[DNSOP] Re: Gunter Van de Velde's No Objection on draft-ietf-dnsop-rfc8624-bis-09: (with COMMENT)
"Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com> Wed, 21 May 2025 10:36 UTC
Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 727492B22E13; Wed, 21 May 2025 03:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90ndi9njgz37; Wed, 21 May 2025 03:36:25 -0700 (PDT)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2058.outbound.protection.outlook.com [40.107.241.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AFCA42B22E0A; Wed, 21 May 2025 03:36:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zNgsO0cH4q3tDQxLBEGxeI6cz//J4ea2fZimiIMoCFldDkPecemjNbMYk3rcD2S109t2wvOQFn/ktKM2DGCXYrJ0YFjXvU1PX9wFXa0/6sUfwG5YRBzzQS4heuS/5xFfwJqiqApVh+LKPSOFaHv8XmOC7cLeWDYcwYIiEbyPbGq1O//E9AKSsz3uGFpmRpZVZrbhiLOb08bUAskt5J/SyqmKF42Vm+YkXQo4U5o7fh4iTdXt5wp6gl22z0CriNHla8Zz6/FqZBzYivHsAnjHI6rKmVRpJTsGWj1pqdb0HasSH6rTM/1kooWvRjt/rs1cEuqIyZQBQ3CBP8DNg9n+Mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ArTaxsqJxZcZtwIbPadxQwlk2ff1/D76XMHxQtob7Q8=; b=pWq3W1h3cBkyLpmIskafKoe1/u6gTNzJ65x3yrcqVWvfJd+WBfW66zxoRWLJf8JIO8J5M8k0No+Px9bDc2dtk3k6C2Bz8ve2Eg5kQgg3k9xXRSIN/WtIu1MbehTZJiAmAnG308aDWyG1xU5k1fhXpvjX07DZecreuqkRLCjgRddIa2au5KzsHJHOL4lUR4jL1qkTcjAJmH8Ow3d3/I0C1zdf0hESfMK4VHdZJJTjutMoKrrDsAfnUSdELHCZOvQFai8SVWAbujcxnvVCiI3pvYRagPk1AO9iHevH5ynBAaOU5aNG5+YyAfjbrpCJKalg4N7kGane7DHRkxDzWKWVGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ArTaxsqJxZcZtwIbPadxQwlk2ff1/D76XMHxQtob7Q8=; b=GSWQ7ILJtXXK4iytBgwz8uY/mC1ZmlGWQmqOj6DoxZmfqg/k5uz44Jl0VTQa2xQ8FEy+Mo6IpHXo2DTRmOLWEuFNKjQAeg/rFvnE8j+vLfpaBQUvYxW+fOWWQ+FpvGqI9NKOrfBxFDxCcUKEZEDNXl5140JZlVMXnrKL6QmAsL+5cCB5ZmXGgSoeKsTfhaz80BQ6JMc+wuoOFU7WfTnPzUohFujftbV1Xi60+0wHCVP7pnoq3xtAtCnyj7ok98QNhlpNF1zlywOBQs5ObzuKeFcaVxyuIQTqpU/cBzKUE6BPE7eSvnAPyZ68Dr8R//1R9BwjZk3s8EQKj3bdgdC+fQ==
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com (2603:10a6:20b:470::16) by DU2PR07MB8320.eurprd07.prod.outlook.com (2603:10a6:10:27d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.31; Wed, 21 May 2025 10:36:23 +0000
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e]) by AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::5ca6:f902:8e31:6f3e%6]) with mapi id 15.20.8746.030; Wed, 21 May 2025 10:36:22 +0000
From: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
To: Wes Hardaker <wes@hardakers.net>, Gunter Van de Velde via Datatracker <noreply@ietf.org>
Thread-Topic: Gunter Van de Velde's No Objection on draft-ietf-dnsop-rfc8624-bis-09: (with COMMENT)
Thread-Index: AQHbwNzSGSlA4H9uZEOWjM7+812Z7rPcBL1cgADx1+A=
Date: Wed, 21 May 2025 10:36:22 +0000
Message-ID: <AS1PR07MB8589769F2567FD07DC892540E09EA@AS1PR07MB8589.eurprd07.prod.outlook.com>
