IETF Logo Mail Archive

Re: [dnsext] resolving IESG comments on draft-ietf-dnsext-dnssec-bis-updates

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 10 July 2012 14:50 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2068F21F86DE; Tue, 10 Jul 2012 07:50:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1341931831; bh=O82L3sry4x1R6ZOdQnlho5iclZhutfwcuW2XqeUbLR4=; h=Mime-Version:From:In-Reply-To:Date:Message-Id:References:To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=aARmupPhAbze84hRM9k9g9a6jHQx/GEUpYJbUCM01i6QDdsnNkMWwZy5ByV31vQy9 5Y4aMPHPM0PAejnKsDkDdtYr857GHbpV+sUB1QqrBMc+XXVzm93Y1KkHAMclWsee5q XMUxvbFITMRKbyyIi0PFxzVHhHkCzUkDegBh9z+I=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A65A921F86E3 for <dnsext@ietfa.amsl.com>; Tue, 10 Jul 2012 07:50:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.575
X-Spam-Level:
X-Spam-Status: No, score=-102.575 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TseJXhYzAhXo for <dnsext@ietfa.amsl.com>; Tue, 10 Jul 2012 07:50:24 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 4B15621F86DC for <dnsext@ietf.org>; Tue, 10 Jul 2012 07:50:24 -0700 (PDT)
Received: from [10.20.30.102] (50-1-50-97.dsl.dynamic.fusionbroadband.com [50.1.50.97] (may be forged)) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id q6AEooAn014037 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 10 Jul 2012 07:50:51 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1278)
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <alpine.BSF.2.00.1207100827380.30040@fledge.watson.org>
Date: Tue, 10 Jul 2012 07:50:51 -0700
Message-Id: <D3D58A5F-D4DF-4ECA-AE2E-09008E7FAD52@vpnc.org>
References: <alpine.BSF.2.00.1207100827380.30040@fledge.watson.org>
To: Samuel Weiler <weiler@watson.org>
X-Mailer: Apple Mail (2.1278)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] resolving IESG comments on draft-ietf-dnsext-dnssec-bis-updates
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Jul 10, 2012, at 6:20 AM, Samuel Weiler wrote:

> I've been churning through the IESG telechat comments and single discuss on draft-ietf-dnsext-dnssec-bis-updates.
> 
> I have two questions for the WG, and I want to report on several textual changes that I plan to adopt, inspired by the IESG's comments.
> 
> 
> Q1: (from Stephen Farrell)
> 
>> During the "no answer" mega-discussion on the DANE list, [1] I
>> seem to recall this comment was made more than once: "you're
>> seeing all this because you're maybe the first new
>> application that really needs DNSSEC," or words to that
>> effect. Should any of that discussion be reflected in this
>> document? (I assume its not already there for timing reasons
>> if nothing else.)
>> 
>>  [1] http://www.ietf.org/mail-archive/web/dane/current/msg04845.html

It would be helpful to DANE and future protocols if "no answer" was discussed more fully. The amount of differing opinions about the four states *even among DNSSEC-knowledgeable people* in that thread and others was significant. The fact that "bogus" is defined differently in different DNSSEC documents didn't help us come to conclusion, either.

> Q2: There's been another call to explain why section 3.1 says a validator MUST implement a BAD cache.  If nothing better comes up, I plan to just cite http://www.potaroo.net/ispcol/2010-02/rollover.html Is there anything better?  Or is there a short summary we can just copy into this doc?

Citing that article works, but a short summary would be better.

--Paul Hoffman

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email