Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

"John Levine" <johnl@taugh.com> Sat, 28 July 2018 21:58 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A341B131138 for <dnsop@ietfa.amsl.com>; Sat, 28 Jul 2018 14:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=FuTDWSOG; dkim=pass (1536-bit key) header.d=taugh.com header.b=ipSskexG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsHp76p4a6s8 for <dnsop@ietfa.amsl.com>; Sat, 28 Jul 2018 14:58:08 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24BA613114F for <dnsop@ietf.org>; Sat, 28 Jul 2018 14:58:07 -0700 (PDT)
Received: (qmail 70168 invoked from network); 28 Jul 2018 21:58:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11210.5b5ce6ee.k1807; bh=j4N/VwDMQd1UaMg+Mlq3eqCr1ZZmgqgjpqHREdaliQM=; b=FuTDWSOGRbNKHHZJyqRlbCR750qJSiqb21cp81b+EtL0I6W5mzfNhs4qszPM6VkHvoJVRU2A/+RcmKob7hYtdrnhv/tPyVOI3nrWjcn/fy8qTOPHzOntZ7l1I6a0iYqKFJHRBE2HHtDA6mlh3FW+q8aF8ODwxxkhXghqIQHio0Wt5vFJWSeDdGEuZrfSKxLUesCWqgrGEZwc961nvKAijcirK1aRrIb9IYDCXKz8EGcdYK4k0e1IWcTfOsiUNXf0
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11210.5b5ce6ee.k1807; bh=j4N/VwDMQd1UaMg+Mlq3eqCr1ZZmgqgjpqHREdaliQM=; b=ipSskexGHzi7Rm5yPXpGnGZZc2RIhSC48SumVM1zAEhJqpu4KdGaWos2ko5x03kz2mjGefVlwysy+Zie++7kLBKV83nEAwO7NED506kCXjNRj3a8UNPXU4sMStIQplnARNg9IYx5FmLzTsrpEo+duCOfajwb8YVbaFbjYYI2PCad44NAnhXn8UnzOUU1kbW9ClUVp0XzaoeY+3QGRAbdfPfEhMb5spBTUsAvE60CpGqe+2f4JczEQXX5dS+xhzKY
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Jul 2018 21:58:06 -0000
Received: by ary.qy (Postfix, from userid 501) id E60F020030A8E0; Sat, 28 Jul 2018 17:58:05 -0400 (EDT)
Date: Sat, 28 Jul 2018 17:58:05 -0400
Message-Id: <20180728215805.E60F020030A8E0@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: ondrej@isc.org
In-Reply-To: <208F049B-B35A-4755-9A20-FA0C7F6855CF@isc.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tVYovSGgbxZ8WmuGShMUcd9GBJI>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jul 2018 21:58:10 -0000

In article <208F049B-B35A-4755-9A20-FA0C7F6855CF@isc.org> you write:
>a) the hash has to be independent to zone, so either the hash has to reside outside of the root zone, or the root zone file would
>have to be reconstructed with “the torrent hash” and “the torrent data”; generally you would want the hash to be signed,
>so the TORRENT RR + RRSIG would have to be distributed outside of the data received via BitTorrent

I'm confused again.  Why couldn't the hash RR and sig be in the zone
just like any other record in the zone?

R's,
John