[DNSOP] draft-mglt-dnsop-dnssec-validator-requirements

Daniel Migault <daniel.migault@ericsson.com> Wed, 22 March 2017 16:59 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E662129A99 for <dnsop@ietfa.amsl.com>; Wed, 22 Mar 2017 09:59:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UXLihplAMPC for <dnsop@ietfa.amsl.com>; Wed, 22 Mar 2017 09:59:29 -0700 (PDT)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF747127601 for <dnsop@ietf.org>; Wed, 22 Mar 2017 09:59:29 -0700 (PDT)
X-AuditID: c618062d-14208980000009d8-01-58d2becbc159
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by (Symantec Mail Security) with SMTP id F6.36.02520.BCEB2D85; Wed, 22 Mar 2017 19:13:31 +0100 (CET)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0319.002; Wed, 22 Mar 2017 12:59:28 -0400
From: Daniel Migault <daniel.migault@ericsson.com>
To: dnsop <dnsop@ietf.org>
Thread-Topic: draft-mglt-dnsop-dnssec-validator-requirements
Thread-Index: AdKjLZVoygz0AXkPS56CAqzMJ1KRrQ==
Date: Wed, 22 Mar 2017 16:59:10 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118BB6696@eusaamb107.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.12]
Content-Type: multipart/alternative; boundary="_000_2DD56D786E600F45AC6BDE7DA4E8A8C118BB6696eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrBLMWRmVeSWpSXmKPExsUyuXRPiO7pfZciDFY0y1ncfXOZxYHRY8mS n0wBjFFcNimpOZllqUX6dglcGSd2tzIXTHet+PVSr4Fxr10XIyeHhICJxOlvx9m7GLk4hATW M0qsO/CfDcJZzijx7/FjVpAqNgEjibZD/ewgtoiAlMSzWY9YQGxhAXOJtvVvGSHiNhJ3tm9h hbD1JLZ13QGyOThYBFQl2l7wgYR5BXwlZi98xARiMwqISXw/tQbMZhYQl7j1ZD4TxEECEkv2 nGeGsEUlXj7+xwphK0nMeX2NGaI+X+Jk+xEWiJmCEidnPmGZwCg4C8moWUjKZiEpg4jrSCzY /YkNwtaWWLbwNTOMfebAYyZk8QWM7KsYOUqLC3Jy040MNjECw/uYBJvuDsb70z0PMQpwMCrx 8BZMvBQhxJpYVlyZe4hRgoNZSYRXdDVQiDclsbIqtSg/vqg0J7X4EKM0B4uSOO+E8xcihATS E0tSs1NTC1KLYLJMHJxSDYzWMxJvS/19tuAdZ2/BkfevBSZ2Vk3Zr9kV7VnouLdIffWG3Ysf qi2yTJX/WNj6c4cBw6nUxoiv81WOKJ9xE2xmflLqeqnfdL2A+//yOfl2S5hCRG6rbqy2+tw8 qb1gyvdPRiqCrVEZm42nXrPyql6YIyubFqplmjW/sJH3ZryV4jvrfOm/zkosxRmJhlrMRcWJ AP2P0bhrAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wROEXKmqdCh-dQXp_-7V-4WZet4>
Subject: [DNSOP] draft-mglt-dnsop-dnssec-validator-requirements
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 16:59:32 -0000

Hi,

Please find an update of our draft on DNSSEC Validator Requirements [xml - txt].

DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too DNS authoritative operations - like KSK roll over, signing errors.... - and 2) network administrators have little control on these resolvers to recover such situations.
The draft describes how invalid DNSSEC related RRsets may be considered by the resolver. The listed requirements aim at designing mechanisms as well as interactions with network managers can easily solve/avoid these situations. Such mechanisms are expected to encourage DNSSEC deployment on resolvers.

Comments are welcome!

Yours,
Daniel

[txt] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements-05.txt
[xml] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements-05.xml


[Ericsson]<http://www.ericsson.com/>

DANIEL MIGAULT
Researcher
Research

Ericsson
8500 Boulevard Decarie
H4P 2N2 Montreal, Canada
Phone +1 514 345 7900 46628
Mobile +1 514 452 2160
daniel.migault@ericsson.com
www.ericsson.com


[http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign>

Legal entity: Ericsson Canada Inc., registered office in Montreal. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>