Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
Edward Lewis <Ed.Lewis@neustar.biz> Fri, 20 January 2012 16:55 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EBD521F8649; Fri, 20 Jan 2012 08:55:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1327078548; bh=umwjhoyIhvR/L/nWdQx98/aicOlO8vADNli77SCLv2A=; h=Mime-Version:Message-Id:In-Reply-To:References:Date:To:From:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Transfer-Encoding:Content-Type:Sender; b=nnT4fc6J7qWOQM+bI/otyHnL2rBXwbFq13Q/VyhCPc6aKJE/s2w197a2vVBS4q3SK Ou72vteQDHIcGyIFrO8BYASP2ofTUKiR4p1LpDVTL0Sfg3lwAp4Xt+RKIjHagWZDq/ p2U65MIDeeQn4bjTSWrX4aAzcOe5G6RBOUWI4+/E=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC5D321F8646 for <dnsext@ietfa.amsl.com>; Fri, 20 Jan 2012 08:55:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.84
X-Spam-Level:
X-Spam-Status: No, score=-105.84 tagged_above=-999 required=5 tests=[AWL=0.759, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iveQ7xKNdzO4 for <dnsext@ietfa.amsl.com>; Fri, 20 Jan 2012 08:55:46 -0800 (PST)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id EA52621F863B for <dnsext@ietf.org>; Fri, 20 Jan 2012 08:55:45 -0800 (PST)
Received: from nmet-lt60.cis.neustar.com (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id q0KGtgWw014881; Fri, 20 Jan 2012 11:55:43 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz)
Received: from [192.168.129.98] by nmet-lt60.cis.neustar.com (PGP Universal service); Fri, 20 Jan 2012 11:55:43 -0500
X-PGP-Universal: processed; by nmet-lt60.cis.neustar.com on Fri, 20 Jan 2012 11:55:43 -0500
Mime-Version: 1.0
Message-Id: <a06240801cb3f4c060c50@[192.168.129.98]>
In-Reply-To: <20120120142243.GE4944@mail.yitter.info>
References: <20120120054939.GD4365@mail.yitter.info> <20120120142243.GE4944@mail.yitter.info>
Date: Fri, 20 Jan 2012 11:55:22 -0500
To: Andrew Sullivan <ajs@anvilwalrusden.com>
From: Edward Lewis <Ed.Lewis@neustar.biz>
X-Scanned-By: MIMEDefang 2.72 on 10.20.30.4
Cc: dnsext@ietf.org
Subject: Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Comments. In 2005 it was too soon to publish, now it is not. And at this point there may be more and more wrinkles in the DNSSEC specs, but we need to get out at least this (first) update. Some comments: Pressence has a presence in the document. It shouldn't (the spelling, I mean). 5.9's title is misleading. The content is good, it's about answering from cache in the face of a CD query. But "always doing CD" only applies to elements that will do their own validation. 5.4 could optionally make the point that a validator that expects all signatures to be good and/or all chains to work is vulnerable to malicious insertions of gibberish-based signatures. It's harder to construct a good chain than a false chain. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Vote for the word of the day: "Papa"razzi - father that constantly takes photos of the baby Corpureaucracy - The institution of corporate "red tape" _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updat… Andrew Sullivan
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Andrew Sullivan
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Edward Lewis
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… W.C.A. Wijngaards
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Warren Kumari
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Michael StJohns
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Matthijs Mekking
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Paul Hoffman
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Blacka, David
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews