Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt
Nils Wisiol <nils@desec.io> Tue, 09 November 2021 11:12 UTC
Return-Path: <nils@desec.io>
X-Original-To: dnssec-bootstrapping@ietfa.amsl.com
Delivered-To: dnssec-bootstrapping@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0A13A0EBF; Tue, 9 Nov 2021 03:12:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqax3qv9w9OI; Tue, 9 Nov 2021 03:12:06 -0800 (PST)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6327F3A07F4; Tue, 9 Nov 2021 03:12:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:MIME-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OFSy7t7pt2p0J2FvPzqfQbj9eHfLrxHFjiDFvFXm9eQ=; b=ko8gUfjr4iPnbzQuy7dIFDIZ5e NZSGVNY7Ie60C2jLTW1UcJjz2iQldIF0HWaL2oSIwnnHOAfgDiGlcA0swbAvwMJSC2fU1VyJdUQ5B l/g+HwyLbsRemcQuSjzVkWaXODqH/6FXH6Sz6Bc9cSwDaAMgIZ0LFx/FPOajXabgfU2Up949QmL/9 dp+nRW7mWYdiA0k4oXZGrkpsMT69sHbcraOgtuekBpMMNk7fX7wZgMdd+qJFKRYyf3lt++BEn2wIl PvJs1ijtXfzri3eBs2A+RvAwJcxanaE+9/ggE7yQ/SWjER3T1V432tEPUXq3Nyp/j0VYSmRv632Ud rWx8tCTQ==;
Received: from [2a02:8109:b03f:e20c:ca7c:e1af:283f:5901] (helo=tp) by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <nils@desec.io>) id 1mkP1O-00058v-P8; Tue, 09 Nov 2021 12:11:59 +0100
Message-ID: <24464c8a5239206b8329d33db9c6ea3dfc46164c.camel@desec.io>
From: Nils Wisiol <nils@desec.io>
To: Peter Thomassen <peter@desec.io>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, dnssec-bootstrapping@ietf.org
Date: Tue, 09 Nov 2021 12:10:33 +0100
In-Reply-To: <37fa7324-643a-9c3c-4256-97abe52f1118@desec.io>
References: <163520620129.17275.16274772439094875607@ietfa.amsl.com> <91154628-0ca3-15d8-c6bd-b71232b2e64b@desec.io> <8d3b2ae-70e3-74b4-40a0-70e848acc4aa@nohats.ca> <66e2a81b-b971-cdea-0f40-cfed68be574f@desec.io> <705c1434-532-6840-8ae4-545bde91822@nohats.ca> <37fa7324-643a-9c3c-4256-97abe52f1118@desec.io>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5-0ubuntu1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssec-bootstrapping/OmVDAbBydNBC4G4siiAuY4p0LUg>
Subject: Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt
X-BeenThere: dnssec-bootstrapping@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Authenticated Bootstrapping of DNSSEC Delegations <dnssec-bootstrapping.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssec-bootstrapping>, <mailto:dnssec-bootstrapping-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssec-bootstrapping/>
List-Post: <mailto:dnssec-bootstrapping@ietf.org>
List-Help: <mailto:dnssec-bootstrapping-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssec-bootstrapping>, <mailto:dnssec-bootstrapping-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:12:11 -0000
On Tue, 2021-11-09 at 04:55 +0100, Peter Thomassen wrote: > The problem occurs because bootstrapping records cannot be at the > apex (as to not overload the meaning of apex CDS/CDNSKEY records), > but by "inheriting" the structure under dedyn.io, a situation arises > where this condition is not met. Following Peter's argument, a solution that avoids hashing requires to use new record types for bootstrapping in order to avoid confusion with the original meaning of CDS/CDNSKEY records. This would increase implementation work for the proposal quite a lot, as currently no changes to popular auth NS software is needed. Nils -- deSEC e.V. · Kyffhäuserstr. 5 · 10781 Berlin · Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525
- [DNSSEC-Bootstrapping] Fwd: New Version Notificat… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Nils Wisiol
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Christian Elmerot
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Bob Harold