Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext-dns-name-p-s-01
Brian E Carpenter <brc@zurich.ibm.com> Wed, 14 December 2005 10:42 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EmU5Q-00043U-5n; Wed, 14 Dec 2005 05:42:16 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EmU5O-00042u-R4 for gen-art@megatron.ietf.org; Wed, 14 Dec 2005 05:42:14 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA02957 for <gen-art@ietf.org>; Wed, 14 Dec 2005 05:41:06 -0500 (EST)
Received: from mtagate1.de.ibm.com ([195.212.29.150]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EmU6P-0000A0-2F for gen-art@ietf.org; Wed, 14 Dec 2005 05:43:18 -0500
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate1.de.ibm.com (8.12.10/8.12.10) with ESMTP id jBEAfjec123664 for <gen-art@ietf.org>; Wed, 14 Dec 2005 10:41:46 GMT
Received: from d12av01.megacenter.de.ibm.com (d12av01.megacenter.de.ibm.com [9.149.165.212]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id jBEAfjCw159658 for <gen-art@ietf.org>; Wed, 14 Dec 2005 11:41:45 +0100
Received: from d12av01.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av01.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id jBEAfjeo012884 for <gen-art@ietf.org>; Wed, 14 Dec 2005 11:41:45 +0100
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d12av01.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id jBEAfiVJ012869; Wed, 14 Dec 2005 11:41:44 +0100
Received: from zurich.ibm.com (sig-9-145-128-35.de.ibm.com [9.145.128.35]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id LAA68102; Wed, 14 Dec 2005 11:41:43 +0100
Message-ID: <439FF6E4.9090503@zurich.ibm.com>
Date: Wed, 14 Dec 2005 11:41:40 +0100
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, fr, de
MIME-Version: 1.0
To: Geoffrey Sisson <geoff@nominet.org.uk>
Subject: Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext-dns-name-p-s-01
References: <200512141020.jBEAKSW0005388@staff.nominet.org.uk>
In-Reply-To: <200512141020.jBEAKSW0005388@staff.nominet.org.uk>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 36c793b20164cfe75332aa66ddb21196
Content-Transfer-Encoding: 7bit
Cc: Olaf Kolkman <olaf@nlnetlabs.nl>, ben@algroup.co.uk, Margaret Wasserman <margaret@thingmagic.com>, General Area Review Team <gen-art@ietf.org>, Olafur Gudmundsson <ogud@ogud.com>
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
The change you suggest reads OK, but please wait until
Margaret gives you guidance.
Brian
Geoffrey Sisson wrote:
> "Spencer Dawkins" <spencer@mcsr-labs.org> wrote:
>
>
>>>>Where did the uppercase US-ASCII letters come from? (I thought they had
>>>>already been replaced)... There is similar text in 3.1.2, 3.2.1, and
>>>>3.2.2
>>>>(they are pretty much symmetrical), and further into 4.2. If (3) said
>>>>"lowercase have already been replaced by uppercase", all this would make
>>>>perfect sense to me - am I misunderstanding?
>>>
>>>You're correct that all uppercase US-ASCII letters in the domain name
>>>have been converted to lowercase. However, an uppercase letter may be
>>>encountered when incrementing (3.1.2.3 and 3.2.2.3) or decrementing
>>>(3.1.1.4 and 3.2.1.4) an octet. For example, if an octet contains '@'
>>>and it gets incremented, the new value would be 'A'. Similarly, if an
>>>octet contains '[' and it gets decremented, the new value would be
>>>'Z'. To maintain canonical sort order, these value must be skipped,
>>>i.e. increment('@') -> '[' and decrement('[') -> '@'.
