Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"

Daniel Migault <mglt.ietf@gmail.com> Tue, 05 May 2020 16:02 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D4553A0879 for <dnsop@ietfa.amsl.com>; Tue, 5 May 2020 09:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6_MzJwBq_tr for <dnsop@ietfa.amsl.com>; Tue, 5 May 2020 09:02:40 -0700 (PDT)
Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 698173A08B8 for <dnsop@ietf.org>; Tue, 5 May 2020 09:02:31 -0700 (PDT)
Received: by mail-vk1-xa34.google.com with SMTP id u203so622131vkb.11 for <dnsop@ietf.org>; Tue, 05 May 2020 09:02:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L62r6+Dr81YMmuPuoWfqcQFwbNHEJ6DI1naryCjEdNE=; b=bY7Hi8PrEcnAUXl/y+vQJ6wNWOaD9HsuIwGLmk/1uHg551y9Y0A8VD3/keXvBH1rpv gS/yoCEQ4Fzw2g79tVpVsymtaYuG9H8txR4fspXwZhodzkGROsinjjH53HwdKj2v+rUb GQt0YFDI0YKFztypSU1thVnExzJ1iqP9eKkqd6bzL1dimdo4XosFmfwlehETv1mxsnG3 YJJrJx9nnANaCMnUhdzAeobitWR4fAkqOiSLAu+p0r7cxOHXwmLNOdrGGBBfwLgtgJPd lQeNQERBTvLN8Neo9uTK92JdjdN78dXajnKdavfZexEkMkgY7a1okSCt2PVp8mrpSG0z EcbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L62r6+Dr81YMmuPuoWfqcQFwbNHEJ6DI1naryCjEdNE=; b=e4+YxnhY/olcyVPWExGZRENnAIKGLl9ecXCsK4uO22A/F1Gkb7HxT9+5+q5EJ6XTvp qtMGyuA/uqugp5ed04c7MwQ+reR2hTQYOFErpDx61eH9munBuVLEz69o2z/SPNRp+kY5 yCSlaaEl83JLSXiA9extaz6uT6rlyK53wRC5Z9bb4pm7n8g0Wj1DysCXY/OyB1i9mLy7 TkSbkPFiYvW/c/T07Hd6oEBALooRWsy7O9yclR57sv21g6bwW0rpZDJV4lZXaopIiCNz v0utv4YlbvapkOAMHwM4B1xmWIwUS1mk1pCuIw4qxfYKJLpwxtDpaEo/I1pyToj+5rMx OU7g==
X-Gm-Message-State: AGi0Puae0RAt3QhQKHyqaAZ8MiggBmb/fpvEf/zampSBhnAnfgNX/bU5 AJxaJcpdbQvYKzhdFb75X2Jh98cOgYxFkge9mly+R/ur
X-Google-Smtp-Source: APiQypKHt3GtAZBlSan3M4B+BgqmuxyuIfIj3b0V6ybCjyRFbWarHWK6uRWa5LHHLeZF22Gzs++FTRPQPeehV7BZW2k=
X-Received: by 2002:ac5:c2ce:: with SMTP id i14mr3234729vkk.30.1588694550281; Tue, 05 May 2020 09:02:30 -0700 (PDT)
MIME-Version: 1.0
References: <158861946403.9316.9132034162941715598@ietfa.amsl.com> <CA+nkc8Bd+X9vfMq-Fzm6x1BbkiYGxh_TaxTwRXGj+2bXF+w-aw@mail.gmail.com> <CA+nkc8Bp_Js5_PF3PPPjtSuEetUwZpNxjJie5UXkD_3X-HRASg@mail.gmail.com> <SA0PR15MB379199F512D21F540C066464E3A70@SA0PR15MB3791.namprd15.prod.outlook.com>
In-Reply-To: <SA0PR15MB379199F512D21F540C066464E3A70@SA0PR15MB3791.namprd15.prod.outlook.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Tue, 5 May 2020 12:02:18 -0400
Message-ID: <CADZyTknCkTb9upGNLt-SF_13=Q-+P+D5vk_5uV61hBwGZttJJw@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000053816705a4e8c6da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vT3W9fB9SLee3GL0yXk9w7pEifg>
Subject: Re: [DNSOP] The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption By WG Issued"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 16:02:45 -0000

Hi Bob,

I apology the previous email has just been sent unexpectedly.

Thanks for the comments. The new version of the file is available here [1]
and a diff is available at [2].

I propose the following text for clarification. Feel free to let me know if
that addresses your concern.

OLD:
Not updating the configuration file prevents a failed synchronization to to
the absence of write permission that are hardly in the control of the
software."

NEW
Avoiding the configuration file to be updated prevents old configuration
file to survive to writing error on read-only file systems.

