IETF Logo Mail Archive

Re: [IAB] last call discussion status on draft-iab-2870bis

Andrew Sullivan <ajs@anvilwalrusden.com> Thu, 05 March 2015 23:28 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D1741A908C for <ietf@ietfa.amsl.com>; Thu, 5 Mar 2015 15:28:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.259
X-Spam-Level: *
X-Spam-Status: No, score=1.259 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQH8xXQwbm61 for <ietf@ietfa.amsl.com>; Thu, 5 Mar 2015 15:28:09 -0800 (PST)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 127451A9081 for <ietf@ietf.org>; Thu, 5 Mar 2015 15:28:08 -0800 (PST)
Received: from mx1.yitter.info (unknown [50.189.173.0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 1953A8A031; Thu, 5 Mar 2015 23:28:07 +0000 (UTC)
Date: Thu, 05 Mar 2015 18:28:07 -0500
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: Mark Andrews <marka@isc.org>
Subject: Re: [IAB] last call discussion status on draft-iab-2870bis
Message-ID: <20150305232806.GG1197@mx1.yitter.info>
References: <20140520204238.21772.64347.idtracker@ietfa.amsl.com> <500031A0-DF45-409E-AACB-F79C32032E38@viagenie.ca> <4B545BEB-EA0E-4BA8-A45E-15AF12CDB1EC@piuha.net> <20150305044122.4185F2AEEC2D@rock.dv.isc.org> <EC564286-9A5E-4702-A8ED-B2C8E404E68A@piuha.net> <6056F80B-2188-4E52-AE18-35E84BA98147@vpnc.org> <20150305214829.014352AF885A@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150305214829.014352AF885A@rock.dv.isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/NyP2Js2MIm3uUOF9qjayQSN0o5k>
Cc: IAB <iab@iab.org>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF Discussion List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 23:28:10 -0000

On Fri, Mar 06, 2015 at 08:48:27AM +1100, Mark Andrews wrote:
> required.  Yes, there are servers that do DNSSEC but don't correctly
> handle DO (it is not echoed in the response).  The current root
> servers are do not exibit this mis-behaviour.  This however comes
> from requiring DNSSEC support not EDNS support.

I would like to understand exactly what you mean by, "Do DNSSEC but
don't correctly handle DO."  That sounds to me like the kind of do
DNSSEC, not that they do it properly.  DNSSEC requires EDNS0, full
stop; therefore any additional text on the matter is unnecessary.

Moreover, see upthread the exchange between Bill Manning and John
Klensin.  I think if we have a root server operator that starts
running some dodgy implementation of some name server code, the root
server operators are going to have a worse day of it than the IETF.  I
think we should specify exactly what we need and no more.  Since
DNSSEC entails EDNS0 support, we're done.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email