Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-ttl-04.txt
Brian Dickson <brian.peter.dickson@gmail.com> Fri, 12 March 2021 02:32 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A6A83A12DD for <dnsop@ietfa.amsl.com>; Thu, 11 Mar 2021 18:32:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1u9kDT5Rw-7T for <dnsop@ietfa.amsl.com>; Thu, 11 Mar 2021 18:32:14 -0800 (PST)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C19483A12DB for <dnsop@ietf.org>; Thu, 11 Mar 2021 18:32:14 -0800 (PST)
Received: by mail-ua1-x92e.google.com with SMTP id o8so1277954uar.3 for <dnsop@ietf.org>; Thu, 11 Mar 2021 18:32:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MfxLmRTYuLU92CZvp5GRUUJafLDJPNh/Kvt6PEyfjDE=; b=oLEdnLx0Qis6EjDM2Leu49iNcPgPE6kujF9CynW9ru1u23zZ7Sq5C8AyR6TnFTEXdG FYtcfjKLc4l5KG8DklzhNdOGq9Z74R6CDclu0owNdrHYsWpCE+jrqbidQMlB/1/Qs2Lq JFKbfNsCpuSk0N4+7Rz3Kx6szOCQwdd4dTpFA6ufJ9gPkcp057glDyDpWc+37c9AawAK WdhnDBgN3FLidECB5rqKg6usWSX/R/mMdcBlq0c13a66QKbTbpBZEzyNrqPKPWspdUHY joTSVtsGdoDINWXiNmw9zo/UcLwkKKkOkptXw9wkPOg6ZcCVQD8t2Bt/vJOwxRoVRR8o 19aQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MfxLmRTYuLU92CZvp5GRUUJafLDJPNh/Kvt6PEyfjDE=; b=fW8tSPIJXrxIq3vzE5G2MGPzXPX1yyWtdpkidtuDus+OFDS5G9vPzUuUkeBeTzplyB DRov3kxU+yxB1tfjCYO2BjZEcHiogWR7SbXkv6gLNI+0sg7isAGrl8iFzsS6v5Mh2gEt aEXy8qRGevMkOSXHur9PJYUTqhICJvNyEWtiAhO/SMV2NAK6R13qqLSSMejFnhjdEuCb +RXxV5ttcA+LuvwiYk+EVkiNDBRP6w1A0RHwBHS78urfjcorNNWwuIVXKZBf6iXJ0c1/ RE+UTgFJ/Frz/5908ElLruY8287TNdoGLcKr8da1rdlXn8UxFSC+bNbmzklbT8VVaP0u VQ5w==
X-Gm-Message-State: AOAM530cDzK+bMFIiLxlTY2wsdZOpi9ZqVH2JEtjQvpKpa6tvmwhiz+E qDXFdmF4aWlTSmyhb3nAe5IRLg+Q2TIkTLNZPjJr0B4C
X-Google-Smtp-Source: ABdhPJxPZnrfp67KLdoeT1yyDwJypoQ5XiV/L97xGPh6jgCpmBfc6oHTQbokaBMRZnFQxemlZnn5PbhEb+frnR4+x/g=
X-Received: by 2002:ab0:2651:: with SMTP id q17mr7128760uao.87.1615516332514; Thu, 11 Mar 2021 18:32:12 -0800 (PST)
MIME-Version: 1.0
References: <161366850805.32647.5224557078654754736@ietfa.amsl.com> <de944060cf70d5ef1f78ca3092ccefe3e7fb19cb.camel@powerdns.com>
In-Reply-To: <de944060cf70d5ef1f78ca3092ccefe3e7fb19cb.camel@powerdns.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 11 Mar 2021 18:32:01 -0800
Message-ID: <CAH1iCiogZS-6Np72x-4dPyvLWyRPdbPd7E+62gk8bmnYGnjk6w@mail.gmail.com>
To: Peter van Dijk <peter.van.dijk@powerdns.com>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000020e07905bd4db5ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/r-gBFVyIjaTu_bkFL2JbrKZSLqI>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-ttl-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 02:32:17 -0000
I have a very minor comment on this (excellent) draft: Assuming it gets approved and published, could the relevant elements also be filed as "Errata" on the respective RFCs, so they are easy to find and apply? Not sure if that is appropriate, but given the implications of not doing what this draft says, it might be a good idea. Brian On Thu, Feb 18, 2021 at 9:21 AM Peter van Dijk <peter.van.dijk@powerdns.com> wrote: > Hello DNSOP, > > with thanks to Matthijs and Paul who commented on -03: > > * the 'incremental signer exception' is now part of all relevant > document updates > * added an explanation for the upgraded requirement level > > On Thu, 2021-02-18 at 09:15 -0800, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > > > Title : NSEC and NSEC3 TTLs and NSEC Aggressive Use > > Author : Peter van Dijk > > Filename : draft-ietf-dnsop-nsec-ttl-04.txt > > Pages : 10 > > Date : 2021-02-18 > > > > Abstract: > > Due to a combination of unfortunate wording in earlier documents, > > aggressive use of NSEC and NSEC3 records may deny names far beyond > > the intended lifetime of a denial. This document changes the > > definition of the NSEC and NSEC3 TTL to correct that situation. This > > document updates RFC 4034, RFC 4035, RFC 5155, and RFC 8198. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-ttl/ > > > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-dnsop-nsec-ttl-04.html > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-ttl-04 > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > Kind regards, > -- > Peter van Dijk > PowerDNS.COM BV - https://www.powerdns.com/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] I-D Action: draft-ietf-dnsop-nsec-ttl-04.… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-ttl… Peter van Dijk
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-ttl… Brian Dickson