Re: [DNSOP] update on draft-jabley-dnssec-trust-anchor
"W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Tue, 03 November 2015 11:31 UTC
Return-Path: <wouter@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33B851B323B for <dnsop@ietfa.amsl.com>; Tue, 3 Nov 2015 03:31:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.084
X-Spam-Level:
X-Spam-Status: No, score=0.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-o6WJ6FfiC3 for <dnsop@ietfa.amsl.com>; Tue, 3 Nov 2015 03:31:20 -0800 (PST)
Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9187D1B3238 for <dnsop@ietf.org>; Tue, 3 Nov 2015 03:31:20 -0800 (PST)
Received: by dicht.nlnetlabs.nl (Postfix, from userid 58) id DEB7A5DAD; Tue, 3 Nov 2015 12:31:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1446550278; bh=DRFskXvfmCFjTty7Osu2g0hTa169piFoGPU6Qqq/AhM=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=hdEzWdn69he/KJ6PAjH9w+qzkyiMkDnBmWpm9LoKBI9+HJ0Lojxk0KwjUiGbY60+G Mm5N+LCM7gB7qmFEFJqzu26SjCcDuStSs7FNmElzZ/1d8kfcDIGRiFqe9Y72UGINox 11SFP4R2IEgaVBefvjMJ59wLBI9PxKQwQmAuD8+4=
Received: from axiom.nlnetlabs.nl (unknown [IPv6:2a04:b900:0:1:222:4dff:fe55:4d46]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 577F65D9D; Tue, 3 Nov 2015 12:30:48 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1446550248; bh=DRFskXvfmCFjTty7Osu2g0hTa169piFoGPU6Qqq/AhM=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=SC6wLGRgRQWjAMAovOfrV+VJxv6LCC4oQAKxGveU7M+0uGCdOUG5QusvmpJRKgVsC l4V+IgsBGqKcv6tboL6gz1Y2f60A1CpXCUykKOhW33h6bv6fuwoZb7rDXNrX9jHzPv gUTUxnLCArTKd9d9Ft0rWPceSRr1ad5wpNFQRNOo=
Message-ID: <56389AE8.5050607@nlnetlabs.nl>
Date: Tue, 03 Nov 2015 12:30:48 +0100
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Suzanne Woolf <suzworldwide@gmail.com>, Joe Abley <jabley@hopcount.ca>
References: <846193F8-1A47-4D21-97A4-DAF306920417@hopcount.ca> <0A33E9A3-86EB-4DBE-9697-B8EB933B3E26@gmail.com>
In-Reply-To: <0A33E9A3-86EB-4DBE-9697-B8EB933B3E26@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/tf_tcmHtry-LrFbIFSpct5-6pqM>
Cc: dnsop WG <dnsop@ietf.org>, Nevil Brownlee <rfc-ise@rfc-editor.org>
Subject: Re: [DNSOP] update on draft-jabley-dnssec-trust-anchor
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 11:31:22 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Joe, I have reviewed the document, and I support it. section 1. s/complimentary/complementary/ section 4.3. Unbound's implementation currently only accepts trust anchors after the validFrom has passed and not during add-hold-down-time before. I think it is harmless to accept not-yet-valid keys some time in advance, so I think the text is fine, but I am unsure if I should adjust my implementation. Best regards, Wouter On 31/10/15 23:18, Suzanne Woolf wrote: > Joe, > > Thanks for the update. > > Those of you who supported publication— I assume Joe will be > reminding you to review :-) > > > best, Suzanne > >> On Oct 31, 2015, at 4:50 PM, Joe Abley <jabley@hopcount.ca> >> wrote: >> >> Hi, >> >> Just a clarification to the wg, since I think my earlier note on >> this was buried in some long thread -- the authors of >> draft-jabley-dnssec-trust-anchor have taken it to the ISE and it >> has been accepted as a draft on the independent stream. >> >> The next step in the process is for some people to review it. >> Please feel free to do that and send your opinions to >> rfc-ise@rfc-editor.org, ideally cc'ing the authors (directly or >> via this list) so that we know what is happening. >> >> If there are changes proposed as part of the review we will >> follow up with edits and submit them, per the usual process. >> >> Thanks all, >> >> >> Joe >> >> _______________________________________________ DNSOP mailing >> list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ DNSOP mailing list > DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWOJroAAoJEJ9vHC1+BF+NVO0P/2CdXDFq+R5mkYutQ7teJJrS tASghCtEySAjFk6CL8v3g3gX2Uio8Q+m48KetLUha9GbmrSFoQg3bHeFrREzJrtN SDMVfayI8mmkO//uTeY7kJ5ivgt+vVpbLi154ZxD3Qj1Xtnaykbc2cNYleu3mqWP Zz0aCPZTYfIkzOI3ywa6euGT20pJYERfuB6x7/pp5LPQJTVRgQ/ZmoninTknRbAF XmOSOsSAVCsr2c3iV6WpkMpA0EkoBwbvsqpfElKq2DtAtnfcY9Wow7xXa+t7UIar 4jjw0R1aCqBVi7dyAGgcqhszy4s0qIhOwUePbS3BUN6IJVJ4ZNluRis6Mm9IzDVn WR0l7x/8KZPLD9loDoHxrlqCeWkZG1YikRjP8WKLnAnwuMt2Mewdyk/PBNnkfiSp M4Txk4IeLUQoNIPSsLsxUNU54UcOHQYDC7C4oL0C2rtE9+pxotFafbBQyrV+7dtd hQBvgLWuturK8c6XcD1x2APV0WtOyvg06bI3X8uMqiY9Xo9z3id13+5INSbIdUHf xOMI7lcO81GvpSLMsO+MqlhDQMg4DabwhLc2fTSFEbiPNEFJYVlZuKWi2/bR61rr Xz41AcAtLyvdXnKCs5M/o9DmyRywA606/XamqbqrAZTQxIdyQzH5SviFJ24MZmW1 GO8L8IyU8czDVnztIXUg =ab3f -----END PGP SIGNATURE-----
- [DNSOP] update on draft-jabley-dnssec-trust-anchor Joe Abley
- Re: [DNSOP] update on draft-jabley-dnssec-trust-a… Suzanne Woolf
- Re: [DNSOP] update on draft-jabley-dnssec-trust-a… W.C.A. Wijngaards
- Re: [DNSOP] update on draft-jabley-dnssec-trust-a… Rose, Scott