IETF Logo Mail Archive

Re: [DNSOP] update on draft-jabley-dnssec-trust-anchor

"W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Tue, 03 November 2015 11:31 UTC

Return-Path: <wouter@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33B851B323B for <dnsop@ietfa.amsl.com>; Tue, 3 Nov 2015 03:31:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.084
X-Spam-Level:
X-Spam-Status: No, score=0.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-o6WJ6FfiC3 for <dnsop@ietfa.amsl.com>; Tue, 3 Nov 2015 03:31:20 -0800 (PST)
Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9187D1B3238 for <dnsop@ietf.org>; Tue, 3 Nov 2015 03:31:20 -0800 (PST)
Received: by dicht.nlnetlabs.nl (Postfix, from userid 58) id DEB7A5DAD; Tue, 3 Nov 2015 12:31:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1446550278; bh=DRFskXvfmCFjTty7Osu2g0hTa169piFoGPU6Qqq/AhM=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=hdEzWdn69he/KJ6PAjH9w+qzkyiMkDnBmWpm9LoKBI9+HJ0Lojxk0KwjUiGbY60+G Mm5N+LCM7gB7qmFEFJqzu26SjCcDuStSs7FNmElzZ/1d8kfcDIGRiFqe9Y72UGINox 11SFP4R2IEgaVBefvjMJ59wLBI9PxKQwQmAuD8+4=
Received: from axiom.nlnetlabs.nl (unknown [IPv6:2a04:b900:0:1:222:4dff:fe55:4d46]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 577F65D9D; Tue, 3 Nov 2015 12:30:48 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1446550248; bh=DRFskXvfmCFjTty7Osu2g0hTa169piFoGPU6Qqq/AhM=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=SC6wLGRgRQWjAMAovOfrV+VJxv6LCC4oQAKxGveU7M+0uGCdOUG5QusvmpJRKgVsC l4V+IgsBGqKcv6tboL6gz1Y2f60A1CpXCUykKOhW33h6bv6fuwoZb7rDXNrX9jHzPv gUTUxnLCArTKd9d9Ft0rWPceSRr1ad5wpNFQRNOo=
Message-ID: <56389AE8.5050607@nlnetlabs.nl>
Date: Tue, 03 Nov 2015 12:30:48 +0100
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Suzanne Woolf <suzworldwide@gmail.com>, Joe Abley <jabley@hopcount.ca>
References: <846193F8-1A47-4D21-97A4-DAF306920417@hopcount.ca> <0A33E9A3-86EB-4DBE-9697-B8EB933B3E26@gmail.com>
In-Reply-To: <0A33E9A3-86EB-4DBE-9697-B8EB933B3E26@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/tf_tcmHtry-LrFbIFSpct5-6pqM>
Cc: dnsop WG <dnsop@ietf.org>, Nevil Brownlee <rfc-ise@rfc-editor.org>
Subject: Re: [DNSOP] update on draft-jabley-dnssec-trust-anchor
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 11:31:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Joe,

I have reviewed the document, and I support it.

section 1. s/complimentary/complementary/
section 4.3.  Unbound's implementation currently only accepts trust
anchors after the validFrom has passed and not during
add-hold-down-time before.  I think it is harmless to accept
not-yet-valid keys some time in advance, so I think the text is fine,
but I am unsure if I should adjust my implementation.

Best regards, Wouter

On 31/10/15 23:18, Suzanne Woolf wrote:
> Joe,
> 
> Thanks for the update.
> 
> Those of you who supported publication— I assume Joe will be
> reminding you to review :-)
> 
> 
> best, Suzanne
> 
>> On Oct 31, 2015, at 4:50 PM, Joe Abley <jabley@hopcount.ca>
>> wrote:
>> 
>> Hi,
>> 
>> Just a clarification to the wg, since I think my earlier note on
>> this was buried in some long thread -- the authors of
>> draft-jabley-dnssec-trust-anchor have taken it to the ISE and it
>> has been accepted as a draft on the independent stream.
>> 
>> The next step in the process is for some people to review it.
>> Please feel free to do that and send your opinions to
>> rfc-ise@rfc-editor.org, ideally cc'ing the authors (directly or
>> via this list) so that we know what is happening.
>> 
>> If there are changes proposed as part of the review we will
>> follow up with edits and submit them, per the usual process.
>> 
>> Thanks all,
>> 
>> 
>> Joe
>> 
>> _______________________________________________ DNSOP mailing
>> list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
> 
> _______________________________________________ DNSOP mailing list 
> DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWOJroAAoJEJ9vHC1+BF+NVO0P/2CdXDFq+R5mkYutQ7teJJrS
tASghCtEySAjFk6CL8v3g3gX2Uio8Q+m48KetLUha9GbmrSFoQg3bHeFrREzJrtN
SDMVfayI8mmkO//uTeY7kJ5ivgt+vVpbLi154ZxD3Qj1Xtnaykbc2cNYleu3mqWP
Zz0aCPZTYfIkzOI3ywa6euGT20pJYERfuB6x7/pp5LPQJTVRgQ/ZmoninTknRbAF
XmOSOsSAVCsr2c3iV6WpkMpA0EkoBwbvsqpfElKq2DtAtnfcY9Wow7xXa+t7UIar
4jjw0R1aCqBVi7dyAGgcqhszy4s0qIhOwUePbS3BUN6IJVJ4ZNluRis6Mm9IzDVn
WR0l7x/8KZPLD9loDoHxrlqCeWkZG1YikRjP8WKLnAnwuMt2Mewdyk/PBNnkfiSp
M4Txk4IeLUQoNIPSsLsxUNU54UcOHQYDC7C4oL0C2rtE9+pxotFafbBQyrV+7dtd
hQBvgLWuturK8c6XcD1x2APV0WtOyvg06bI3X8uMqiY9Xo9z3id13+5INSbIdUHf
xOMI7lcO81GvpSLMsO+MqlhDQMg4DabwhLc2fTSFEbiPNEFJYVlZuKWi2/bR61rr
Xz41AcAtLyvdXnKCs5M/o9DmyRywA606/XamqbqrAZTQxIdyQzH5SviFJ24MZmW1
GO8L8IyU8czDVnztIXUg
=ab3f
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email