IETF Logo Mail Archive

Re: [Last-Call] Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04

Corey Bonnell <Corey.Bonnell@digicert.com> Wed, 05 July 2023 18:46 UTC

Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C92E4C15106E; Wed, 5 Jul 2023 11:46:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZnK5iG4qHdV; Wed, 5 Jul 2023 11:46:12 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2110.outbound.protection.outlook.com [40.107.220.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5775C14CF17; Wed, 5 Jul 2023 11:46:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QkD7r1f7Qw08vJXoQeTJFOUyOd1NcSIK5BVj/feTEUx+q7vSLVsqEhzooI1jZc8Q2ZPguDAWdUdoBqHi97+qSrx4W0iqYWmREdl3/uwZ/oVNNhco0RwL06A8cj1OHcN1KxFkrA8FyD/Z4AY7xkAvy7nPoC9+v1VJxNMMqvDcYdDAYW5knivECneW29899jKb/pgKKHbjKmg52jGGdNJfNP3NmlzdopmrreYberO32ylUApoyX/VXOqdLaLvW6F/xVmbgkiH+uBpe24FBNQGSMPE5Cu7Qn8biMewHYSn/ms5dfhpjFKgMg93UhHVChBniskSEMWDOCETuBbLnN/lmyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GONIFNCmZq0WoNwH5PA6ycbQ7nXs/inem744BpR8Qi4=; b=P6IqoP+qnG52YdjabQXawGH9N6gEfcu/7a/TBOehBypiBlXxXsDjmRL8noQcuqLO962NzdyBNBN044uh18+oX+68e+6b7fhJ88uILjros1FFdM/hCmaIgXkJQqlw889rOTxWeKvgdCkzSD00Om8VUcyUxTn5WzqbxkOnmTkcIArC6YndgHStA3+vpxRm9U8MdYsUETBA632tHFHdMculKAIuj/PozDhZDEOwCuIjdR9VqaPYX6qPovUHcEV1i5OJ5w6ZuEuUwMHC+ebPbmighO4jg9o3USa3oINzQT82Oy9QzqdBem100vDlpyzXUAictdWmEjTBTflir/XOS+PeQg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GONIFNCmZq0WoNwH5PA6ycbQ7nXs/inem744BpR8Qi4=; b=t8apGuMq26Gru2cv4xrWxmquXpxx6o/0gVzigmBOUf+DvK7hBmWRZCU3/4R+InQHUnO2L2VdC61dMM/St8ZGXZWaHiSJaiCshbYJa5lTKIxmH+2TO6QmsP+ap/n3jps8b5v6TPMvuGumZSLvCPJbV1Z/Md6l7vXsyuvjELCmddt/cPtqMVvwtGq05xeGRZkeM9JFHO2aafsy8YZgCyKxWqeQ7BYj035QV3SxfUxXQiH4AujXHD/zVQRUVR+VBAaiClGqE/OV/jBYGLyzp41+mehL2aHcZBSHI9K8fxjmcVosOCK/Syux+okpXGSW+MhceulN+NqF9X3dKrcEnELNfQ==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by PH0PR14MB4685.namprd14.prod.outlook.com (2603:10b6:510:81::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Wed, 5 Jul 2023 18:46:05 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::d376:41f1:a86a:7399]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::d376:41f1:a86a:7399%4]) with mapi id 15.20.6565.016; Wed, 5 Jul 2023 18:46:04 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: Tim Wicinski <tim@dnsopwg.org>, "dnsdir@ietf.org" <dnsdir@ietf.org>
CC: "draft-ietf-lamps-caa-issuemail.all@ietf.org" <draft-ietf-lamps-caa-issuemail.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04
Thread-Index: AQHZrGYn0bdmynPwyE+5/HjTu/EbTq+rhm/A
Date: Wed, 05 Jul 2023 18:46:04 +0000
Message-ID: <DM6PR14MB21865A8376EE613A4571B6A8922FA@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <168824824729.6276.10280676082913684846@ietfa.amsl.com>
In-Reply-To: <168824824729.6276.10280676082913684846@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR14MB2186:EE_|PH0PR14MB4685:EE_
