IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Paul Hoffman <paul.hoffman@icann.org> Wed, 06 January 2021 21:30 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACE233A12AB for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 13:30:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aK8alF3qVBYu for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 13:30:18 -0800 (PST)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2CE43A129F for <dnsop@ietf.org>; Wed, 6 Jan 2021 13:30:18 -0800 (PST)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa3.lax.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 106LUIws017276 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Wed, 6 Jan 2021 21:30:18 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.721.2; Wed, 6 Jan 2021 13:30:17 -0800
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0721.006; Wed, 6 Jan 2021 13:30:17 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
Thread-Index: AQHW2iK2rfUUDm/KeUelowK7yn3CSKoIyneAgAhMdACAAANcgIABNPEAgAAFwYCAATXPAIAABD6AgAASRACAAAxFgIAEPoEAgAAZtICAABZjgIAAEf0AgAAKiwCAAAQagIABDUMAgAFEeQCAALvYgIAAUEeAgAAajwCAAALjAA==
Date: Wed, 06 Jan 2021 21:30:17 +0000
Message-ID: <BE8EEAE6-A33A-41FF-908E-821FB3850422@icann.org>
References: <CADZyTkn1QuvjencR8+wVtQ9bzQHJT9JXXNku1LPr3YRmRt4KQg@mail.gmail.com> <CABcZeBMr5Muijx5V7Se1UcxTB9DbAzF1iXZb7_FzEGfw982x8w@mail.gmail.com> <65e3288d-bdfe-ff10-2fbc-63a5d2dd9508@cs.tcd.ie> <797AAE77-2D50-4189-81D8-44BA495146F5@icann.org> <546e60c6-b109-8552-dfb4-7d3ba2ecbc71@cs.tcd.ie> <E58B4013-9491-43ED-83C9-250FF7647570@icann.org> <0746397c-ed85-429c-ff6e-a4a559520e86@cs.tcd.ie> <487928351.1557.1609759876775@appsuite-gw1.open-xchange.com> <60ba1f68-b07f-7a06-539f-60ce442ffbff@cs.tcd.ie> <195eb4c7-306f-97e1-b0df-f6678ebe732@nohats.ca> <ebb27f27-a243-67cd-2b5c-d2ecea741942@cs.tcd.ie> <24505bb1-cf40-25a7-337c-9b50fedfedc1@nohats.ca> <98299ffc-056b-16ee-1929-78543f5ec6d5@cs.tcd.ie> <F66DA99B-910E-4324-895D-F617B447612F@gmail.com> <CAHbrMsAqNXENeP2AdkEs7OC+YL6_z9VU89B7mNu3qOFBc7PQ=A@mail.gmail.com> <3a914ab5-2744-cec0-bbc8-bf39ec64a051@nohats.ca> <CAHbrMsDAMsXzAhcu35_GqL54JNF2jO-HhYWEZyE2VLP=V8dN5A@mail.gmail.com> <47a8a8df-c4d8-78e-ec5e-cfdc6daea130@nohats.ca>
In-Reply-To: <47a8a8df-c4d8-78e-ec5e-cfdc6daea130@nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_7F08DCD3-9C83-435B-BBBF-111533D31E39"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-06_12:2021-01-06, 2021-01-06 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ziipqWZa3ZPQ83NnwPvyNhiXkv4>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 21:30:20 -0000

On Jan 6, 2021, at 1:19 PM, Paul Wouters <paul@nohats.ca> wrote:
> Remember also that TLS ciphers are negotiated.

A better analogy might be "although TLS key exchange and encryption ciphers are negotiated, the signing algorithm on the server's certificate is not negotiated". DNSSEC signing is much more akin to the latter, I think.

> There is no negotiation
> in DNSSEC.

Quite right, just as there is no negotiation for the authentication in TLS.

--Paul Hoffman

v2.43.4 | Report a Bug | By Email | System Status