>>
>>If this is normal DNS-speak, I apologize for my lack of knowledge, but
>>"skipped" confused me; I thought you were talking about skipping an octet in
>>the domain name, but you are talking about redefining "increment" and
>>"decrement" for specific octet values - did I understand correctly? If so,
>>perhaps this could be a little more obvious - something like
>>
>> 4. Decrement the value of the least significant (right-most) octet
>> of the least significant (left-most) label, repeating until the
>>resulting octet does not
>> correspond to uppercase US-ASCII letters, and then append
>> the least significant (left-most) label with as many octets as
>> possible of the maximum sort value. Continue to the next step.
>>
>>Again, if everyone in DNS land knows what you meant, that's fine - it just
>>confuses visitors :-)
>
>
> Thanks for the suggested text; however I'd be concerned that it might
> lead the reader to infer that results with uppercase values were
> typical rather than atypical.
>
> When drafting the document, I considered alternative wordings of this
> item, but all seemed to have the effect of reducing rather than
> enhancing clarity.
>
>
>>>>In section 4.1. "Test for Existence", why is the following text saying
>>>>"should reflect"? I'm wandering around "should/SHOULD" and "must/MUST"
>>>>here.
>>>>If it IS "should/SHOULD", when is it OK for the synthesized NSEC RR to
>>>>NOT
>>>>reflect the RRset types that exist?
>>>>
>>>> If it does, either a standard non-synthesised NSEC RR
>>>> should be used, or the synthesised NSEC RR should reflect the RRset
>>>> types that exist at the NSEC RR's owner name in the Type Bit Map
>>>> field as specified by Section 4.1.2 of [RFC4034].
>>>
>>>We avoided RFC 2119 key words in draft-ietf-dnsext-dns-name-p-s as we
>>>thought that otherwise things might get messy. In view of your
>>>observations, perhaps it would make sense to drop Section 4.1 from the
>>>document altogether?
>>
>>I'm sorry, I conflated two comments here. My real question was "when is it
>>OK for the synthesized NSEC RR to NOT
>>reflect the RRset types that exist?".
>
>
> draft-ietf-dnsext-dnssec-online-signing states: "if an existing name
> is used as the NSEC owner name, that name's real NSEC record MUST be
> returned".
>
> Perhaps Section 4.1 should be modified as follows:
>
> OLD:
>
> Before using the result of P(N) or P'(N) as the owner name of an NSEC
> RR in a DNS response, a name server should test to see whether the
> name exists. If it does, either a standard non-synthesised NSEC RR
> should be used, or the synthesised NSEC RR should reflect the RRset
> types that exist at the NSEC RR's owner name in the Type Bit Map
> field as specified by Section 4.1.2 of [RFC4034]. Implementors will
> likely find it simpler to use a non-synthesised NSEC RR. For further
> details see Section 2 of [I-D.ietf-dnsext-dnssec-online-signing].
>
> NEW:
>
> [I-D.ietf-dnsext-dnssec-online-signing] states: "if an existing name
> is used as the NSEC owner name, that name's real NSEC record MUST be
> returned". Consequently, before using the result of P(N) or P'(N)
> as the owner name of an NSEC RR in a DNS response, a name server
> which implements [I-D.ietf-dnsext-dnssec-online-signing] will need
> to test to see whether the name exists. If it does, either a
> standard non-synthesised NSEC RR may be used, or the synthesised
> NSEC RR will need to reflect the RRset types that exist at the NSEC
> RR's owner name in the Type Bit Map field as specified by Section
> 4.1.2 of [RFC4034]. Implementors will likely find it simpler to use
> a non-synthesised NSEC RR. For further details see Section 2 of
> [I-D.ietf-dnsext-dnssec-online-signing].
>
> Regards
>
> Geoff
>
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www1.ietf.org/mailman/listinfo/gen-art
>
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART Review of draft-ietf-dnsext-dns… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- Re: [Gen-art] Re: Gen-ART Review of draft-ietf-dn… Brian E Carpenter
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Geoffrey Sisson
- [Gen-art] Re: Gen-ART Review of draft-ietf-dnsext… Spencer Dawkins