRJkb etIA==
X-Gm-Message-State: ABuFfojz0TdXyL57+fJdHtyw3jahC1et60fJV6R9YsoZjpVy5y1Mk5n9 /df1gEiJn75s+JuDy1ql+51xcl1MgjVIiYTptmoZmy5hOxw=
X-Google-Smtp-Source: ACcGV6318uYohvLz6In1XBWLSJxghLV2+bL2rTPE7HZipulwBD54rUCGi3d8piQvfGkOHYFMRqKEaev+qc83B3gFc0w=
X-Received: by 2002:a19:df54:: with SMTP id q20-v6mr10405789lfj.130.1540227698602; Mon, 22 Oct 2018 10:01:38 -0700 (PDT)
MIME-Version: 1.0
References: <154014987122.10796.1928707009591677582@ietfa.amsl.com>
In-Reply-To: <154014987122.10796.1928707009591677582@ietfa.amsl.com>
From: Bob Harold <rharolde@umich.edu>
Date: Mon, 22 Oct 2018 13:01:27 -0400
Message-ID: <CA+nkc8DG=FKrGAQO1XJeUbMFRw6nNnZtEt9cA+ir6BLJ3N707w@mail.gmail.com>
To: IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d9503e0578d434c6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/n0ZattSqlpbb_g6_E9NeK_ccgeI>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sentinel-17.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2018 17:01:52 -0000
On Sun, Oct 21, 2018 at 3:24 PM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : A Root Key Trust Anchor Sentinel for DNSSEC > Authors : Geoff Huston > Joao Silva Damas > Warren Kumari > Filename : draft-ietf-dnsop-kskroll-sentinel-17.txt > Pages : 23 > Date : 2018-10-21 > > Abstract: > The DNS Security Extensions (DNSSEC) were developed to provide origin > authentication and integrity protection for DNS data by using digital > signatures. These digital signatures can be verified by building a > chain of trust starting from a trust anchor and proceeding down to a > particular node in the DNS. This document specifies a mechanism that > will allow an end user and third parties to determine the trusted key > state for the root key of the resolvers that handle that user's DNS > queries. Note that this method is only applicable for determining > which keys are in the trust store for the root key. > > [ This document is being collaborated on in Github at: > https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most > recent version of the document, open issues, etc should all be > available here. The authors (gratefully) accept pull requests. RFC > Editor, please remove text in square brackets before publication. ] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-17 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-17 2 <https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17#section-2>. Sentinel Mechanism in Resolvers As one example, underscore prefixed names were rejected because some browsers and operating systems would not fetch them because they domain names but not valid hostnames (see [RFC7719] for these definitions). s/ they domain names / they are domain names / -- Bob Harold
- [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-sent… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-… Bob Harold
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-kskroll-… Warren Kumari