Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
Tony Finch <dot@dotat.at> Mon, 14 May 2018 11:15 UTC
Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4166C12DA16 for <doh@ietfa.amsl.com>; Mon, 14 May 2018 04:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_7t2SDtc3rL for <doh@ietfa.amsl.com>; Mon, 14 May 2018 04:15:38 -0700 (PDT)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40.csi.cam.ac.uk [131.111.8.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B435812DA14 for <doh@ietf.org>; Mon, 14 May 2018 04:15:38 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:38724) by ppsw-40.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.138]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1fIBS4-000y8R-kq (Exim 4.89_2) (return-path <dot@dotat.at>); Mon, 14 May 2018 12:15:36 +0100
Date: Mon, 14 May 2018 12:15:36 +0100
From: Tony Finch <dot@dotat.at>
To: Paul Hoffman <paul.hoffman@icann.org>
cc: Miek Gieben <miek@miek.nl>, DoH WG <doh@ietf.org>
In-Reply-To: <71E8902F-9297-45D2-80E0-064EF75D5AFE@icann.org>
Message-ID: <alpine.DEB.2.11.1805141214560.1809@grey.csi.cam.ac.uk>
References: <15A1809C-2CA3-4A3B-A5B1-279227C30223@icann.org> <3E34581E-E2DC-48B7-A4AD-6B9FDA418179@icann.org> <31900328-8813-47D3-9F89-0B863CE673B3@mnot.net> <20180508094545.itl6cvpsekzrpxs4@miek.nl> <71E8902F-9297-45D2-80E0-064EF75D5AFE@icann.org>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/eHQQWckc-6EcPol1-9ns_ESf17s>
Subject: Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 11:15:41 -0000
Paul Hoffman <paul.hoffman@icann.org> wrote: > > To me, "may use the time remaining before expiration" does not sound a > requirement, or even an expectation. RFC 4035, section 5.3.3 If the resolver accepts the RRset as authentic, the validator MUST set the TTL of the RRSIG RR and each RR in the authenticated RRset to a value no greater than the minimum of: o the RRset's TTL as received in the response; o the RRSIG RR's TTL as received in the response; o the value in the RRSIG RR's Original TTL field; and o the difference of the RRSIG RR's Signature Expiration time and the current time. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ South Fitzroy: Northerly 4 or 5, occasionally 6 in southeast. Moderate, occasionally rough. Rain at times. Moderate or good.
- [Doh] Does the HTTP freshness lifetime need to ma… Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Miek Gieben
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Patrick McManus
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Patrick McManus
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Ben Schwartz
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Ted Hardie
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Martin Thomson
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch