Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 and AD

Geoff Huston <gih@apnic.net> Wed, 04 April 2018 05:12 UTC

Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <B83C8945-C7CC-44D3-BB0B-E036DF05EED0@isc.org>
Date: Wed, 04 Apr 2018 15:12:29 +1000
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <59D24D95-0A54-4F89-9F0C-4FDE68486049@apnic.net>
References: <039408B0-89EE-4038-B9C9-CBCC35EC24EC@isc.org> <64816369-700A-4413-B1F0-160FB145EE6C@gmail.com> <BF3E4F4D-027C-4A2B-8026-14AF3FBA4603@isc.org> <2F103A8E-72F6-4159-900D-B7006D0AC647@gmail.com> <6D617FAC-D981-4AE1-8943-4F0D12C46397@vpnc.org> <0B0775D9-B5E6-4778-A199-FE4D09A0BE17@apnic.net> <D19F6299-922A-4DCE-8E95-85CA72E63129@vpnc.org> <A4AA3F56-12A5-4951-B01A-450B493E0E4A@apnic.net> <412D2533-2332-4F38-BAC6-4C5AF391C124@isc.org> <756BFAD3-2867-4646-B028-7D93C05BA8F3@apnic.net> <167E8357-FE53-43DC-84C6-B720BD8069E4@isc.org> <E7EFB44E-09C8-492D-AF9A-7EAAECD729D5@apnic.net> <3282A858-194C-4E28-AA2B-28F0881B9BAA@isc.org> <50B1B4C2-29EC-4CF1-946F-95D823A15860@apnic.net> <B83C8945-C7CC-44D3-BB0B-E036DF05EED0@isc.org>
To: Mark Andrews <marka@isc.org>
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2018 05:12:40.0442 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 042ecac2-064c-487a-cf42-08d599eab0b0
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SIXPR04MB0698
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/urxNc74R3BS1mPJYzaEzL_x42Vc>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 and AD
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 05:12:47 -0000

>> 
>> 
>> All of the following conditions must be met to trigger special
>> processing inside resolver code:
>> 
>> o  The DNS response is DNSSEC validated
>> 
>> o  The result of validation is “Secure”.
>> 
>> o  The Checking Disabled (CD) bit in the query is not set.
>> 
>> o  The QTYPE is either A or AAAA (Query Type value 1 or 28).
>> 
>> o  The OPCODE is QUERY.
>> 
>> o  The leftmost label of the original QNAME (the name sent in the
>>   Question Section in the original query) is either "root-key-
>>   sentinel-is-ta-<key-tag>" or "root-key-sentinel-not-ta-<key-tag>”.
>> 
>> 
>> Geoff
> 
> I think that is the way to go.
> 

Mark, thanks for your patience with my evident cluelessness!


Geoff

[DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 and … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Paul Hoffman
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Evan Hunt
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Evan Hunt
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Warren Kumari
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Paul Hoffman
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Mark Andrews
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Geoff Huston
Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-10 … Petr Špaček