Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-nsec-ttl
Peter van Dijk <peter.van.dijk@powerdns.com> Sun, 31 January 2021 16:23 UTC
Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307AF3A10B5 for <dnsop@ietfa.amsl.com>; Sun, 31 Jan 2021 08:23:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wQPNjcMHGRiM for <dnsop@ietfa.amsl.com>; Sun, 31 Jan 2021 08:23:20 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6EA53A10B0 for <dnsop@ietf.org>; Sun, 31 Jan 2021 08:23:18 -0800 (PST)
Received: from imap.open-xchange.com (imap.open-xchange.com [84.81.54.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPSA id 7260D6A24E; Sun, 31 Jan 2021 17:23:15 +0100 (CET)
Received: from plato ([84.81.54.175]) by imap.open-xchange.com with ESMTPSA id y9aGGnPZFmAEOwAA3c6Kzw (envelope-from <peter.van.dijk@powerdns.com>); Sun, 31 Jan 2021 17:23:15 +0100
Message-ID: <2b355510333eb5e0c0577cf8bcf9c6355addbe25.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dnsop@ietf.org
Date: Sun, 31 Jan 2021 17:23:14 +0100
In-Reply-To: <edf948c2-f093-9850-805a-5ac05b27a2bd@nthpermutation.com>
References: <CADyWQ+En0_=LzynpgodOyPan0WD5HdtdqVdU6zw39-g_SCNL6A@mail.gmail.com> <edf948c2-f093-9850-805a-5ac05b27a2bd@nthpermutation.com>
Organization: PowerDNS.COM B.V.
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/plAUmKWGk6yMDrgLjp_5sN-akxU>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-nsec-ttl
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 16:23:21 -0000
Hello Michael, On Fri, 2021-01-29 at 12:31 -0500, Michael StJohns wrote: > On 1/29/2021 10:22 AM, Tim Wicinski wrote: > > This starts a Working Group Last Call for draft-ietf-dnsop-nsec-ttl > > > > Current versions of the draft is available here: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-ttl/ > > > > The Current Intended Status of this document is: Proposed Standard > > as it will update 4034, 4035, and 5155. > > > Hi Tim et al - > Sorry - I completely missed this document earlier. > I can't support this as Standards track even though it purports to update standards as it doesn't actually specify an implementable protocol. Basically, this is dependent upon humans doing the right thing, rather than specifying behavior of the protocol. The updates in this document are reflected in software patches, not human behaviour. What am I missing? > For each of these, I'd recommend specifying what a client does in each of the cases, rather than weasel wording the SHOULD with respect to the zone contents to turn this into an implementable protocol. Wow, what? > E.g. for each of these clauses add something similar to "The client SHOULD/MUST reduce the effective TTL for the received NSEC RR to the lesser of the TTL of the current SOA record, the TTL of the SOA, and the TTL of the NSEC RR record and MUST discard the NSEC RR when that effective TTL expires." The client (I assume you mean a caching validating resolver) should not do that at all. If the document suggests that to you, please help me fix that. Note that if we -did- wanted to write this, we couldn't - section 3.4 ('No updates to RFC8198') explains why. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/
- [DNSOP] Working Group Last Call for draft-ietf-dn… Tim Wicinski
- Re: [DNSOP] Working Group Last Call for draft-iet… Michael StJohns
- Re: [DNSOP] Working Group Last Call for draft-iet… Peter van Dijk
- Re: [DNSOP] [Ext] Working Group Last Call for dra… Paul Hoffman
- Re: [DNSOP] [Ext] Working Group Last Call for dra… Michael StJohns
- Re: [DNSOP] [Ext] Working Group Last Call for dra… Paul Hoffman
- Re: [DNSOP] [Ext] Working Group Last Call for dra… Wessels, Duane
- Re: [DNSOP] [Ext] Working Group Last Call for dra… Matthijs Mekking
- Re: [DNSOP] Working Group Last Call for draft-iet… Tim Wicinski