x-ms-office365-filtering-correlation-id: 6d839c72-7e8f-4c40-b802-08db7d88167a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nkTHZZQu6CyILorFeVx1C7W+LbJ3/Fmj9zarB613ck6t1q1xh3/2szBMy/3RI0xIxaSdMFVErqb1p+fhYuUHNbtT5W0C+mS3KpdMFQ934tmHsSAH8PakV2UJ6QCtM/2juPCRtHYG4PDtF6SphC/tzJSu+ahzo8BYnbEhgDl7G8+KeY6U3SGLVkVCcuBs8vrHr4HeGQBCCSIl5xg/LGAVSz1Hq1ye57dZUqj79oGXFZW0kNm8Vgf66m03lbxD4+clIVFXYjkTvmX62Vuqf7Ozu9tawPnaNUmrJ9DuujwIOgZgycyfbQUi4vzN/V5KoCBd8genLDTf9Tx4/0BJei45hbX8xqKNfB6Kqno+/u6UJ51nl2wz5h3uAVCmzHEVgbO5mf1ZY2VW/P6Ke1Pyrdj8lezYZrPv1zww3gZTs92xc5k9amBHyLQT27nalBsTsj9YjabxQrRCyTQUM59gQqOybvPIDyZI6j6Vi73oIG+Ugjbgxv2hk572u+bjpcqFkZAmI3ciWtH2hvM4Ynzua/xVqmfyKxMI8tZ7x5dRiqR6qXMdMMHFBxm/7Gq1e6Y2xT2iWucB7KzCHvZwI1EBC9WDY7XYSADbM+E/0ncFWX5ZtK0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(136003)(366004)(39850400004)(376002)(346002)(451199021)(4326008)(76116006)(38100700002)(66946007)(66476007)(64756008)(66446008)(66556008)(122000001)(55016003)(186003)(86362001)(478600001)(7696005)(38070700005)(33656002)(71200400001)(9686003)(6506007)(110136005)(53546011)(26005)(966005)(8676002)(8936002)(54906003)(5660300002)(52536014)(2906002)(41300700001)(316002)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: y2g/mwvWB/Ccw+YiDc+3EclKHqCJIiEklsguDiwGFFJL2yuk5SSe37Fe2VL4sqp96OCieSAwnC2mwrFhOi/eHBOmXuXgVMdU0XPT3PwHyq8SFEKmR7304mdV0EE9+28ViewxuobN6PBgEx2tD0OblrTFrCItkPwfWTXSAoIsZ26VFav4jMfy8owT81jrOfyiwuDCC9C0AsBEpuFm0OkVdtmnHN283Xxx8WndDtmLtuMLVuzU6bVrQVug3UmJEtDtWwNArwng9AXi8Pb+Pm5CY4lHJiLVGF8S45QfJHF88FmUP1V81DdrAApmmi7ZrNeWRuywTas06UUzFfl8I7PaLI7hWGSM8FdbZoubb4+eFKoyt79qegxAW4Vjr+B4keUSAjzaMwwdJ/tYxju/WF31qveYOtTWVT7jeOPk1U1csSShKEinTNv4/iuFXCvexridTAlbIRSxJ0Bm2R6Ka0QK+3zgTMBlBrXq8qp2e1PWh3o2JiecAlK5DfcKiaecywKeMfFrOLsARHjZFuYCSfBWRPXZu5NEu/8o0VdRLboXSGj7KClNfYIrX0S1OBscdUIU6A9Ps8+OUjtnN9p2zfjVDE+OL8G2q/TYyl2ORDj2JmwmDk10uHcfYKIEhRg6R6W96nSEc9tXr7BxxFnIy7Avh3lOb9nFh0BeuHVJmLTlueB4yR9TCCUIJfIwTca3ekqEUiGVPPZilOoSP/+QtAhYPSVe6rUuLz3ZOqa05fLRknR02IMWCNebzJViR9U8Av1poAhzNXQXWZJ60fX3K97WbJ9q4Zh919W/xWC3nRK0Z/9XxhY3cBa4NXppj3E3/ILhsieZkMZF6acxvloui9oYC7KpMx27yjyYQpiWo7PMgSqv3PP1hEjgsJHRKphFK+pdPVi1n5sPvrZWlDuwQyTb4XAB5jb3RFK4+1oJF4qmIxehc7N+YLCqHYlsek+35gsNziuzcmFqX0pJduB4hPd9q6ci6Om5eVrFesr4Vu+jg3o2XXq1Nb3Df4d7cQ3PWxeHEsqPmy/3B5xD0Li7e9U+31zYx44hBCtKh4zQH5MQiGRiml5gLSVFE6/nG1I6s1KQjCu4oMjJUQq/cSwc5iGZ4nNwkbmFboIystZ3nOIj0Lxid1Aieyi2dFRiqAJi7tSAQMzC3lxy2/sdnwZwcWBFhyt1+TaMpmlGo1EltJ81wggR4alJ375o7CfDHBQuCYDncRIInNcJxG+gKNWmmkuS9TxTMQp8XGA1lPpmHjZXf+DqS6gPb6ujmjCaR+svfJQbnfjPv0lB2lFVFe08PL4fJT1vduxFr3CHKQmcgmZZWBggcf1H8bT5Snj+ChWGgF636As18tL4GN3q0CZTOr8T7KZ+h5KVOhdrgu7dVJh1CJ6hOTEUoCoa78Sw76xS9fnV+6qYqEMXVN9MQXqZTIymJIK3vxZRdzv64gUzXCB9zZ4DN5MgAuBtSo8YJho+xUi6pWiZoJZHMefec5f7utdBaoy00otsvE9Eb9/Mu4H0wgGfJ6+fexDNa3Gj1RVTSm8M87iYeky1/zJOzycsno0er/VKznMEeAUky+CjWsxWiUf22dFPI+bNFv+hvdtN0G7Q
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d839c72-7e8f-4c40-b802-08db7d88167a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2023 18:46:04.9191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Il6L/CthU4KEgP36GJnFJMkY/cI8P4JRpVMyUvsZvl/dPFzZPVA+9iZhKPkMNNQP3aeAP/Sb4Wliu6Zox+/AOjG7/uwa4GPKVOlmIVAVc74=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR14MB4685
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/xKp44NnXPmcqpGHtY5ws9r1OHHM>
Subject: Re: [Last-Call] Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 18:46:16 -0000

