Re: [DNSOP] Last Call: <draft-ietf-dnsop-negative-trust-anchors-10.txt> (Definition and Use of DNSSEC Negative Trust Anchors) to Informational RFC
"Joe Abley" <jabley@hopcount.ca> Tue, 09 June 2015 15:29 UTC
Return-Path: <jabley@hopcount.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5E71A8888 for <ietf@ietfa.amsl.com>; Tue, 9 Jun 2015 08:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UO2IoHdb6S45 for <ietf@ietfa.amsl.com>; Tue, 9 Jun 2015 08:29:18 -0700 (PDT)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26E321A8871 for <ietf@ietf.org>; Tue, 9 Jun 2015 08:29:18 -0700 (PDT)
Received: by igbsb11 with SMTP id sb11so14177711igb.0 for <ietf@ietf.org>; Tue, 09 Jun 2015 08:29:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=gGTXo+m4x0jhtaPPGFTO13iMCMGslO7aebtoKibpghc=; b=N6DpGWLc5Bi9DHsJClAa2eaA7kaU+43BTcSh7ZG524TtmHoofej90cfb1O9oDNnV5W UEUZi7kOw5gLHx3QX5gLG1rUl8FjuT+38+0P6mbscLY9UaHGUtYWxv5abwQc0bcIAmuM n2lwnz/KxPakyREz6s5RpY4OpBeymejiKvFgk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=gGTXo+m4x0jhtaPPGFTO13iMCMGslO7aebtoKibpghc=; b=G4k3gmO2w1QyvJ+UcfeGE4AcGaR7jm2mdp29hd+hkPzvWY2QXNx5FuunalTEs3F3yA IKDaJ1itqbe6vYHsFxMYGiGZiAxK6ty+SVC8oC14PKpdiOKZsOpfHVBTa++70uMNA48l 4DUlQC6R4Gsiqu6x5ZnIeVTveltS+6+J7i8qWCQD3GPADAygeALUuUYpD4naEcuT4UlH 0UeiFHlm2y11GPB4LCZ+iJe17Rf6/PXwel50Lx3JYdg7E1UMSEVi4fijLVo9mRd4zsHG 9cOOeaiOTdzl3qJTPU4sfyqsA2XzISBmNN09xLAqFNk8zsn0kophv8rSzxEGDtpKg1Xp kpTA==
X-Gm-Message-State: ALoCoQmCK0P7oF1tmKsO8ktq2r7e3wubHzfNKaEjbgKticIkSYAFyeEZULdjc2Rej7zYSdlWdUi8
X-Received: by 10.50.39.105 with SMTP id o9mr21200381igk.39.1433863757512; Tue, 09 Jun 2015 08:29:17 -0700 (PDT)
Received: from [199.212.92.103] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by mx.google.com with ESMTPSA id o9sm4103347ioe.35.2015.06.09.08.29.16 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 09 Jun 2015 08:29:16 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
To: ietf@ietf.org
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-negative-trust-anchors-10.txt> (Definition and Use of DNSSEC Negative Trust Anchors) to Informational RFC
Date: Tue, 09 Jun 2015 11:29:16 -0400
Message-ID: <BE1C09F7-B143-48E3-B6D5-A291B1BEE0E6@hopcount.ca>
In-Reply-To: <20150609125826.2862.7677.idtracker@ietfa.amsl.com>
References: <20150609125826.2862.7677.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_4BABFC18-513F-4ADC-9AA1-91E1439F4E90_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/cZpgLf25lvlgVTPX-QWE7jTg4tg>
Cc: dnsop@ietf.org, IETF-Announce <ietf-announce@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2015 15:29:20 -0000
On 9 Jun 2015, at 8:58, The IESG wrote:
> The IESG has received a request from the Domain Name System Operations WG
> (dnsop) to consider the following document:
> - 'Definition and Use of DNSSEC Negative Trust Anchors'
> <draft-ietf-dnsop-negative-trust-anchors-10.txt> as Informational RFC
I have read this document. The topic under discussion is a useful one, it is described clearly and well, and I support this document proceeding. I have some minor suggestions for improvement, but nothing substantial.
In section 1, the document uses normative-sounding language ("should not") and seems to direct the IANA not to do something. The normative-sounding direction is further extended to all other organisations. I understand the intent here, but the advice seems a little jarring; any IETF document can provide advice and recommendations without enforcement (informational documents arguably more so). Perhaps this could be rephrased to make it clear that the document is providing recommendations about how to implement and manage negative trust anchors rather than laying down the law.
In section 1.2 the document refers to a "domain administrator", when in the context of DNSSEC I think it means a "zone administrator".
In section 7 the document refers to "dnscheck", which I understand is no longer being maintained and has been replaced with "zonemaster". See <http://www.zonemaster.fr>, for example.
Joe
- Re: Last Call: <draft-ietf-dnsop-negative-trust-a… A. Schulze
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-negative… Joe Abley
- Re: Last Call: <draft-ietf-dnsop-negative-trust-a… Warren Kumari
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-negative… Warren Kumari