Re: [dnsext] Issues in WGLC of dnssec-bis-updates
"W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Thu, 09 February 2012 09:25 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 840F921F86C2; Thu, 9 Feb 2012 01:25:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1328779554; bh=COBGRFRWiKHlAB/xooJ6+2sXm8ki5oJsn/2gOOHSqD0=; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=m1rONHKO2U2iEbO97Ws8TT6jzMSJZ4wuozf32zDp5if9+dd2fOGhHeAtMqQXE/2yi Bc/ZCYx+l8ImjjCuranv0+uVUwTPjRcnut2IRRynnOav7b9iTRrN+GSlpk0OBOehqc t247WVh8Axf9RVNxEYCs10marSatDivCP/TYG0JI=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E748821F86C3 for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 01:25:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AiCBZQLiQXWD for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 01:25:52 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D9621F86C1 for <dnsext@ietf.org>; Thu, 9 Feb 2012 01:25:51 -0800 (PST)
Received: from axiom.nlnetlabs.nl (axiom.nlnetlabs.nl [IPv6:2001:7b8:206:1:222:4dff:fe55:4d46]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.4) with ESMTP id q199PmfY040349 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <dnsext@ietf.org>; Thu, 9 Feb 2012 10:25:49 +0100 (CET) (envelope-from wouter@nlnetlabs.nl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1328779550; bh=sX5Nnt3nHkQydpgKFF2IZjom/HRHTKS5sAij5ABoSLE=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=omM6ElWjKIiCenzK858NVG7AzhP7o48rPDXZjmkd3P7jkGzoYvpsCDTt28VD3oldk 1x0qpSIXTsV7sfjCG2/iyjj4Z9EtubNyHS4aY40wB7vuCT4hwOZK6hM4pjeH3gsvks IH7fVV4+UGA4wpHV6Z9Zv+CX1qoZEau+2jePUIpA=
Message-ID: <4F33911C.2080601@nlnetlabs.nl>
Date: Thu, 09 Feb 2012 10:25:48 +0100
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0
MIME-Version: 1.0
To: dnsext@ietf.org
References: <20120207151820.GE9478@crankycanuck.ca> <4F31449C.9040604@nlnetlabs.nl> <a06240801cb570a945202@192.168.128.143> <CACU5sD=bUC9bC_OW4SeH2h6DPM+d3+-JkZyz=6u=dpmj+7rVjw@mail.gmail.com> <4F3232B6.3060505@nlnetlabs.nl> <20120208185617.GH11475@mail.yitter.info> <D1AA03C9-DAEA-4374-AA51-A05F0738026A@vpnc.org>
In-Reply-To: <D1AA03C9-DAEA-4374-AA51-A05F0738026A@vpnc.org>
X-Enigmail-Version: 1.3.5
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Thu, 09 Feb 2012 10:25:49 +0100 (CET)
Subject: Re: [dnsext] Issues in WGLC of dnssec-bis-updates
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul, Andrew, On 02/08/2012 08:48 PM, Paul Hoffman wrote: > On Feb 8, 2012, at 10:56 AM, Andrew Sullivan wrote: > >> No hat. >> >> On Wed, Feb 08, 2012 at 09:30:46AM +0100, W.C.A. Wijngaards >> wrote: >>> >>> On 02/07/2012 08:51 PM, Mohan Parthasarathy wrote: >>> >>>> How does it help the application to make this more fine >>>> grained ? >>> >>> No, the application just wants all bogus data to be removed. >>> Data that is secure and data that is not DNSSEC signed is what >>> it wants. >> >> It seems to me that the above is either a matter of policy or a >> matter of implementation. That is, some applications will surely >> only want data that they can know for sure is valid, and in >> particular will not want any unsigned data no matter what. >> >> This could be implemented in more than one way. One is to hand >> the application everything that is validated and unsigned, and >> let the application work out which it wants. But another would >> be for the application to be able to signal this choice to the >> resolver. No? > > > In specific, the current proposal for DANE wants to know if it is > getting bogus data. It treats bogus data as quite different than > "no record received". See the bulleted list in section 5 of > draft-ietf-dane-protocol-16.txt. > > If the DNSEXT WG thinks that it is going to change dnssec-bis to > make the change Wouter suggests, the DANE WG needs to hear about it > *very soon*. Let me state that I do not want to make such a change. For backwards compatibility DNSSEC has this facility to figure out which zones are signed and validatable by the validator, and this backwards compatibility can be used for DANE too. Thus it wants to know the precise secure, insecure and bogus validation results. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPM5EcAAoJEJ9vHC1+BF+NZZ8P/A1qquwHtxibDeRAAoDOZm6m pO8/n1wiO7JeTf8RlU5aWrLOCv0oejwOtzp68kV2Xgb+G+yJtgWrhMWizxhnDWxR NY+FJeHrNGGs8GATPjT6j9t079k+VlCdp5lxrdLV7k05tpkbCHOAWmnrBvSqC7AC Uicf78Iwt3aailho4UawrCiWkWCZTZliXbWQtVqlXis51i4I4g1WScc+Dbwz2xHZ GWvWBZpZce5XuyprBeZKlzuQCGcBHMc+mcJ5crdaFF5M/m0QIRThpzGEyPDhPPUR 3YXBXBM4cxUZUxbg3mOlbzdcIgQR3vNOSMbP470cVdc10e3304kmKP9IvHCWqnEY TauAteTRusowRFOFDIVzguocC+tfz/7V2Q0+VWay2qT2BhnnS75LXUYZ4JjHIxJh 3dzQjyMBDqZldChXcDJq08KZNMsJjdrgnDOSZfzZB2ii4n/DJ09jha2AkN4QS5tD 0G4VCDt/IGOYva4XLdi+qHZ843Skj3sP5BZyJ52TQ1yKjIfJ0pfVa7xPtdoXXRzD 5ctkJqNkIHKjkeGie7OACtwWRBgggRJgEnQXj569GZxWSUevTZ2Pv5BRmCI8aodL y1yx6cvPFiXJSfHg+rEWgHWMZqI9QgoJIkVU+AX3n5ph3dvfL5lDuMvC8KRQHpL2 7Zd//f4hL3W3Ay6JpT0G =70uC -----END PGP SIGNATURE----- _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Edward Lewis
- [dnsext] What is indeterminate Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] What is indeterminate Mark Andrews
- Re: [dnsext] What is indeterminate Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates bmanning
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Eric Brunner-Williams
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Edward Lewis
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Samuel Weiler
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Wes Hardaker