[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis
Joe Abley <jabley@strandkip.nl> Mon, 17 June 2024 15:45 UTC
Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D233C180B50 for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 08:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.212
X-Spam-Level:
X-Spam-Status: No, score=-1.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-ngQIFXVEN0 for <dnsop@ietfa.amsl.com>; Mon, 17 Jun 2024 08:45:08 -0700 (PDT)
Received: from st43p00im-zteg10062001.me.com (st43p00im-zteg10062001.me.com [17.58.63.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29653C180B4F for <dnsop@ietf.org>; Mon, 17 Jun 2024 08:45:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1718639107; bh=RzgzdYJpfZO1P1UMLEaGXd5tReV/PRz0+0FRzTviPao=; h=Content-Type:From:Mime-Version:Subject:Date:Message-Id:To; b=Weq+ODRLGaKD38RRLPy5aHuEYQqIPwn+dUHQVoO2CR8al0si1bVTZoPyHsZLiupGB LXhX1tdIV1DoFB8NTkkvGPQIdZsUzX3xuA0aQAqB41NBhkw5A1zq4WRViTBacKNry3 /3Br3JPXRKyrQ3vAqrD/41jR6wMt1dO+Q7doEONqz3af0lWJeOOaBSx+wWllRvIwxv y0rCXg3X3rd0jjPB/9tj0paEWima2aeNMrd+djJcb1bH/G5k+w8D4NtFZWY1us/D2h QjuOCEvTKWYIaesmG7NFUM3Hzo0oYSFPzVPBKP4Y6SIyOm5oWBaxxE+mCerYfT35zZ GAdTWN6ob17XQ==
Received: from smtpclient.apple (st43p00im-dlb-asmtp-mailmevip.me.com [17.42.251.41]) by st43p00im-zteg10062001.me.com (Postfix) with ESMTPSA id 8D4DFC8059A; Mon, 17 Jun 2024 15:45:06 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail-190EA5D0-C4BB-48F0-9D87-2B056345FAC2"
Content-Transfer-Encoding: 7bit
From: Joe Abley <jabley@strandkip.nl>
Mime-Version: 1.0 (1.0)
Date: Mon, 17 Jun 2024 17:44:53 +0200
Message-Id: <426AA277-1698-4EE4-B3E9-745DB9EAA947@strandkip.nl>
References: <CADyWQ+GH-8XsxPqCvBQ2p1mDwz1uG0+RPdyrKX8P=LRS6Am_aQ@mail.gmail.com>
In-Reply-To: <CADyWQ+GH-8XsxPqCvBQ2p1mDwz1uG0+RPdyrKX8P=LRS6Am_aQ@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
X-Mailer: iPhone Mail (21F90)
X-Proofpoint-ORIG-GUID: ts0ihCnsUI67H2D5w3WiBjrUIGg2TKRW
X-Proofpoint-GUID: ts0ihCnsUI67H2D5w3WiBjrUIGg2TKRW
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-17_13,2024-06-17_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 adultscore=0 malwarescore=0 clxscore=1030 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2406170122
Message-ID-Hash: IKUIKV57Y3VG7QWGZVYI5RXXFKQOBZPS
X-Message-ID-Hash: IKUIKV57Y3VG7QWGZVYI5RXXFKQOBZPS
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vBvZOt3dNABd7SyBeFovzgSHTyY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On 17 Jun 2024, at 17:40, Tim Wicinski <tjw.ietf@gmail.com> wrote:
Paul is correct on this - we would like a few more comments on the clarification changes to RFC8109-bis.Also, Willem offered some suggested text to the last paragraph of 3.3 relating to http://root-servers.net" rel="nofollow">root-servers.net :"DNSSEC validation of the priming query is valuable when http://root-servers.net" rel="nofollow">root-servers.net zone will be DNSSEC signed and resolvers revalidate the root server addresses, by following up with direct A and AAAA queries for the names of the root NS RRset"I would only offer up some slight edit:"will be valuable when" sounds clearer than "is valuable when" but I will leave that as a suggestion.DNSSEC validation of the priming query will be valuable when the http://root-servers.net" rel="nofollow">root-servers.net zone is DNSSEC signed.Some final considerations pleasetim_______________________________________________One more nudge on this, before the deadline tomorrow.
--Paul Hoffman
On Jun 5, 2024, at 09:28, Paul Hoffman <paul.hoffman@icann.org> wrote:
>
> Tim jumped the gun by about an hour: we just submitted the -05. It incorporates the suggested text from below; you can see the diff at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-rfc8109bis-05" rel="noreferrer nofollow" target="_blank">https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-rfc8109bis-05
>
> FWIW, this new text is somewhat based on the findings from NLnetLabs and SIDN on a project supported by ICANN. You can see the report, and an earlier report on a related topic, at:
> https://www.icann.org/resources/pages/octo-commissioned-documents-2020-11-05-en" rel="noreferrer nofollow" target="_blank">https://www.icann.org/resources/pages/octo-commissioned-documents-2020-11-05-en
>
> Please let us know if you have any issues with the changed text in the new version.
>
> --Paul Hoffman
>
>
> On Jun 5, 2024, at 08:25, Tim Wicinski <tjw.ietf@gmail.com> wrote:
>>
>> All
>>
>> The chairs are requesting some final comments on draft-ietf-dnsop-rfc8109bis. As you might recall, this document has already been through WGLC and had consensus to advance, but our AD reviewed it and raised some additional questions. (Warren Kumari, “AD Review of draft-ietf-dnsop-rfc8109bis,” email to the list on 31 January.)
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-leave@ietf.org
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP]Requesting final comments on draft-ietf-dn… Tim Wicinski
- [DNSOP]Re: [Ext] Requesting final comments on dra… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… A. Schulze
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Tim Wicinski
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… jabley
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] Re: [Ext] [DNSOP]Requesting final comment… Willem Toorop
- [DNSOP] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Paul Hoffman
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Joe Abley
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Geoff Huston
- [DNSOP] Re: [Ext] To sign root-servers.net or not? Tim Wicinski
- [DNSOP] Re: [DNSOP]Re: [Ext] Requesting final com… Tim Wicinski