Re: draft-arends-dnsnr-00
Samuel Weiler <weiler@tislabs.com> Tue, 27 July 2004 15:38 UTC
From: Samuel Weiler <weiler@tislabs.com>
Subject: Re: draft-arends-dnsnr-00
Date: Tue, 27 Jul 2004 11:38:02 -0400
Lines: 40
Sender: owner-namedroppers@ops.ietf.org
References: <Pine.BSO.4.56.0407121709550.12231@trinitario.schlyter.se>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: namedroppers@ops.ietf.org
X-From: owner-namedroppers@ops.ietf.org Tue Jul 27 17:46:04 2004
Return-path: <owner-namedroppers@ops.ietf.org>
X-X-Sender: weiler@filbert
To: Roy Arends <roy@dnss.ec>
In-Reply-To: <Pine.BSO.4.56.0407121709550.12231@trinitario.schlyter.se>
Precedence: bulk
X-Message-ID:
Message-ID: <20140418071905.2560.7547.ARCHIVE@ietfa.amsl.com>
Avoiding the terminology discussion entirely... I'm confused about how DNSNR is supposed to work with hashed next names. Perhaps I'm missing something. I'd like to be enlightened. It looks like you're continuing to use DNSNR/NSEC3 owner names which match "actual owner names", to borrow Ben's terminology. For example (and I'd love to see an example with hashed owner names in the doc): example.com. 86400 IN DNSNR ? 1 34abc (hash(34abc+alpha)) types alfa.example.com. 86400 IN DNSNR ? 1 34abc (hash(34abc+beta)) types beta.example.com. 86400 IN DNSNR ? 1 34abc (hash(34abc+apex)) types (Which ignores the authoritative-only bit and doesn't say how much of the next name you're hashing, since I don't understand that part of the discussion.) What answer is given in response to a query for c.example.com? The beta DNSNR tells me nothing, since I can't tell what name was used to create the hash, and I can't tell if c.example.com would be covered by the DNSNR or not. In other matters, I find the discussion of the authoritative only bit in 2.1.1 confusing, if not misleading. If you want to not have DNSNRs for unsecure delegations (or optionally not have them), just say that. Make it clear whether the authoritative only bit is a per-zone thing or applies per-span, like opt-in. And the incomplete citation in the first paragraph of 2.1.4 is likely to be inconsistent with not requiring DNSNRs at each name (including those unsecure delegations). Also, the presentation format of the hash value is inconsistent between 2.1.2 (third paragraph) and 2.2. -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- comments on draft-arends-dnsnr-00 Scott Rose
- comments on draft-arends-dnsnr-00 Loomis, Rip
- Re: comments on draft-arends-dnsnr-00 Roy Arends
- Re: comments on draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Badami
- Re: draft-arends-dnsnr-00 David Blacka
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Paul Vixie
- Re: draft-arends-dnsnr-00 Olaf M. Kolkman
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Ben Laurie
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Samuel Weiler
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Samuel Weiler
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Edward Lewis
- Re: draft-arends-dnsnr-00 Roy Arends
- Re: draft-arends-dnsnr-00 Roy Arends