Please inline other comments.

Yours,
Daniel

[1]
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements.mkd
[2]
https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/f8ab674b12442aff6ba3c72a3ca8f795f24b2df9#diff-c7cc8f0bdd4d7cce2082828d70d2bf35


On Tue, May 5, 2020 at 11:52 AM Daniel Migault <daniel.migault=
40ericsson.com@dmarc.ietf.org> wrote:

> Hi Bob,
>
> Thanks for the comments. The new version of the file is available here [1]
> and diff can be seen at [2].
>
> I propose the following text. Does it clarify the concern ?
> Avoiding the configuration file to be updated prevents old configuration
> file to survive to writing error on read-only file systems.
>
>
> "Not updating the configuration file prevents a failed
>    synchronization to to the absence of write permission that are hardly
>    in the control of the software."
>
> <mglt>
> </mglt>
>
> [1]
> https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements.mkd
> [2]
> https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/f8ab674b12442aff6ba3c72a3ca8f795f24b2df9#diff-c7cc8f0bdd4d7cce2082828d70d2bf35
>
> <https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/f8ab674b12442aff6ba3c72a3ca8f795f24b2df9#diff-c7cc8f0bdd4d7cce2082828d70d2bf35>
> bob's comment · mglt/draft-mglt-dnsop-dnssec-validator-requirements@f8ab674
> <https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/commit/f8ab674b12442aff6ba3c72a3ca8f795f24b2df9#diff-c7cc8f0bdd4d7cce2082828d70d2bf35>
> Contribute to mglt/draft-mglt-dnsop-dnssec-validator-requirements
> development by creating an account on GitHub.
> github.com
>
>
>
> ------------------------------
> *From:* Bob Harold <rharolde@umich.edu>
> *Sent:* Monday, May 4, 2020 4:29 PM
> *To:* Daniel Migault <daniel.migault@ericsson.com>
> *Subject:* Fwd: [DNSOP] The DNSOP WG has placed
> draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption
> By WG Issued"
>
> Minor nits:
>
> 7.  Trust Anchor Related Recommendations
>
> Last sentence, last few words:
> "in section Section 8" > "in Section 8"
>
> <mglt>
> addressed
> </mglt>
>
> 7.2.1.  Automated Updates to DNSSEC Trust Anchors
>
> "TA updates is" > "TA updates are"
>
> <mglt>
> addressed
> </mglt>
>
> "but due to human" > "due to human"
>
> <mglt>
> addressed
> </mglt>
>
> 7.2.2.  Automated Trust Anchor Check
>
> "Not updating the configuration file prevents a failed
>    synchronization to to the absence of write permission that are hardly
>    in the control of the software."
>
> <mglt>
> I propose the following text. Does it clarify the concern ?
> Avoiding the configuration file to be updated prevents old configuration
> file to survive to writing error on read-only file systems.
> </mglt>
>
> Seems confusing, please rewrite.
>
> "The TA can be queries" > "The TA can be queried"
>
> <mglt>
> addressed
> </mglt>
>
> "does not only concerns" > "does not only concern"
> <mglt>
> addressed
> </mglt>
> "if the mismatch result" > "if the mismatch resulted"
> <mglt>
> addressed
> </mglt>
>
> 8.  Negative Trust Anchors Related Recommendations
>
> "disable the signature check for that key the time" > "disable the
> signature check for that key until the time"
> <mglt>
> addressed
> </mglt>
>
> "This does not prevents" > "This does not prevent"
> <mglt>
> addressed
> </mglt>
> "either an attack or a failure into" > "either an attack or a failure in"
> <mglt>
> addressed
> </mglt>
> 10.1.  Automated Reporting
>
> "will take the appropriated steps" > "will take the appropriate steps"
> <mglt>
> addressed
> </mglt>
> --
> Bob Harold
>
>
> ---------- Forwarded message ---------
> From: *Bob Harold* <rharolde@umich.edu>
> Date: Mon, May 4, 2020 at 4:28 PM
> Subject: Re: [DNSOP] The DNSOP WG has placed
> draft-mglt-dnsop-dnssec-validator-requirements in state "Call For Adoption
> By WG Issued"
> To: IETF DNSOP WG <dnsop@ietf.org>
>
>
> Looks useful, I will review.
>
> --
> Bob Harold
>
>
> On Mon, May 4, 2020 at 3:13 PM IETF Secretariat <
> ietf-secretariat-reply@ietf.org> wrote:
>
>
> The DNSOP WG has placed draft-mglt-dnsop-dnssec-validator-requirements in
> state Call For Adoption By WG Issued (entered by Tim Wicinski)
>
> The document is available at
>
> https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>


-- 
Daniel Migault
Ericsson