Hi Tim,
Thank you for your review. Comments inline.

> This is a very minor nit, but when I was validating the ABNF, I realized the proper order should have these two first

My preference would be to keep the grammar as-is, for two reasons:

1. The current grammar is identical to that in RFC 8659 and reordering them would introduce a deviation between the two documents.
2. While entirely reasonable that production rules should be defined prior to being used, I don't believe that RFC 5234 provides any guidance regarding the relative ordering of production rules.

However, I'd be happy to change the ordering if there are strong feelings that this should be changed.

>    malformed.client.example     CAA 0 issuemail "authority.example; %%%%%"
> If I read this correctly, the entire record is ignored.  Is this true?

The record isn't ignored, but rather treated as if it contains an empty issuer-domain-name. In the absence of any other issuemail records in the RRSet, this would be interpreted as a prohibition on issuance.

Thanks,
Corey

-----Original Message-----
From: Tim Wicinski via Datatracker <noreply@ietf.org> 
Sent: Saturday, July 1, 2023 5:51 PM
To: dnsdir@ietf.org
Cc: draft-ietf-lamps-caa-issuemail.all@ietf.org; last-call@ietf.org; spasm@ietf.org
Subject: Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04

Reviewer: Tim Wicinski
Review result: Ready with Nits


Reviewer: Tim Wicinski
Review result: Ready with Nits

I have been selected as the DNS Directorate reviewer for this draft. The DNS Directorate seeks to review all DNS or DNS-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the ADs.
For more information about the DNS Directorate, please see https://wiki.ietf.org/en/group/dnsdir


I find the document well written, and easy to understand.  I have a few minor nits.


This is a very minor nit, but when I was validating the ABNF, I realized the proper order should have these two first:

    label = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT))

    issuer-domain-name = label *("." label)

Like I said, very minor. (according to bap)



A question on malformed parameters (Section 4): 
The text says this:

   However, parameters that do not conform to the ABNF syntax as defined
   in Section 3 will result in the issuemail-value being not conformant
   with the ABNF syntax.  As stated above, a Property whose issuemail-
   value is malformed SHALL be treated as if the issuer-domain-name in
   the issuemail-value is the empty string.

And you have this example of a malformed property. 

   malformed.client.example     CAA 0 issuemail "%%%%%"


But what happens if this is the record?

   malformed.client.example     CAA 0 issuemail "authority.example; %%%%%"

If I read this correctly, the entire record is ignored.  Is this true?

v2.23.0 | Report a Bug | By Email