IETF Logo Mail Archive

Re: [DNSOP] [Ext] About key tags

John R Levine <johnl@taugh.com> Wed, 28 February 2024 21:44 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AF2FC14F61E for <dnsop@ietfa.amsl.com>; Wed, 28 Feb 2024 13:44:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="aY9EpsgL"; dkim=pass (2048-bit key) header.d=taugh.com header.b="UJwJpPJn"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLoISDYtzZe6 for <dnsop@ietfa.amsl.com>; Wed, 28 Feb 2024 13:44:35 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD83C14E515 for <dnsop@ietf.org>; Wed, 28 Feb 2024 13:44:34 -0800 (PST)
Received: (qmail 36372 invoked from network); 28 Feb 2024 21:44:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=8e1265dfa941.k2402; bh=mi720eTp3N5xoQRfMpxz48M494oPfYjaiV/P22Wfxb4=; b=aY9EpsgLUXpBm+dpQ0IDTmgFTrqmDvFHGY2CiR/Y4G4dKZ5wJ9hqmoeZGtnkLyRGy4pu3ATKPSnIJXYDMAFKLXfN75uBVgeQrF1HNvWaHwle54GkaHu2XeCg7UV9oXmQ6y/P9jC94HazUT+Bjd/17tAYlw+sh1azAlA7B5vcyv+PLA+LYBLokAH1UUpFqw3EHxdM/z91YR5hLH78ts5G8NKJp/Www2BNqqN6KTJtK4w7Yj0BGtLwx1Dh++vRLp3XLJAF2sl+4z9234jVvA5wW9VWuXhxZszCH5O5MgS8KD1HDQyhcKJ6AwYkMrkv8QkW9Pb4Tpix8gAYixnOlFPglw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=8e1265dfa941.k2402; bh=mi720eTp3N5xoQRfMpxz48M494oPfYjaiV/P22Wfxb4=; b=UJwJpPJnm8HtdfDhUTvUt9xycrosE9UoVkH9UON4S++Ji9adURzLWl6QkZu1nOMeu0bJc1e6hjLG5dnzqm+gpxkeJ03R4fn3jSIILzgqV2OVCgu6wMz7w9me949aV9xG1su/V1jJ2PVbeOElObjWQMLUayw0UZjx/t2D4K2uo3IFmHdfpVVAdqqMe2MCE8ybrPAoSdLrtO5Z3vy0uOzLmBGnIdzlTFGnFwRt1w2ZLyHZYEdKBvvfavOxU/vPry7TFPlDJ4k1YdzkTMaECoxU7OmicjobENiadBvaf9gottdg+2X7kwU0Kyj7/P2d7th9OhHIodALLBzjYvNwjggnBw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 28 Feb 2024 21:44:32 -0000
Received: by ary.qy (Postfix, from userid 501) id 969DF841DE3D; Wed, 28 Feb 2024 16:44:32 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 0170B841DE1F; Wed, 28 Feb 2024 16:44:31 -0500 (EST)
Date: Wed, 28 Feb 2024 16:44:31 -0500
Message-ID: <3847aed8-df37-95c1-619b-46cd5959b91b@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Mark Andrews <marka@isc.org>, Edward Lewis <edward.lewis@icann.org>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <424DEFFC-0836-4C6E-842A-F2B332459A8B@isc.org>
References: <9C4B65D7-EC9D-40BC-9B23-825F7FE8FB7E@isc.org> <20240227220905.E06018410007@ary.qy> <641C2E38-F1A8-435B-BA6F-770FEE9AEEA5@icann.org> <424DEFFC-0836-4C6E-842A-F2B332459A8B@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tKz5aW8bJ1e1Jk0Mkx9jYzDYnoI>
Subject: Re: [DNSOP] [Ext] About key tags
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 21:44:40 -0000

On Thu, 29 Feb 2024, Mark Andrews wrote:
>> If it is forbidden in the protocol, it might still happen.
>
> Ed, your reasoning is off.  The point of forbidding is to allow the validator to safely stop as soon as possible when it is under attack.

We're going in circles here.  You want to stop at 2 some time in the 
future after we've changed the spec.  Ed and Shumon and I want to stop at, 
say, 10, right now.  I've never written a DNSSEC validator so I don't know 
how different those are in practice but I'd be surprised if it were very 
much.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email