Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt
Bob Harold <rharolde@umich.edu> Mon, 15 August 2016 16:20 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D21BA12D189 for <dnsop@ietfa.amsl.com>; Mon, 15 Aug 2016 09:20:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsQzcKz3oCxf for <dnsop@ietfa.amsl.com>; Mon, 15 Aug 2016 09:20:10 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F0B612D522 for <dnsop@ietf.org>; Mon, 15 Aug 2016 09:20:04 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id r9so28857891ywg.0 for <dnsop@ietf.org>; Mon, 15 Aug 2016 09:20:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ug5h7SETUkNVlYoGYkYXg9hqSjP73O9YAecYyPVhO6Q=; b=lkSEFWOZS2Bc1mGDRkO9IADKzC3nAJNH05FrQO1fTmrxD6ULKnr0jcvcdul5mEsQ1x 1hUxUmscJVkAZIkoHbcCjY5o7Xdq9JAdJXS51B2Tg5p4WRzuNNG9S39SYZKf4asCtA3O oqQT3moXj0uHRTuWuPxvjs/nNTKMnROIV/IyRJYRJQpkxdLJ2MwtccIJbxxQhMrE6jHm vs4OeYZszpdvKeQXCD15XZnllQyH4dN4ETXW2sW3PfLBlIq4z73fHrSJBwSNp3+f+KCo UAfOFbzEq+NkQbwHeTPGLKt1p8eME9mkQkNj/XLGfZZOUZPsv6JncvX+KEYbAaUizUs4 WbnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ug5h7SETUkNVlYoGYkYXg9hqSjP73O9YAecYyPVhO6Q=; b=mQMXN5tAi/fHv/tdkVbknXwBixqTbtDa7zogFW9dMbbgfwx2bq9wzMe8la8IbCwa4q Iu9lQKHenKMxZcuh+naxmr8NqMksHf6H9vFUZ/Pvx7Cvimq18nPfI33xIkwaZ5FkJUN5 FzAlSND39AZBXo2vgxaXnmZ68zJuucoVbLtavTZ5BpMD2DHd1SsI/yji2IYJYxeagBM5 706Qc6cLb50AZGNefz/au2gLolL2yWbcmRaXU+9YBXEzXVezPls0rYZ2nUYh9XcpudZy R4NTspO6hM5cfoRDz9AjMY9yXbmYGY7wcMLDLe9ESJQRhGQ2PzIGpOM0ajyCI1Q6LWt8 w2Cw==
X-Gm-Message-State: AEkooutWYSIzJtZ/kaHP4fLuB9X/7UjxNLh9ldlRJ1RGv9Q0LiX8AcFerebmQcCl3URfVOUw4XOVQsByYzpC+Y0M
X-Received: by 10.13.217.20 with SMTP id b20mr22236480ywe.44.1471278003207; Mon, 15 Aug 2016 09:20:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.255.3 with HTTP; Mon, 15 Aug 2016 09:20:02 -0700 (PDT)
In-Reply-To: <CAHw9_iJDCbbHHhXEo31yZPJmfuAr-cKFshmrcAq__6v011BFLw@mail.gmail.com>
References: <20160803191756.6121.3153.idtracker@ietfa.amsl.com> <CAHw9_iJDCbbHHhXEo31yZPJmfuAr-cKFshmrcAq__6v011BFLw@mail.gmail.com>
From: Bob Harold <rharolde@umich.edu>
Date: Mon, 15 Aug 2016 12:20:02 -0400
Message-ID: <CA+nkc8Ck9qS3BYwqEXwvardwYyZYw86SaMCGH3oG0PVt8-o5Cw@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Content-Type: multipart/alternative; boundary="001a114fbe74bf75b8053a1e9a4e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/pvR_KxU_6VwVrAbm1S0SmtUVlwY>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 16:20:13 -0000
On Wed, Aug 3, 2016 at 4:32 PM, Warren Kumari <warren@kumari.net> wrote: > We have updated this document with comments and feedback from Berlin. > We have also gone through and done another editing pass, removing a > significant amount of text which was intended to drive the discussion, > but would not really be useful in a published RFC. > > Please review it, we believe that the document is ready (or almost > ready) for WGLC. > > W > > On Wed, Aug 3, 2016 at 12:17 PM, <internet-drafts@ietf.org> wrote: > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Domain Name System Operations of the > IETF. > > > > Title : Aggressive use of NSEC/NSEC3 > > Authors : Kazunori Fujiwara > > Akira Kato > > Warren Kumari > > Filename : draft-ietf-dnsop-nsec-aggressiveuse-01.txt > > Pages : 12 > > Date : 2016-08-03 > > > > Abstract: > > The DNS relies upon caching to scale; however, the cache lookup > > generally requires an exact match. This document specifies the use > > of NSEC/NSEC3 resource records to generate negative answers within a > > range. This increases resilience to DoS attacks, increases > > performance / decreases latency, decreases resource utilization on > > both authoritative and recursive servers, and also increases privacy. > > > > This document updates RFC4035 by allowing resolvers to generate > > negative answers based upon NSEC/NSEC3 records. > > > > [ Ed note: Text inside square brackets ([]) is additional background > > information, answers to frequently asked questions, general musings, > > etc. They will be removed before publication.This document is being > > collaborated on in Github at: https://github.com/wkumari/draft-ietf- > > dnsop-nsec-aggressiveuse. The most recent version of the document, > > open issues, etc should all be available here. The authors > > (gratefully) accept pull requests. > > > > Known / open issues [To be moved to Github issue tracker]: > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ > > > > There's also a htmlized version available at: > > https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-01 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-01 > > > Minor nit: "Bob Harold" is listed twice in "10. Acknowledgments". I probably did not add enough value to be mentioned once, certainly not twice. -- Bob Harold
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… 神明達哉
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Bob Harold
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari
- [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggress… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari