IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-01.txt

"Wessels, Duane" <dwessels@verisign.com> Fri, 06 September 2019 00:02 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57CA120052 for <dnsop@ietfa.amsl.com>; Thu, 5 Sep 2019 17:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15h4LoHrE8kF for <dnsop@ietfa.amsl.com>; Thu, 5 Sep 2019 17:02:11 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DF84120043 for <dnsop@ietf.org>; Thu, 5 Sep 2019 17:02:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=9902; q=dns/txt; s=VRSN; t=1567728132; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=eB+9DXIB7OmMpdNlx+T2mn/goVwtFHehJ4uIDSKRZJU=; b=jFCQpug+FUM8Rl7Jbhd9iBVeYy8ebinLpFAKZpnO4TDUNG80cTx2wMnr 1MtmOUfx8Q5kly9HHIXudoN6nFaI9XOqNAxsmJolc/5aKiWGxyEijC8UB b22sGE8woUt8AcSYotY7s6kUy3HsuSkG+nRAlpsZztJ0fM0ewJbbAya3P 9a+QzVpHxd1Xx6mXzkRByo68VQMrjnEVOkFmaB8Z2gdztb+q+we4/86bb 8/5KJkbSgQ9+iRw5f1G3Ln9viu7J1uU12Wawi2FgzgHFUwJktSvUayiiw uMcaZ1BDlOsqne6q+VyiQGDIdsH0I8AbFekLDC/RUyZddeACufDjfph9n w==;
X-IronPort-AV: E=Sophos; i="5.64,471,1559520000"; d="p7s'?scan'208"; a="9109977"
IronPort-PHdr: 9a23:OQCEyxLbtv49ID/Z5NmcpTZWNBhigK39O0sv0rFitYgeLfXxwZ3uMQTl6Ol3ixeRBMOHsqgC0rWG+Pm+EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCejbb9oMRm7rwbcusYLjYZjN6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhSEaPDA77W7XkNR9gqJFrhy8uxxxzY3aYI+XO/R5f6PSYdwVSHFOXspNUixMGIO8Y5cRA+cHIO1Wr5P9p1wLrRamCwWjBP3gyiRThnDo2a06yPwtGhzI0gw9Bd0OtmrboNvoP6oVTO+0wrfHzS7Yb/xI3Tf985PFcg4/rvGWXLJwasvRyUYpFw/fklqQronlMiqT2+8QvWab6O9gWviui24hswxxoyagxtsiioXTgYIV0F/E+CNky4g2Pd21UFN3bcK+HJdNtSyXOZF6Tt4iTmxmoio3xbkLtYamcCQW0pgr2hzSZ+Cdf4SV7R/uV/ydLSp7iX59drKwmRW//VSlx+D5TMa501JHoTFAn9TCqHwCyh3e582cRfZ5/0qs2zOC2g7d5+xGPE85k7fQJYQ7zb4qjJUTtFzOHirxmErrkqCbbl4k+u206+T/ZbXmu4OcO5d0ig7gNqQundSyDPkkPAYWQmSU+fyy2rLi8kHlXrlGlOM2nbXesJDAPcQXvLS2DBJP3oY98Ra/FDGm3M4EknkAKVJJYBOHj473NFHSOP30EOuzj06xnDppyf3KJKDtD5XDI3TZn7rsea5x60tGxwoyydBf6YhUCrYEIP/rR0DwusLXDgQiMwOqx+bnE85w1p0AVmKVA6+ZK6LSsVCO5u41P+aMY4oVtC7nK/c5//7ukWM5mVgFcKa025sXc3e4Hux9LkWYf3XsntkBHX0NvgokQ+y5wGGFBHRfYW21R4o96y01ToW8As/8acrl1LCHxyCjNpxbem4ADUqDRyTGbYKBDr0zZTmJL8t61nQoSLGnRsVpgR2xuRThxr58BvTZ4CwDtJ3lktNy4ruAxlkJ6TVoApHFgCm2RGZukzZQSg==
X-IPAS-Result: A2FXAABnoXFd/zGZrQplGgEBAQEBAgEBAQEHAgEBAQGBZ4MFgS8KlTKDa5VDgWcJAQEBAQEBAQEBAwQBGA0KAQEChD0Cglo4EwIMAQEBBAEBAQEBBgMBAQEChhcMgjoiHE1rAQEBAQEBIwJELAEBAQECAQEBbBALAgEIGC4CJQslAgQTDoMUAYF7HqwGhDoCDkFAhHcQgTSBUYo/gUE+gTgfgkw+gmEBAQIBARaBDzeDPoImBJR3lzkDB4IfgzmCKoEUjgyCNG+GTY8GjXqHfY1QgxACBAIEBQIVgWmBenAVGiEqAYJBCTWLCoU/c4x6K4EEgSMBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 5 Sep 2019 20:01:55 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1713.004; Thu, 5 Sep 2019 20:01:55 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-01.txt
Thread-Index: AQHVZEIEeE3UDlVUJEOY+i1KNIjCY6ceBzAA
Date: Fri, 06 Sep 2019 00:01:55 +0000
Message-ID: <F32CBA84-2D35-4AA6-AB37-BA24D6F023E2@verisign.com>
References: <156772626756.24320.17129416326124710273@ietfa.amsl.com>
In-Reply-To: <156772626756.24320.17129416326124710273@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_5523D37E-DA79-4DAA-887C-9857C8631808"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tBMcqQapEHNzG7DRZh62zpVJ9M0>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 00:02:14 -0000

Dear DNSOP,

The primary change between -00 and -01 is the simplification of the verification protocol
when multiple ZONEMD RRs are present, per the on-list discussions.

Additionally Shane Kerr kindly updated his implementation and confirmed that his and the
author's implementations produce and validate the same digests.

With this version the authors feel that it is ready for working group last call.

DW


> On Sep 5, 2019, at 4:31 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>        Title           : Message Digest for DNS Zones
>        Authors         : Duane Wessels
>                          Piet Barber
>                          Matt Weinberg
>                          Warren Kumari
>                          Wes Hardaker
> 	Filename        : draft-ietf-dnsop-dns-zone-digest-01.txt
> 	Pages           : 29
> 	Date            : 2019-09-05
> 
> Abstract:
>   This document describes an experimental protocol and new DNS Resource
>   Record that can be used to provide a message digest over DNS zone
>   data.  The ZONEMD Resource Record conveys the message digest data in
>   the zone itself.  When a zone publisher includes an ZONEMD record,
>   recipients can verify the zone contents for accuracy and
>   completeness.  This provides assurance that received zone data
>   matches published data, regardless of how the zone data has been
>   transmitted and received.
> 
>   ZONEMD is not designed to replace DNSSEC.  Whereas DNSSEC protects
>   individual RRSets (DNS data with fine granularity), ZONEMD protects
>   protects a zone's data as a whole, whether consumed by authoritative
>   name servers, recursive name servers, or any other applications.
> 
>   As specified at this time, ZONEMD is not designed for use in large,
>   dynamic zones due to the time and resources required for digest
>   calculation.  The ZONEMD record described in this document includes
>   fields reserved for future work to support large, dynamic zones.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-01
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-zone-digest-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-zone-digest-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email