IETF Logo Mail Archive

Re: [DNSOP] Terry Manderson's Discuss on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with DISCUSS and COMMENT)

Wes Hardaker <wjhns1@hardakers.net> Fri, 08 July 2016 23:53 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32C3A12D9A3; Fri, 8 Jul 2016 16:53:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.327
X-Spam-Level:
X-Spam-Status: No, score=-3.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agdVGKc_Si_D; Fri, 8 Jul 2016 16:53:25 -0700 (PDT)
Received: from mail.hardakers.net (dawn.hardakers.net [IPv6:2001:470:1f00:187::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD4712D9AF; Fri, 8 Jul 2016 16:53:22 -0700 (PDT)
Received: from localhost (50-1-20-198.dsl.static.fusionbroadband.com [50.1.20.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id ED8462AFFD; Fri, 8 Jul 2016 16:53:21 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Terry Manderson <terry.manderson@icann.org>
References: <20160706042557.22326.91200.idtracker@ietfa.amsl.com>
Date: Fri, 08 Jul 2016 16:53:21 -0700
In-Reply-To: <20160706042557.22326.91200.idtracker@ietfa.amsl.com> (Terry Manderson's message of "Tue, 05 Jul 2016 21:25:57 -0700")
Message-ID: <0ly45bsn4e.fsf@wjh.hardakers.net>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ova5KZOPb_yl3gDe7ab65hw37yA>
Cc: tjw.ietf@gmail.com, dnsop@ietf.org, draft-ietf-dnsop-dnssec-roadblock-avoidance@ietf.org, dnsop-chairs@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [DNSOP] Terry Manderson's Discuss on draft-ietf-dnsop-dnssec-roadblock-avoidance-04: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 23:53:29 -0000

"Terry Manderson" <terry.manderson@icann.org> writes:

> Abstract: s/outline potential/outlines potential/

Hmm.  My version already has that.  Yay!

> s1.1
>   second bullet, perhaps you could just say "not DNSSEC aware" to be
> parsimonious with words
>   third bullet '"middle-boxes" actively'?
>   fourth bullet "Network components" ?

Wording suggestions taken.

>   para after the bullets: "s/perform these test/perform these tests/ and
> I don't mean this to sound snide, but what is a regular Validating
> Resolver? as opposed to something else? (irregular?)

As opposed to Host Validators, previously in the sentence.  I'm leaving
it as I do think it provides a touch of clarity.  Though if a bunch of
people want it removed, I'm fine with that too.

>   last para of s1.1. "not uncommon to get results that are not
> consistent" suggest "not uncommon to get results that are inconsistent"

good suggestion.

> s1.2 is https://github.com/ogud/DNSSEC_ALG_Check going to be a fully
> stable URL?

Per discussion in another thread: probably.  Olafur certainly won't
delete it as the owner, and I doubt github will die anytime soon.

The only other choice is to remove the helpful reference.

> s1.3 May I suggest moving the 'Notation' section above the background to
> better arm the reader?

fair suggestion; done.

>      By saying "actual validating resolver" I presume you mean a
> standalone daemon listening on port 53?

I've changed it to "validating resolver daemon" instead.  Make more sense?

> s2 "This document specifies two sets of tests to perform a comprehensive
>    one and a fast one." I think you missed a comma.

I used a : actually

> And is normative language really needed in the following sentence?

I think the real intent was more (is now more?) this:

     The fast one will detect most
     common problems, thus if the fast one passes then the comprehensive
     MAY be considered passed as well. </t>

which is more reasonable for the normative language.

> s3, you might like to use a RFC4786 reference for anycast in the first
> 'Note'

Added.

> s3.1 second para "SHOULD have the recursive flag", suggest "SHOULD have
> the Recursion Desired (RD) flag set"

good catch

> s3.1.1, please use the example domain for such examples, ie example.com,
> and once you have used it do you really need to repeat it for each
> 'existing' text until you get to the non-existent tests and so on up to
> 3.1.14.

Well, here's the deal: example.com won't work and the domain in question
actually does work.  Some of them can probably be replaced with the root
server, but many others require somewhat specialized tests pointing to a
special domain.  That one is known to be the only one that likely will
work for some tests at this point.  The question is, what to do about
that?  Can we list a known one?  Must we list a useless one instead?
Should we pre-declare the problem?  I've been waiting for this to come
up :-)

> And on s3.1.14 Will "alltypes.res.dnssecready.org"  be a stable query
> point?

I hope so.

> s 3.3 Some formatting might help with the DNS query examples here.

Good point;  Put into artwork.

Thanks for all your helpful comments!
-- 
Wes Hardaker
Parsons

v2.23.0 | Report a Bug | By Email