IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse

Bob Harold <rharolde@umich.edu> Thu, 15 December 2016 14:38 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 310CA12966B for <dnsop@ietfa.amsl.com>; Thu, 15 Dec 2016 06:38:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id muK17F8iWEet for <dnsop@ietfa.amsl.com>; Thu, 15 Dec 2016 06:37:59 -0800 (PST)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB313129619 for <dnsop@ietf.org>; Thu, 15 Dec 2016 06:37:52 -0800 (PST)
Received: by mail-yw0-x229.google.com with SMTP id t125so14684871ywc.1 for <dnsop@ietf.org>; Thu, 15 Dec 2016 06:37:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SpXQPDek77Z24D9VPnzIJGnzDkQBoC33+1R5nF6NEDs=; b=Yaqw5pj7UCD3amY+TCfnJWy/O/W1hXFN5lbxgDkIDRJ8BJT7OF03+rD+HBDPSnJs5s X6MksaAkEm++8NO9XDkE6+FhrRZQpvWXbVf6vfiJVT3O6MwV8oAv0EhSa0lvZa8HyaXV 6WS9lmc4xv9p4swwypEgMQqoe3KXu7C5/7lEDERHx3ffymWzT92M3WQ3o8ry46PWZAmp w9z7PwddFykfRwLL+u0m0Wgvfu44sV9tR0dg730kQcdePtgKdgSO1KJYRI35dw8rvjeW 6oFE4yslRYUegwsn9SJs2O9Qc+iNffuEIKAgASMOq2kXHfJgi7yvuq1bGVuHY8a1b7TB vFew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SpXQPDek77Z24D9VPnzIJGnzDkQBoC33+1R5nF6NEDs=; b=W//YRw8IqJaLgb3Cqw9Mf4c9MII02t+v14+SEStCpST9GOT4lOAatXpDofABacs9UL pSMrJvDyvg1f7Kf1AD7blVLVQ/Z+eevNHlPswP5ovu9hUCFkvqOohssazdM/kdzidiXx AYVVYe2m+T635VmhkVdNr6ThiFR7shJRoAhMTU0wpmfSOmAg4Sd70yxlIblpcxT64R+F 1Xv8WbtscKPoBIvj9IPm8u/ngm+EuUXQdsrR5guXKD+/A50ntHQL2V0vmMgpULp8ZqnX wAVsQimzMdq0jv4OcaEo2nQaS8Svw3Rxnz6YxpH455KWKppzbbYNcGfVGmGA6Cx8c9Xr ol3Q==
X-Gm-Message-State: AKaTC00dwI73GZYNc6PaNl/VUyaj9GqZe+RS63MHh/s3JjgIbxhqcD2PbXk0p9QaRbGn6FZZOW/h8ygznNSHiJCq
X-Received: by 10.129.177.3 with SMTP id p3mr1205721ywh.298.1481812670403; Thu, 15 Dec 2016 06:37:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.169.130 with HTTP; Thu, 15 Dec 2016 06:37:49 -0800 (PST)
In-Reply-To: <20161214135300.gl7t7zwrd7huqdq2@nic.fr>
References: <CADyWQ+EJ0LO=pU-yUdEHwC3aP5KdXxsnD9kEvmmTeAoe0BxK3A@mail.gmail.com> <20161214135300.gl7t7zwrd7huqdq2@nic.fr>
From: Bob Harold <rharolde@umich.edu>
Date: Thu, 15 Dec 2016 09:37:49 -0500
Message-ID: <CA+nkc8D2BQ7B827YeuEn7nDDUxcqOW8Qmdr0zcc0zxTuNOG_qg@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Content-Type: multipart/alternative; boundary="94eb2c1461ecd808830543b3652b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nNESweVVgGgd5JKgm6G5NmMcZy4>
Cc: tjw ietf <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 14:38:02 -0000

On Wed, Dec 14, 2016 at 8:53 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Tue, Dec 13, 2016 at 02:13:27PM -0500,
>  tjw ietf <tjw.ietf@gmail.com> wrote
>  a message of 94 lines which said:
>
> > This starts a Working Group Last Call for:
> >         "Aggressive use of NSEC/NSEC3"
> >       draft-ietf-dnsop-nsec-aggressiveuse
>
> I've read -07 and I believe it is OK and ready for publication. All my
> (many) remarks have been addressed, I think.
>
> Two details:
>
> > [RFC8020], and [I-D.vixie-dnsext-resimprove] proposes first steps to
> > using NXDOMAIN information for more effective caching
>
> IMHO, RFC 8020 supersedes draft-vixie-dnsext-resimprove, so it is not
> necessary to mention both. If you prefer to do so for historical
> completeness, may be you should mention them in the chronological
> order?
>
> > As these benefits are only accrued by those using DNSSEC, it is
> > hoped that these techniques will lead to more DNSSEC deployment.
>
> This sentence should really be deleted. It seems to imply that DNSSEC
> cannot work on its own merits and need extra arguments. "NSEC
> aggressive use of caching"'s goal is not to promote DNSSEC, it is to
> improve the DNS!
>

I would like to respectfully disagree.  I read the sentence as saying that
this adds one more benefit to running DNSSEC, which makes people like me
want to move DNSSEC closer to the top of my priority list.

-- 
Bob Harold

v2.23.0 | Report a Bug | By Email