IETF Logo Mail Archive

Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.

Warren Kumari <warren@kumari.net> Mon, 29 February 2016 17:27 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 251F31B3838 for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 09:27:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKNDNWU9Q163 for <dnsop@ietfa.amsl.com>; Mon, 29 Feb 2016 09:27:33 -0800 (PST)
Received: from mail-yk0-x234.google.com (mail-yk0-x234.google.com [IPv6:2607:f8b0:4002:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A06811B3829 for <dnsop@ietf.org>; Mon, 29 Feb 2016 09:27:33 -0800 (PST)
Received: by mail-yk0-x234.google.com with SMTP id r207so66072169ykd.2 for <dnsop@ietf.org>; Mon, 29 Feb 2016 09:27:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/SdAMc07Y0ezjrIpbXRNYk1iD8yTPwpgk//7yqNQmyc=; b=KfI4LfeWp7W367LbB3nRWHhhvYvf76trELlRcIVbg39mHy/9cxcr7VPrtPTb7s2NbX vZF8KIGp6em7UkPH5/Jke7smrh6U+6A/NiO2GBq7Mr++T+BypfukleQzm7rJKf/H1wyI 0FHjxVnzFkUrUegJFZonU5KkUPaBgIMJD4IMqm/BCuD7xTjGAkKorHAYNw+aNwlrJi7d Bzmd1bvzaAPvnxY+j9rCAqYvLRFIm5phBZj3gOMTJ8tZCj77QNg9V3NjRUiy7999NCLN zxxpM7oI5C7aVcOKPkSUF9z7yBpiBwz3Vm6h4vg4VHJHd6DcgbPqZSUUbs7tUICTwkhq oEiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/SdAMc07Y0ezjrIpbXRNYk1iD8yTPwpgk//7yqNQmyc=; b=HWvA2h4mL4KYcVqUTeAm35e8ycoRNPtbuOke9+OtfjUtMpMKY/KYr6obBpvEgRxU5f v4n/4QGZTcyo89jcWSGlbd1YuZ7DrHwR0zVvg5B1dDMR4pW3irzgsvynD/g90PON8otv d/XbdWwQ5bSZKNhcRwMKxV56aZnQRFwEUipJxhmNG63wzB3JwiRC+Ltotm4tf5hto7+1 YPY+wTFm2IjZkg46NOXlJ6IZdV5u/cdYc0DSq3JV/cQGRi/IROJZ9tdmsQLmWoy9aIs9 +ai7aVIc8enonun6HUVmQQZANDSqv3ULf32djH1sZjc57RsIm5JKJip/mu66UgrTvxw8 /Crg==
X-Gm-Message-State: AD7BkJKhz6XvuN1BLsFG0VNMQXFxVeKDEOgP5wNJerHF793MAGwXMMmFZDAz8jD5ZolbGcZe0aU3ONP3IoUqtYBr
X-Received: by 10.37.45.196 with SMTP id t187mr9777711ybt.174.1456766852929; Mon, 29 Feb 2016 09:27:32 -0800 (PST)
MIME-Version: 1.0
References: <D2F9A5BA.13FE2%edward.lewis@icann.org> <20160229151220.7d7e9643@pallas.home.time-travellers.org> <CAHw9_iKHYr9_FvkuKVoU_3QKHKwdEBE1wbcSdJv0y7y_g8wVmQ@mail.gmail.com> <C827F477-8E39-4D7B-A407-813905DF6B4E@vpnc.org>
In-Reply-To: <C827F477-8E39-4D7B-A407-813905DF6B4E@vpnc.org>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 29 Feb 2016 17:27:22 +0000
Message-ID: <CAHw9_iK=Lq4iqoa=o8wQpUVbTrPC0=5=YKL+LcDVXD8N=X54TQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="001a11c1697cca478e052cebf604"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/yTijr8NmWnM8LZYgQP_aFcSrE5U>
Cc: Shane Kerr <shane@time-travellers.org>, Edward Lewis <edward.lewis@icann.org>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Fracturing the protocol - was Re: Updated cheese-shop.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 17:27:35 -0000

On Mon, Feb 29, 2016 at 11:27 AM Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On 29 Feb 2016, at 8:13, Warren Kumari wrote:
>
> > I *think* that the document / proposal implicitly handles this case
> > already.
>
> Please make the "if the root zone isn't signed with NSEC then fall back"
> explicit. Implicit to you is confusing to others.


> >
> > If the root (of whatever tree / name resolution system you have) is
> > not
> > DNSSEC signed, you do not get back valid NSEC records. If you do not
> > get
> > back valid NSEC records, there is no work to do.
>
> It's more than that. It is "and you have to go back to doing 4035".
>

"If the root zone is no longer DNSSEC signed with NSEC records then this
document no longer applies. Resolvers MUST continue to work in such an
environment."

Not sure where I can add the "do 4035" wording - if the root is no longer
DNSSEC signed, 4035 doesn't apply at all. I think that the above text
handles things, but I may be missing something...


>
> > I guess I could sprinkle "DNS" all over:
> > "The scope of this document is limited to the special case of
> > recursive
> > DNSSEC validating resolvers querying the root zone.", e.g
> > "The scope of this document is limited to the special case of
> > recursive
> > DNSSEC validating resolvers querying the IANA administered DNS root
> > zone."
>
> Please no. (Ed might disagree with me on this.) I think every document
> that talks about the DNS in the IETF is about the IANA-administered DNS
> except where loudly noted.
>

I added "global DNS root zone." initially, but I've just removed global (in
the editor copy / github version - I'm try to incorporate people's comments
as I get them, so that folk can follow along at home and make sure that I'm
accurately capturing what they are requesting. Current version is
(hopefully always!) at:
https://github.com/wkumari/draft-wkumari-dnsop-cheese-shop/ )


>
> --Paul Hoffman
>

v2.23.0 | Report a Bug | By Email