IETF Logo Mail Archive

Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16

Samuel Weiler <weiler@watson.org> Mon, 12 March 2012 21:24 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36AE11E8088; Mon, 12 Mar 2012 14:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331587449; bh=tKux4Qk3IexcasPekHereSdBnIlMarl0yxoes7QBs+Q=; h=Date:From:To:In-Reply-To:Message-ID:References:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Transfer-Encoding:Content-Type:Sender; b=qQoE1RtqRoaOVb8zuY3I5mnCFr/LIGSwwnQJvLs075m/rgiX5pImm/ZLnDEjJa/JO 5GFBpi1MCZ5wKDmtb4WfQ4gt32cxsRHDYwBDpLuPWaO6dbcRkHQqaqxc27G99qeinh o9XqWIff1pOTWxq4MTLoLsIFerhVSW7nyh0AXmKM=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FBF521F87C8 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 14:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.428
X-Spam-Level:
X-Spam-Status: No, score=-2.428 tagged_above=-999 required=5 tests=[AWL=0.171, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5srtz67CLJR for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 14:24:07 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id EA38C21F8981 for <dnsext@ietf.org>; Mon, 12 Mar 2012 14:24:06 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id q2CLO6VL043625; Mon, 12 Mar 2012 17:24:06 -0400 (EDT) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id q2CLO502043621; Mon, 12 Mar 2012 17:24:05 -0400 (EDT) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Mon, 12 Mar 2012 17:24:05 -0400
From: Samuel Weiler <weiler@watson.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <4A30B716-F051-41F5-B237-29C6397289A5@vpnc.org>
Message-ID: <alpine.BSF.2.00.1203121719510.39342@fledge.watson.org>
References: <20120120054939.GD4365@mail.yitter.info> <20120120142243.GE4944@mail.yitter.info> <4F2967EF.8070502@nlnetlabs.nl> <4A30B716-F051-41F5-B237-29C6397289A5@vpnc.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Mon, 12 Mar 2012 17:24:06 -0400 (EDT)
Cc: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Wed, 1 Feb 2012, Paul Hoffman wrote:

> 5.10 is long, scary, and useless for most environments because most 
> environments will have just one trust anchor.

It is long and scary.  Earlier discussion on list discarded several 
ways of helping with that.  David and I came up with a new one: we 
stuck most of the text in an appendix.  It's still long, but maybe it 
will now be less scary.  I think this change is purely editorial; if 
we need to back it out later, we can.  Please let us know if you like 
it.

> 5.6 (setting the DO bit in replies) suggests resolvers should "be 
> liberal in what they accept". That's a bit vague. Instead, say ... 
> "Because some implementations ignore this rule on sending, the rule 
> for receivers is now that they MUST NOT expect the DO bit to be set 
> as it was sent."

We have added normative language.  I know Andrew was uneasy with that, 
having only heard from three of us (you, me, and David Blacka), but I 
continue to contend that this is the clearer way to say what we were 
saying anyway.  Andrew, if you need to flag this in the proto 
write-up, feel free.

-- Sam

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email