Gen-ART review of draft-ietf-dnsext-dnssec-bis-updates-18
Richard L. Barnes <rbarnes@bbn.com> Fri, 25 May 2012 21:02 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0058F21F87F7; Fri, 25 May 2012 14:02:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KX6I3a8nQbuy; Fri, 25 May 2012 14:02:31 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 48BFC21F87F1; Fri, 25 May 2012 14:02:31 -0700 (PDT)
Received: from ros-dhcp192-1-51-6.bbn.com ([192.1.51.6]:55969) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1SY1e1-00054m-T0; Fri, 25 May 2012 17:01:57 -0400
From: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Gen-ART review of draft-ietf-dnsext-dnssec-bis-updates-18
Date: Fri, 25 May 2012 17:02:28 -0400
Message-Id: <EBFB2D2E-78FF-46D6-B4FF-1F57FB8D769B@bbn.com>
To: IESG <iesg@ietf.org>, ietf@ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
Cc: draft-ietf-dnsext-dnssec-bis-updates@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 21:02:32 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-dnsext-dnssec-bis-updates-18 Reviewer: Richard Barnes Review Date: May-25-2012 IETF LC End Date: Not known IESG Telechat date: Jan-05-2012 Summary: Almost ready, couple of questions MAJOR: 4.1. It's not clear what the threat model is that this section is designed to address. If the zone operator is malicious, then it can simulate the necessary zone cut and still prove the non-existence of records in the child zone. 5.10. I find the recommendation of the "Accept Any Success" policy troubling. It deals very poorly with compromise (and other roll-over scenarios): Suppose there are two trust anchors, one for example.com and one for child.example.com. If the private key corresponding to the TA for child.example.com is compromised, but the validator continues to trust it, this negates the benefit provided by the parent (example.com) facilitating a rollover. Suggest an alternative policy, "Highest Signer": Out of the set of keys configured as TAs, the validator only uses a key as a TA (for purposes of validation) if there does not exist a DNSSEC path from it to any other TA. This policy seems like more work to enforce (because you have to do more backward chaining), but ISTM that the validator should have the necessary DNSSEC records anyway, so it's just a matter a couple of quick checks.
- Gen-ART review of draft-ietf-dnsext-dnssec-bis-up… Richard L. Barnes
- Re: Gen-ART review of draft-ietf-dnsext-dnssec-bi… Andrew Sullivan
- Re: Gen-ART review of draft-ietf-dnsext-dnssec-bi… Richard L. Barnes
- Re: [dnsext] Gen-ART review of draft-ietf-dnsext-… Blacka, David