Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance

Wes Hardaker <wjhns1@hardakers.net> Mon, 14 June 2021 23:20 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AACA93A12C1 for <dnsop@ietfa.amsl.com>; Mon, 14 Jun 2021 16:20:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXkMYQdDei-u for <dnsop@ietfa.amsl.com>; Mon, 14 Jun 2021 16:19:59 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 548F23A12C0 for <dnsop@ietf.org>; Mon, 14 Jun 2021 16:19:58 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3]) by mail.hardakers.net (Postfix) with ESMTPA id D53F226D54; Mon, 14 Jun 2021 16:19:56 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Tony Finch <dot@dotat.at>
Cc: Wes Hardaker <wjhns1@hardakers.net>, Vladimír Čun át <vladimir.cunat+ietf@nic.cz>, DNSOP Working Group <dnsop@ietf.org>
References: <bfaa3ab3-3d96-dcec-a175-5803de03d852@NLnetLabs.nl> <eb62e04b-2511-ac14-b2e1-c29eab64acfc@nic.cz> <yblwns5ckje.fsf@w7.hardakers.net> <d72220fe-8a6b-d8e6-8b3-1749faddb4fb@dotat.at> <ybl1ra0axfa.fsf@w7.hardakers.net> <a71a566c-2933-4cbe-dafa-7d634415a92@dotat.at>
Date: Mon, 14 Jun 2021 16:19:56 -0700
In-Reply-To: <a71a566c-2933-4cbe-dafa-7d634415a92@dotat.at> (Tony Finch's message of "Tue, 25 May 2021 11:17:20 +0100")
Message-ID: <ybl1r94c9ur.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ywpMKF1NKDU-kCtaEWrF73ns_W0>
Subject: Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 23:20:04 -0000

Tony Finch <dot@dotat.at> writes:

> The text you wrote is exactly the kind of thing I was thinking of:
> 
> > Operators of secondary services should advertise the parameter caps
> > their servers will support. Primaries need to ensure that secondaries
> > support the NSEC3 parameters they expect to use in their zones.
> > Primaries, after changing parameters, should query their secondaries
> > with appropriate known non-existent queries to verify the secondary
> > servers are responding as expected.

FYI, I did put text in that hopefully will fulfill your requirements.
Hope to get a new version out soon.
-- 
Wes Hardaker
USC/ISI