IETF Logo Mail Archive

[DNSOP] DNSSEC in draft-ietf-dnsop-resolver-priming

"Paul Hoffman" <paul.hoffman@vpnc.org> Fri, 22 January 2016 03:22 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7FC71B371B for <dnsop@ietfa.amsl.com>; Thu, 21 Jan 2016 19:22:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ui7YrJGCaMKC for <dnsop@ietfa.amsl.com>; Thu, 21 Jan 2016 19:22:24 -0800 (PST)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 511AA1B371A for <dnsop@ietf.org>; Thu, 21 Jan 2016 19:22:24 -0800 (PST)
Received: from [192.168.114.1] (50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110]) (authenticated bits=0) by hoffman.proper.com (8.15.2/8.14.9) with ESMTPSA id u0M3MN51086825 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Thu, 21 Jan 2016 20:22:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110] claimed to be [192.168.114.1]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: dnsop WG <dnsop@ietf.org>
Date: Thu, 21 Jan 2016 19:22:23 -0800
Message-ID: <12831BC8-EE53-46C7-80A5-A7DAE651F157@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/qU5X1Cs0vTQqt7ViPzmZ4sCixnA>
Subject: [DNSOP] DNSSEC in draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2016 03:22:29 -0000

In Warren's review of the draft, he says:

I think that resolvers SHOULD send DO, and should try validate (if it 
gets signed responses). This is pointless at the moment, but if / when 
we end up with signed root-servers.net (or foo.bar) it would be nice if 
the right things were already being done.

This seems like a good start for a discussion.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email