IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 14 December 2016 13:53 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09F1129672 for <dnsop@ietfa.amsl.com>; Wed, 14 Dec 2016 05:53:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.796
X-Spam-Level:
X-Spam-Status: No, score=-9.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gm8fhz2qFZds for <dnsop@ietfa.amsl.com>; Wed, 14 Dec 2016 05:53:34 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 722E3129659 for <dnsop@ietf.org>; Wed, 14 Dec 2016 05:53:34 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 046852801C0; Wed, 14 Dec 2016 14:53:31 +0100 (CET)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id F316728010E; Wed, 14 Dec 2016 14:53:30 +0100 (CET)
Received: from b12.nic.fr (unknown [192.134.7.106]) by relay2.nic.fr (Postfix) with ESMTP id F04E0B38004; Wed, 14 Dec 2016 14:53:00 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id E90533FF23; Wed, 14 Dec 2016 14:53:00 +0100 (CET)
Date: Wed, 14 Dec 2016 14:53:00 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: tjw ietf <tjw.ietf@gmail.com>
Message-ID: <20161214135300.gl7t7zwrd7huqdq2@nic.fr>
References: <CADyWQ+EJ0LO=pU-yUdEHwC3aP5KdXxsnD9kEvmmTeAoe0BxK3A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADyWQ+EJ0LO=pU-yUdEHwC3aP5KdXxsnD9kEvmmTeAoe0BxK3A@mail.gmail.com>
X-Operating-System: Debian GNU/Linux stretch/sid
X-Kernel: Linux 4.7.0-1-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20161126 (1.7.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oHTg3VC795p9ZJPsnZQuVXsx5EY>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Second Working Group Last Call - draft-ietf-dnsop-nsec-aggressiveuse
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 13:53:36 -0000

On Tue, Dec 13, 2016 at 02:13:27PM -0500,
 tjw ietf <tjw.ietf@gmail.com> wrote 
 a message of 94 lines which said:

> This starts a Working Group Last Call for:
>         "Aggressive use of NSEC/NSEC3"
>       draft-ietf-dnsop-nsec-aggressiveuse

I've read -07 and I believe it is OK and ready for publication. All my
(many) remarks have been addressed, I think.

Two details:

> [RFC8020], and [I-D.vixie-dnsext-resimprove] proposes first steps to
> using NXDOMAIN information for more effective caching

IMHO, RFC 8020 supersedes draft-vixie-dnsext-resimprove, so it is not
necessary to mention both. If you prefer to do so for historical
completeness, may be you should mention them in the chronological
order?

> As these benefits are only accrued by those using DNSSEC, it is
> hoped that these techniques will lead to more DNSSEC deployment.

This sentence should really be deleted. It seems to imply that DNSSEC
cannot work on its own merits and need extra arguments. "NSEC
aggressive use of caching"'s goal is not to promote DNSSEC, it is to
improve the DNS!

v2.23.0 | Report a Bug | By Email