Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec

Paul Hoffman <paul.hoffman@icann.org> Sat, 26 March 2022 01:21 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2333A0658; Fri, 25 Mar 2022 18:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eVeopPCwZ0Iq; Fri, 25 Mar 2022 18:21:44 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2517B3A0598; Fri, 25 Mar 2022 18:21:44 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa4.dc.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 22Q1LftT008116 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 26 Mar 2022 01:21:42 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Fri, 25 Mar 2022 18:21:41 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0986.022; Fri, 25 Mar 2022 18:21:40 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Joey Deng <qiaoyu_deng=40apple.com@dmarc.ietf.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [Ext] [DNSOP] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
Thread-Index: AQHYQK/Y8Y2sOAO+ikudRrSf+D5KeA==
Date: Sat, 26 Mar 2022 01:21:40 +0000
Message-ID: <C7CB28B5-BAFA-47A0-A184-7246EA82150D@icann.org>
References: <mailman.1990.1648164410.21334.dnsop@ietf.org> <AB036D37-2CFE-4D08-8868-302B8AD3CB64@apple.com>
In-Reply-To: <AB036D37-2CFE-4D08-8868-302B8AD3CB64@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_D76B9ACA-FD42-43F2-8EAD-BE727D70DB65"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-25_08:2022-03-24, 2022-03-25 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xxaYCBuKAb3tLGzxQbXH7cHHhiU>
Subject: Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Mar 2022 01:21:49 -0000

On Mar 25, 2022, at 5:59 PM, Joey Deng <qiaoyu_deng=40apple.com@dmarc.ietf.org> wrote:
> A possible format issue:

Thanks! That will be fixed in the next version.

> Since the description above mainly focuses on the new cryptography adopted by DNSSEC, I think it would make more sense to use title like:
> 
> Additional Cryptographic Algorithms in DNSSEC

Yes, great.

> During my reading of DNS and DNSSEC, I found another RFC (RFC 7129) very helpful in understanding the motivation from NSEC to NSEC3, besides RFC 5155, but it is not listed in the draft above (maybe because it is for informational purposes?).
> https://datatracker.ietf.org/doc/rfc7129/

While RFC 7129 is interesting for understanding the protocol, it is background material and maybe not really part of the protocol itself or an extension to the protocol itself. I'm not sure where it would fit into this document.

--Paul Hoffman