IETF Logo Mail Archive

Re: [DNSOP] Is DNSSEC a Best Current Practice?

Yasuhiro Orange Morishita / 森下泰宏 <yasuhiro@jprs.co.jp> Fri, 11 March 2022 02:44 UTC

Return-Path: <yasuhiro@jprs.co.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD86D3A1181 for <dnsop@ietfa.amsl.com>; Thu, 10 Mar 2022 18:44:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XSvk8W3dL3Zs for <dnsop@ietfa.amsl.com>; Thu, 10 Mar 2022 18:44:49 -0800 (PST)
Received: from off-send41.osa.jprs.co.jp (off-send41.osa.jprs.co.jp [117.104.133.135]) by ietfa.amsl.com (Postfix) with ESMTP id 0A0BC3A0B6C for <dnsop@ietf.org>; Thu, 10 Mar 2022 18:44:47 -0800 (PST)
Received: from off-sendsmg31.osa.jprs.co.jp (off-sendsmg31.osa.jprs.co.jp [172.23.8.161]) by off-send41.osa.jprs.co.jp (Postfix) with ESMTP id 6C6F34058E1; Fri, 11 Mar 2022 11:44:46 +0900 (JST)
Received: from off-sendsmg31.osa.jprs.co.jp (localhost [127.0.0.1]) by postfix.imss91 (Postfix) with ESMTP id 6E8D26021D4D; Fri, 11 Mar 2022 11:44:45 +0900 (JST)
Received: from localhost (off-cpu08.osa.jprs.co.jp [172.23.4.18]) by off-sendsmg31.osa.jprs.co.jp (Postfix) with ESMTP id 597636021D36; Fri, 11 Mar 2022 11:44:45 +0900 (JST)
Date: Fri, 11 Mar 2022 11:44:45 +0900
Message-Id: <20220311.114445.338879450243418596.yasuhiro@jprs.co.jp>
To: paul.hoffman@icann.org
Cc: dnsop@ietf.org
From: Yasuhiro Orange Morishita / 森下泰宏 <yasuhiro@jprs.co.jp>
In-Reply-To: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org>
References: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org>
Organization: Japan Registry Services Co., Ltd.
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSS-9.1.0.1373-8.6.0.1018-26764.004
X-TM-AS-Result: No-0.511-5.0-31-10
X-imss-scan-details: No-0.511-5.0-31-10
X-TMASE-Version: IMSS-9.1.0.1373-8.6.1018-26764.004
X-TMASE-Result: 10-0.510900-10.000000
X-TMASE-MatchedRID: zPCJ1+vwQ/tCXIGdsOwlUu5i6weAmSDK7/Ktm1YD8UJXnNJXNFaUSRWw p0Kh+VWgqnfJzQN3EHXOAwAiZNt8U9i7vKEU6+2DjWbm9Na0o8R4Xox68xVlQJV+pxGjZ2KA2c5 16rvzqrvl/aKCtJ6p8/ONG2qhFF1GDHlMveoJOAQdZEkR8Y/meRKvFacTVVSJYU1yIMYfzU3h06 w0q6p9rHs6SOuw85JswWBND+rbz12vxJaYc6X9S/7FEhWgo0y8Ji3AjuuBMZKbKItl61J/ycnjL TA/UDoAIo0fgFyZfxVJBCh8s9UcDWc9AABlmIKioOaKLxFhZin3FLeZXNZS4Ke93fUrR/Ap/4rW vpj9UchJ+1xz+B+LOgSwH5pyWEFoFL8K6ggackTnIWJsICvWe6qlzbUE8vgVobjBzg/2eJ2KWxm yyRGdL2b8uH4XkopBgdZVKtQIrX8lOvhgIAsi/nWzxraQrrH3fWtDOV9+jn3/UOLrc6wdEHw5ZZ NN17GdQwymtxuJ6y0=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ymyraBgKZMJo195kwWZJELE2N38>
Subject: Re: [DNSOP] Is DNSSEC a Best Current Practice?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 02:44:54 -0000

Paul-san,

> In the big picture, I think it would be good for the DNS to be able
> to refer to DNSSEC more easily. Thoughts?

I think it can be said for RFC 1034 and 1035, too.
But it's much more difficult than DNSSEC.

My friend Takashi Takizawa maintains this horrible figure.

  DNS RFCs - ttkzw's site
  <https://emaillab.jp/dns/dns-rfc/>

-- Orange

-- 
Yasuhiro 'Orange' Morishita <yasuhiro@jprs.co.jp>

From: Paul Hoffman <paul.hoffman@icann.org>
Subject: [DNSOP] Is DNSSEC a Best Current Practice?
Date: Thu, 10 Mar 2022 18:54:07 +0000

> Greetings again. My motivation here is kinda trivial, but I've heard it is a common complaint. When writing a about DNSSEC, I need to reference the RFC. But it's three RFCs (4033, 4034, and 4035), and possibly another (6840). It would be awfully nice to refer to "DNSSEC" with a single reference like "BCP 250".
> 
> To get there, we need to update the RFCs and say that we want an BCP. This is mostly a paperwork exercise, but this WG isn't terribly good at getting those done. Maybe we could create a short-lived WG for moving DNSSEC to BCP that just the DNSSEC-y people need to pay attention to. If we do it, that WG would not take up any new DNSSEC-related work, just spruce up the base RFCs.
> 
> In the big picture, I think it would be good for the DNS to be able to refer to DNSSEC more easily. Thoughts?
> 
> --Paul Hoffman

v2.23.0 | Report a Bug | By Email