References: <174679325247.1296472.14515127530508932504@dt-datatracker-58d4498dbd-6gzjf> <ybltt5fm4b5.fsf@wd.hardakers.net>
In-Reply-To: <ybltt5fm4b5.fsf@wd.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8589:EE_|DU2PR07MB8320:EE_
x-ms-office365-filtering-correlation-id: 7e36ca68-5db5-401d-04a6-08dd985354cd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|10070799003|1800799024|376014|38070700018|7053199007;
x-microsoft-antispam-message-info: 6DqtXmkgHSHV91jSRq7pukvV8TFvrPa75L9+X1fUr8paufAvUZdhWb/Yo3DF5gZQmp3dFTsHuhEIDO3WiSIQ09Nkwh3GcqQazYDJFr7JeH1BmI+SCYB89LU/7xMtUi6Irwr9imGtvAvuxTT4/9DdyrDFz66PxOkrpe2h/owJxPmPn761S2KmnG8P7936ZqEPcn0ACjqLV/ue8rVujmhWtSbEylkp5U6bNb0xulhmIDaN3+IWGRaP3pa0gCFqrIuNdK3AGtc6BAach46m9iL9Mf3MxCQr26uG0H8ibD0WzLaQhS6/NNOdDQGU3gP9eANm1NloVraLGH62TBcLNXB7tvwd4LtJIynLHojJ/uH/6ru57VZpYJl92n4iYhPjT7Kh68CjIRqRMg9MlRYmCZ2xuL6U4Q9np383eYpoZDamTMJqwwjOFaC24sECJBf5jrByrpW/WPrrKxdt/6JgdoPawGNxR5GgMYNqrrvfiw4CKv68Yi1EMBV4uSuj5ONajOo/+efJShXj2DJoOSIWMZOK3knGa8Z9XDWThVk0H2/KMXlOHtq6lymQNQBS05XcZFMZWTD9+Ripkpv6bmld3xOSmzZ1rn4ljPL9OFH3mQ0tv06jg+aX0r4RXYGy4pRj0AYlfS9XwLYtwRrpHAkQ6LUShvlQ3IW1KxJiSEd3h8sBe9nSNVanPyEtcNMRUeYp9AYfAA5x6buaMr6VZWOt2uzxOi15U9gnPQlevhDl3pXBJysRiMuquyCw0Rn4XZac8pl8PMT1b+e50r4tCyeeLicAfWL9GAgNUEXfcL/xQBV3AibtENnm90D6l8OthnsOGmp3v5W66x4IQZ7hb+ynBfMyBbfBkZXnOOPVgtn760hkotIDct8waoWHZyM89MNDg5c8dDcza9cK5X9m6LI01TXawHYHlJOm9Ei/bHUXhhLqLUcnGmyXDhh1QNR1jCXXqiTyvcOpWkKlrMrfzt4BuaHzYzL/71KyXnTIurJJ6mpYdsguAjFtMdKPUECDFjuWQ6umceVChJHRzOHzPWYYHqzud7NBdBd9gDPp6KsoZ4K/oihFux+/J548EIiMnwgi7Z0kyXkG2oDTcTV6zH9Z/CGK3RqeUqYnHczSVczq4ruaVrFokbhT4OCGdsDR9Ny6+uv4oGgej8dum8Tq5bziC7+/XiKDDrAm1d98DPdt+KBDjYGp7QDRB+3EVtJjyq4HidzAIz/9za/uVAH5oLlA7WctsMXC3Q5Usrk1y12A4XUaCJLKGxXDLRIYrca5FIBmtJVvhsqKn9AtpQ4OqXkgH7Wvn2owL8UqJEPzDgRcIM+Lr4KIf3gOwwYVED9L2gEVQVz8AyT6n6q9/Ifn5thxZEIWbvIDxGwNRw/86TpaOMdYd4amsUmFaO2Y7RkLkDo+U/WSzeMv5raOvHyktTsdtTtJWe7CMVNbNocZ1T6U41lEtvQ=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS1PR07MB8589.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(10070799003)(1800799024)(376014)(38070700018)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hdUni7tlxLvLilZxazgyOXmmnjp8dF5Tdott9KBJ+IxVNE+oRMMCWBuyEZPtmJo1jgjIwumJ0OoufzSIm8ti4DrhvoB0g3kXvP+ylrkMNRXRYqxxko4t/g54KEgf6kk31sK8+TBxqgnvSYFRj4LCEAy2MOBOb4BzMbJNGqxK35OflUa7CWHWA/xmyL9QWHU4TyJwJu83GAeSO+7t6R9Hk5Mi52w9ukAK62MT1L3YXro0eEdL6Xf6rHSPOjaGG2wmLU/RhWKT2jp24JUEhAHSk4ecm5fgUG5z0GHk7MCyCeXcoLwi48KyvCgUVPS4Jh6cyPRhtzxZRv0wL8v5f7gLPQ7FJv+FA/C+sjYoV6eperkEQKuAX5451UzX/1dvasmi3NdCfvMGr1Qpb6TRalhpXJybVhEiLrHWx+hT/WtUBIzYnc2CFDuOuzoW4v0aTpLPAd2li6dfjcceX7Tt2cT0Yuis+8cOWHbYJ8IT34/FeoVEANHaNwBTh9/Ojt4EyNxECTaMWJ0/FlGnYfJHCn9BFwWHnAk3xF5YdTT0KrKGmDDK2O+HEJ4GHHWj3/5tFGRLcg2XgOv8wRDbr2Qz8AvHoLvOFMpuwQKluIBZkah4xFTd1hCPRs6w+B46DJVSD3JPz7sI/tbt3TH5Z5QXctK5UmVA0oeUFqsG00Rm9VSmyDocDj6n2Q2LqtLhbORI3kkUm11lmS7PVxxKcpvRsrRQlQZUwfiyQOX0RdmVvEVOb2W6YDsH3+FZ0RoLQTweOhusyNSirtnbShvlQHECzPU6yWGBrZXWSMCpd6gaUrSx+4VfrhWEzualu2N4/mMAyGbR8BVq0oft3IkUAkM4xA2yVIp+ZDo++/NT4FmiaiDxJQO39+o50htQ1ngVeoHDLNPjEk6LkbAMO92nH+NkuuRNjXn7WMRQ3tA/rjdd4P2UMeGwXcqSzdOwN61xtWMFzrSvR3YjUAAAZpg6Ugwjr/43nh3AE93X5vRS9oGCpt19HcUcv3fSlcGlSB+Fv7pWeeAtXu30ldSfOyyyQLKRZdf9mHSCPS8vUmhKmROMW+fHE5TOOzBv8Qo+pkgUAF8AVdGwIiWAynWGyzXnE422a/QdppG/05tiPAzF+JOr9ewd44VBewfux3jN0zVDenJqoSoWLVmHSglH5oHeQ9dkqpgzHFCesKt61K0mV5zGM8qvXo0FxGms7wjcGeKlOQ8ikGPOVOQ3k3wKn9NZmb2gJky+zX7k9gs3QVbm0YbAJEo6jFJmmbyMlrTfrAoPy+Bbhv6jbIQNLFXKs19gJlkRQA2lbUZybK7RP5lIH3RVDLmWHuzSXFbgHo2gIvPWKo+jfqiA1ik9w50ixgNleMGvoSxdeORK1whhLNAHXAAi1VPDsQ49JZsWLTR+UF+znnrqH7uEWtuMMBzxe3yMVglfDsqRXqrhfF3g5nHwlUlnrG6i56SxWNKALXsBYCYFOj7PExy1hiAltzmvF4yNLuosr6EUNPudIdssxo9RYlJtKI89Q4eoZjl1nceDWd1M/UI4bNBiEJ4EuCjJeMltvka5Eyf3FHpZU9XluDnBbGnF8gGvcYywct9rMXuFtGyucwyfefwJ+6k/yI1ScILI7Vo5esOFRRss3dy+zcWzNrXvAg1IAncwJz50F0Dtt6x6plkRJnrHflbt932OoFcaB70CYuyUqA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8589.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e36ca68-5db5-401d-04a6-08dd985354cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2025 10:36:22.8298 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oVMNiXXPSFB6GS3j0g8WKYtvaDnr41kDVxmQrNAlWpjqP6CbA1X+a+FAi0TDqTKZnBOfT0POijX9fn9+g8+ykGtNpGUHkP7SoQXCYWTcXsA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR07MB8320
Message-ID-Hash: 5HXPCHGM5RCGNUVXAU4ZFNGNNV2ZXRHB
X-Message-ID-Hash: 5HXPCHGM5RCGNUVXAU4ZFNGNNV2ZXRHB
X-MailFrom: gunter.van_de_velde@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-rfc8624-bis@ietf.org" <draft-ietf-dnsop-rfc8624-bis@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Gunter Van de Velde's No Objection on draft-ietf-dnsop-rfc8624-bis-09: (with COMMENT)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oBWBpV98wrrOIbP2Ag4udI_dE-0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Thanks Wes. Looks all good to me. Be well, G/ -----Original Message----- From: Wes Hardaker <wes@hardakers.net> Sent: Tuesday, May 20, 2025 10:10 PM To: Gunter Van de Velde via Datatracker <noreply@ietf.org> Cc: The IESG <iesg@ietf.org>; Gunter van de Velde (Nokia) <gunter.van_de_velde@nokia.com>; draft-ietf-dnsop-rfc8624-bis@ietf.org; dnsop-chairs@ietf.org; dnsop@ietf.org; tjw.ietf@gmail.com Subject: Re: Gunter Van de Velde's No Objection on draft-ietf-dnsop-rfc8624-bis-09: (with COMMENT) [You don't often get email from wes@hardakers.net. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Gunter Van de Velde via Datatracker <noreply@ietf.org> writes: Thanks for the review Gunter, Comments/Responses inline: > 21 RFC8624 to an IANA registry. This is done both to allow the list to > 22 be more easily updated, and to allow the list to be more easily > 23 referenced. Future extensions to this registry can be made under > 24 new, incremental update RFCs. This document also incorporates the > 25 revised IANA DNSSEC considerations from [RFC9157]. > > GV> The text here mentions a 'list'. The list was not mentioned before > GV> and made > me wonder what 'list' is intended? Good point, I changed the first "list" to "list of requirements" which is really what was being talked about (technically it was referring to the list of requirements). > 124 Implementations need to meet both high security expectations as well > 125 as provide interoperability between various vendors and with > 126 different versions. > > GV> Maybe swap the word vendor with implementations? one vendor can > GV> have > multiple procedure implementations that may not interop well > together.. been there and done that :-/ > > s/vendors/implementations/ Done > 142 algorithm. As such this document also adds new recommendations about > 143 which algorithms should be deployed regardless of implementation > 144 status. > > GV> Just a quick question, is it fair to assume that the current > GV> recommendation > is based on existing operational experience? In other words, do we > expect these recommendations to hold up well as deployment matures and > stronger cryptographic options become available? I would expect that to be the case generally, but don't think we should explicitly state that it will always be the case. I can see corner cases where sudden algorithm weaknesses cause the need for a rapid shift regardless of current deployment/implementations/etc. > 358 This document makes no modifications to the security of the existing > 359 protocol or recommendations described in [RFC8624]. Thus, the > 360 security considerations remain the same, which we quote below. > > GV> Just a personal and minor stylistic comment. I tend to avoid > GV> using the > word "we" in formal procedure specifications, as it can be a bit ambiguous. > It's not always clear who "we" refers to, the authors, the working > group, or perhaps the IETF as a whole. Feel free to disregard this if > you prefer, but you might consider rephrasing slightly to remove "we" > and give the text a more specification-style tone. I changed this to: This document makes no modifications to the security of the existing protocol or recommendations described in [RFC8624]. Thus, the security considerations remain the same. The remainder of this section restates that document's text. Hopefully this works? -- Wes Hardaker USC/ISI
- [DNSOP] Gunter Van de Velde's No Objection on dra… Gunter Van de Velde via Datatracker
- [DNSOP] Re: Gunter Van de Velde's No Objection on… Wes Hardaker
- [DNSOP] Re: Gunter Van de Velde's No Objection on… Gunter van de Velde (Nokia)