Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext-dns-name-p-s-01
Brian E Carpenter <brc@zurich.ibm.com> Wed, 14 December 2005 10:42 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EmU5Q-00043U-5n; Wed, 14 Dec 2005 05:42:16 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EmU5O-00042u-R4 for gen-art@megatron.ietf.org; Wed, 14 Dec 2005 05:42:14 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA02957 for <gen-art@ietf.org>; Wed, 14 Dec 2005 05:41:06 -0500 (EST)
Received: from mtagate1.de.ibm.com ([195.212.29.150]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EmU6P-0000A0-2F for gen-art@ietf.org; Wed, 14 Dec 2005 05:43:18 -0500
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate1.de.ibm.com (8.12.10/8.12.10) with ESMTP id jBEAfjec123664 for <gen-art@ietf.org>; Wed, 14 Dec 2005 10:41:46 GMT
Received: from d12av01.megacenter.de.ibm.com (d12av01.megacenter.de.ibm.com [9.149.165.212]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id jBEAfjCw159658 for <gen-art@ietf.org>; Wed, 14 Dec 2005 11:41:45 +0100
Received: from d12av01.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av01.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id jBEAfjeo012884 for <gen-art@ietf.org>; Wed, 14 Dec 2005 11:41:45 +0100
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d12av01.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id jBEAfiVJ012869; Wed, 14 Dec 2005 11:41:44 +0100
Received: from zurich.ibm.com (sig-9-145-128-35.de.ibm.com [9.145.128.35]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id LAA68102; Wed, 14 Dec 2005 11:41:43 +0100
Message-ID: <439FF6E4.9090503@zurich.ibm.com>
Date: Wed, 14 Dec 2005 11:41:40 +0100
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, fr, de
MIME-Version: 1.0
To: Geoffrey Sisson <geoff@nominet.org.uk>
Subject: Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext-dns-name-p-s-01
References: <200512141020.jBEAKSW0005388@staff.nominet.org.uk>
In-Reply-To: <200512141020.jBEAKSW0005388@staff.nominet.org.uk>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 36c793b20164cfe75332aa66ddb21196
Content-Transfer-Encoding: 7bit
Cc: Olaf Kolkman <olaf@nlnetlabs.nl>, ben@algroup.co.uk, Margaret Wasserman <margaret@thingmagic.com>, General Area Review Team <gen-art@ietf.org>, Olafur Gudmundsson <ogud@ogud.com>
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
The change you suggest reads OK, but please wait until Margaret gives you guidance. Brian Geoffrey Sisson wrote: > "Spencer Dawkins" <spencer@mcsr-labs.org> wrote: > > >>>>Where did the uppercase US-ASCII letters come from? (I thought they had >>>>already been replaced)... There is similar text in 3.1.2, 3.2.1, and >>>>3.2.2 >>>>(they are pretty much symmetrical), and further into 4.2. If (3) said >>>>"lowercase have already been replaced by uppercase", all this would make >>>>perfect sense to me - am I misunderstanding? >>> >>>You're correct that all uppercase US-ASCII letters in the domain name >>>have been converted to lowercase. However, an uppercase letter may be >>>encountered when incrementing (3.1.2.3 and 3.2.2.3) or decrementing >>>(3.1.1.4 and 3.2.1.4) an octet. For example, if an octet contains '@' >>>and it gets incremented, the new value would be 'A'. Similarly, if an >>>octet contains '[' and it gets decremented, the new value would be >>>'Z'. To maintain canonical sort order, these value must be skipped, >>>i.e. increment('@') -> '[' and decrement('[') -> '@'. >> >>If this is normal DNS-speak, I apologize for my lack of knowledge, but >>"skipped" confused me; I thought you were talking about skipping an octet in >>the domain name, but you are talking about redefining "increment" and >>"decrement" for specific octet values - did I understand correctly? If so, >>perhaps this could be a little more obvious - something like >> >> 4. Decrement the value of the least significant (right-most) octet >> of the least significant (left-most) label, repeating until the >>resulting octet does not >> correspond to uppercase US-ASCII letters, and then append >> the least significant (left-most) label with as many octets as >> possible of the maximum sort value. Continue to the next step. >> >>Again, if everyone in DNS land knows what you meant, that's fine - it just >>confuses visitors :-) > > > Thanks for the suggested text; however I'd be concerned that it might > lead the reader to infer that results with uppercase values were > typical rather than atypical. > > When drafting the document, I considered alternative wordings of this > item, but all seemed to have the effect of reducing rather than > enhancing clarity. > > >>>>In section 4.1. "Test for Existence", why is the following text saying >>>>"should reflect"? I'm wandering around "should/SHOULD" and "must/MUST" >>>>here. >>>>If it IS "should/SHOULD", when is it OK for the synthesized NSEC RR to >>>>NOT >>>>reflect the RRset types that exist? >>>> >>>> If it does, either a standard non-synthesised NSEC RR >>>> should be used, or the synthesised NSEC RR should reflect the RRset >>>> types that exist at the NSEC RR's owner name in the Type Bit Map >>>> field as specified by Section 4.1.2 of [RFC4034]. >>> >>>We avoided RFC 2119 key words in draft-ietf-dnsext-dns-name-p-s as we >>>thought that otherwise things might get messy. In view of your >>>observations, perhaps it would make sense to drop Section 4.1 from the >>>document altogether? >> >>I'm sorry, I conflated two comments here. My real question was "when is it >>OK for the synthesized NSEC RR to NOT >>reflect the RRset types that exist?". > > > draft-ietf-dnsext-dnssec-online-signing states: "if an existing name > is used as the NSEC owner name, that name's real NSEC record MUST be > returned". > > Perhaps Section 4.1 should be modified as follows: > > OLD: > > Before using the result of P(N) or P'(N) as the owner name of an NSEC > RR in a DNS response, a name server should test to see whether the > name exists. If it does, either a standard non-synthesised NSEC RR > should be used, or the synthesised NSEC RR should reflect the RRset > types that exist at the NSEC RR's owner name in the Type Bit Map > field as specified by Section 4.1.2 of [RFC4034]. Implementors will > likely find it simpler to use a non-synthesised NSEC RR. For further > details see Section 2 of [I-D.ietf-dnsext-dnssec-online-signing]. > > NEW: > > [I-D.ietf-dnsext-dnssec-online-signing] states: "if an existing name > is used as the NSEC owner name, that name's real NSEC record MUST be > returned". Consequently, before using the result of P(N) or P'(N) > as the owner name of an NSEC RR in a DNS response, a name server > which implements [I-D.ietf-dnsext-dnssec-online-signing] will need > to test to see whether the name exists. If it does, either a > standard non-synthesised NSEC RR may be used, or the synthesised > NSEC RR will need to reflect the RRset types that exist at the NSEC > RR's owner name in the Type Bit Map field as specified by Section > 4.1.2 of [RFC4034]. Implementors will likely find it simpler to use > a non-synthesised NSEC RR. For further details see Section 2 of > [I-D.ietf-dnsext-dnssec-online-signing]. > > Regards > > Geoff > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www1.ietf.org/mailman/listinfo/gen-art > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART Review of draft-ietf-dnsext-dns… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dn… Brian E Carpenter
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins