Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-03.txt

"Wessels, Duane" <dwessels@verisign.com> Tue, 03 December 2019 21:35 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50C73120044 for <dnsop@ietfa.amsl.com>; Tue, 3 Dec 2019 13:35:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3FiFz9rGAqA for <dnsop@ietfa.amsl.com>; Tue, 3 Dec 2019 13:35:24 -0800 (PST)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C6C12003F for <dnsop@ietf.org>; Tue, 3 Dec 2019 13:35:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=9836; q=dns/txt; s=VRSN; t=1575408924; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=XNN+G5wSDMBB4lBHjndmNtFHo/5nNSasEmafevQGrYI=; b=TkY+wK+frWykkcf1ij7Bhv9NPexsYD0mKOs2KacH+zV+iG2GCTe1gYtt pntKbZzvSHZFdRuaZxKmXvP+lAOF3hIPcbyQnmY58AGuz0h7wj11aAFPL WtOfcFqWNGENk1Feu6HEBy/MIEuiSfhL4XFt3q85sZkq4Js+stbvHAeSQ r00tYa/MGkr71MhK/rM+XPeK7wyZVhtHZJprrVrgbLfLZxRfxRC03njfh lm4XJ7cT8r4ZELgP3zEQ4Mfqnt+OcDaF4uBcTAixui7IyGyz4go0sEUX2 +OLh735SwNptBSPubyR0gyHvQH+c19UQezWXyspCxTHH1M5x36IfKdojz g==;
IronPort-SDR: dCsfRhhq3NjsYxBSuaS90fn1ve4LLy0Rkrl1euPOJY4BnIMDTc2VF8J1Eyq12cQ3DY0vYYd8uL hVhmMKLSr2YMBYF6swOvBVQAVr/eH4m2YJO08x0QFhKFAMbBzESwnUMqY+oCroDtup1y4vweqm 3m733rfN2OAfgeK/YopWeMFtXm6mGM726uSCoK7br8vbHZwhZbD7+8kb77cqQTd6XrjFOaBv64 vckGYQ8sumBzEjc9LDFNhXcYsPG/9EI6tu0zLVHXVKqHCDmI8phk5o2tOx6Vh7XsuJzmIaaIFO 6Po=
X-IronPort-AV: E=Sophos;i="5.69,275,1571716800"; d="p7s'?scan'208";a="179899"
IronPort-PHdr: =?us-ascii?q?9a23=3Ama0LvxFw/961bexLVl0rE51GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ7yps6wAkXT6L1XgUPTWs2DsrQY0rGQ6v+/EjVcsN6oizMrSNR0TR?= =?us-ascii?q?gLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ?= =?us-ascii?q?/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9vIhi6txjdu8sUjIdtN6o8xR?= =?us-ascii?q?/EqWZUdupLwm9lOUidlAvm6Meq+55j/SVQu/Y/+MNFTK73Yac2Q6FGATo/K2?= =?us-ascii?q?w669HluhfFTQuU+3sTSX4WnQZSAwjE9x71QJH8uTbnu+Vn2SmaOcr2Ta0oWT?= =?us-ascii?q?mn8qxmRgPkhDsBOjUk62zclNB+g7xHrxKgvxx/wpDbYIeJNPplY6jRecoWSX?= =?us-ascii?q?ddUspNUiBMBJ63YYkSAOobJetWr5fzqUYSrRWwBgesCuHgxDhJhnDq0qI3yO?= =?us-ascii?q?shHR3D3AE6H9ICrGrYodPoP6kSS+C1y6zIwC3NY/xWxzj985PIfQ4lofGXRb?= =?us-ascii?q?57bMTfyVQ1GAPDkFqcp5HuMjSI2eUDrWeb9PFgWvyri248sAxxvCagxt0tio?= =?us-ascii?q?nSh4IVxVbE+T9lz4YyIN21UUh2asOqHptXsiGVLYp2QsU6TmFppik61rMGtY?= =?us-ascii?q?S8fCgQx5QqwQPUZf+fc4WQ/x7vSPydLSp6iX9rYr6zmha//Ea6xuDzUsS4yE?= =?us-ascii?q?tGojZfntXRtH0Bywbf5tWIR/Z+5EutxDWC2xjd6u5aIk04ia/WJps7zbMzkp?= =?us-ascii?q?ccqkHOEyHolErrjaKbc14r9+yp5unlZ7jrqJGROo1phQz4L68ggNawAf4iPQ?= =?us-ascii?q?gLR2Wb/OO826D98kDhW7VKi+E2krHesJDHOcQXvq65DBFR0oYk8xuyEiuo3s?= =?us-ascii?q?wFkXYHNFxLdxOIg5T3N13UPvD3EfC/g060kDtx3f/JI6ftAovXLnjYlrftZ6?= =?us-ascii?q?py60lZyAYrzNBf4YxbCq0ZLf7uRkP9rsHUAx03PgCu3urqCNtw2pkRVG+LGq?= =?us-ascii?q?OZNbndsV6M5uIhOemMY4oVtS7gJPkr+fHulmQ5lkEZfamyxpYXdm63Hu5nI0?= =?us-ascii?q?WCYHrsjdEBHX0WsQo5SezmkEeCXiJLZ3auQ6I84Sk2B5+gDYfYQYCtmKeM3C?= =?us-ascii?q?alEZ1KaGBKEFeMEW3nd9bMZ/BZZCSJJdcprRNMAbSnUIg5/RCjqAG8zKBoeL?= =?us-ascii?q?n64Cod4Njc2cNu6unI0Vke6DVyAo7Vh22SQnpvk2cTbyE7xqFkoEN7jFyE1P?= =?us-ascii?q?4r0LRjCdVP6qYRAU8BPpnGwrk/UoiqVw=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2FFAADs1OZd/zGZrQplGgEBAQEBAQEBAQMBAQEBEQEBA?= =?us-ascii?q?QICAQEBAYF+gwwrgQYKlUGDbJVagWcJAQEBAQEBAQEBAwQBGA0KAQEChD4Cg?= =?us-ascii?q?jI4EwIDAQELAQEBBAEBAQEBBQMBAQEChiAMgjspAWNrAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBARYCQ1USAQEdAQEBAQIBAQFsEAsCAQgYLgIlCyUCBBMOgxQBglcRH?= =?us-ascii?q?rB/gieEPgIOQUCEZBCBNoFTil2BQj6BOCCCTD6CZAEBAgEBGIEvF4NDgiwEl?= =?us-ascii?q?gqYOQMHgi6DUYI1gRiOVoJBc4Z7j3WXCI5Agx8CBAIEBQIVgWmBe3AVGiEqA?= =?us-ascii?q?YJBCTUSERSVbYU/dJBvgRABAQ?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 3 Dec 2019 16:35:22 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Tue, 3 Dec 2019 16:35:22 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: dnsop WG <dnsop@ietf.org>
Thread-Topic: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-03.txt
Thread-Index: AQHVqiGRDuxNR3GKMkSpfdnpBiDJsw==
Date: Tue, 3 Dec 2019 21:35:22 +0000
Message-ID: <FADC5B9F-EAED-40D5-8B06-FA148E1C7537@verisign.com>
References: <157540793023.4724.8140667702082755557@ietfa.amsl.com>
In-Reply-To: <157540793023.4724.8140667702082755557@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_C7B128D0-9C8F-4DA2-9ED4-E4C1C8F487B7"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/s7Or7EXgcQQbbiCDiFxfy_2Jp_k>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-03.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 21:35:26 -0000

Hi All,

Based on list feedback and the IETF-106 dnsop meeting, this revision has just two substantive changes:

- The mnemonic for digest type 1 has been changed to SHA384-SIMPLE (from SHA384-STABLE).

- The intended status has been changed to Standards Track (from Experimental) and the Scope of Experimentation section has been removed.

DW



> On Dec 3, 2019, at 1:18 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>        Title           : Message Digest for DNS Zones
>        Authors         : Duane Wessels
>                          Piet Barber
>                          Matt Weinberg
>                          Warren Kumari
>                          Wes Hardaker
> 	Filename        : draft-ietf-dnsop-dns-zone-digest-03.txt
> 	Pages           : 29
> 	Date            : 2019-12-03
> 
> Abstract:
>   This document describes a protocol and new DNS Resource Record that
>   can be used to provide a cryptographic message digest over DNS zone
>   data.  The ZONEMD Resource Record conveys the digest data in the zone
>   itself.  When a zone publisher includes an ZONEMD record, recipients
>   can verify the zone contents for accuracy and completeness.  This
>   provides assurance that received zone data matches published data,
>   regardless of how the zone data has been transmitted and received.
> 
>   ZONEMD is not designed to replace DNSSEC.  Whereas DNSSEC protects
>   individual RRSets (DNS data with fine granularity), ZONEMD protects
>   protects a zone's data as a whole, whether consumed by authoritative
>   name servers, recursive name servers, or any other applications.
> 
>   As specified at this time, ZONEMD is not designed for use in large,
>   dynamic zones due to the time and resources required for digest
>   calculation.  The ZONEMD record described in this document includes a
>   field intended to enable future work to support large, dynamic zones.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-03
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-zone-digest-03
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-zone-digest-03
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop