Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt

Mark Andrews <marka@isc.org> Tue, 19 February 2019 00:27 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639BF1310C3 for <dnsop@ietfa.amsl.com>; Mon, 18 Feb 2019 16:27:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95rHTVnqy_qF for <dnsop@ietfa.amsl.com>; Mon, 18 Feb 2019 16:27:49 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 889901200ED for <dnsop@ietf.org>; Mon, 18 Feb 2019 16:27:49 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 151113AB03C; Tue, 19 Feb 2019 00:27:49 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id CFC68160048; Tue, 19 Feb 2019 00:27:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id ABD5F160066; Tue, 19 Feb 2019 00:27:47 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wm24Oznoy0SS; Tue, 19 Feb 2019 00:27:47 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id ECD35160048; Tue, 19 Feb 2019 00:27:46 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <969D8BA1-6ED3-47E8-AFFD-2BEE8EA3E66B@bangj.com>
Date: Tue, 19 Feb 2019 11:27:44 +1100
Cc: dnsop WG <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EEF5A840-432E-4E87-A4C6-8C44DB733BC4@isc.org>
References: <155053239541.25848.12960190085730298684.idtracker@ietfa.amsl.com> <969D8BA1-6ED3-47E8-AFFD-2BEE8EA3E66B@bangj.com>
To: Tom Pusateri <pusateri@bangj.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tawIHF_8ys_aaVfpPjE5yAveXgo>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2019 00:27:51 -0000

I have yet to seen a justification for using SHAKE128 vs any of the existing
hash algorithms used in DNS.  You really need to justify this choice on security
concerns.  DNS server implementers need to support multiple crypto backends and
adding yet another algorithm is not as easy as just calling OpenSSL.  It’s writing /
expanding a shim layer.  It’s checking for the existence on all the platforms
the server is built on.  Just closing the issue isn’t addressing it.

https://github.com/pusateri/draft-pusateri-dnsop-update-timeout/issues/19

> On 19 Feb 2019, at 10:34 am, Tom Pusateri <pusateri@bangj.com> wrote:
> 
> DNSOP,
> 
> We have updated the TIMEOUT resource record draft based on the great feedback from Mark Andrews, Joe Abley, Ted Lemon, and Paul Vixie. I think we have addressed all of the comments except for the Date format concern from Mark. That is still an outstanding issue. Please comment on it if you have an opinion or feel free to open other issues against the document or send comments to the list.
> 
> The TIMEOUT RR is just like any other resource record now with no special handling.
> 
> Issues are on Github:
> https://github.com/pusateri/draft-pusateri-dnsop-update-timeout/issues
> 
> Thanks,
> Tom & Tim
> 
> 
>> Begin forwarded message:
>> 
>> From: internet-drafts@ietf.org
>> Subject: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt
>> Date: February 18, 2019 at 6:26:35 PM EST
>> To: "Tim Wattenberg" <mail@timwattenberg.de>de>, "Tom Pusateri" <pusateri@bangj.com>
>> 
>> 
>> A new version of I-D, draft-pusateri-dnsop-update-timeout-01.txt
>> has been successfully submitted by Tom Pusateri and posted to the
>> IETF repository.
>> 
>> Name:		draft-pusateri-dnsop-update-timeout
>> Revision:	01
>> Title:		DNS TIMEOUT Resource Record
>> Document date:	2019-02-18
>> Group:		Individual Submission
>> Pages:		13
>> URL:            https://www.ietf.org/internet-drafts/draft-pusateri-dnsop-update-timeout-01.txt
>> Status:         https://datatracker.ietf.org/doc/draft-pusateri-dnsop-update-timeout/
>> Htmlized:       https://tools.ietf.org/html/draft-pusateri-dnsop-update-timeout-01
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-pusateri-dnsop-update-timeout
>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-pusateri-dnsop-update-timeout-01
>> 
>> Abstract:
>>   This specification defines a new DNS TIMEOUT resource record (RR)
>>   that associates a lifetime with one or more zone resource records
>>   with the same owner name, type, and class.  It is intended to be used
>>   to transfer resource record lifetime state between a zone's primary
>>   and secondary servers and to store lifetime state during server
>>   software restarts.
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>> 
>> The IETF Secretariat
>> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org