Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
Miek Gieben <miek@miek.nl> Sun, 11 March 2012 10:02 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 653B621F8665; Sun, 11 Mar 2012 03:02:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331460157; bh=oSEEceMZntb+4sq9HEW2sdfPv8dyFAgD4q0yNPc4mdo=; h=Date:From:To:Message-ID:References:MIME-Version:In-Reply-To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Sender; b=JOkwmf1b6X43RMAHrnuYinHMaITbDRqgJuN3jh7DiPhtcNKZu5ZmEbZudpJDr/ygB ZJPCbutdbh+Z5jO/0dFh1iQ2c6u658/42rXb4aA4L8OP6uKo/AR5OfJffeDjdYwaxr AJ1ErZ8ZKIWMYwx99oXNSRVbnXN12FJMO16a0hsY=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1B8921F8665 for <dnsext@ietfa.amsl.com>; Sun, 11 Mar 2012 03:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.148
X-Spam-Level:
X-Spam-Status: No, score=-2.148 tagged_above=-999 required=5 tests=[AWL=0.452, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcp6gIOUsOSt for <dnsext@ietfa.amsl.com>; Sun, 11 Mar 2012 03:02:35 -0700 (PDT)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4165A21F8664 for <dnsext@ietf.org>; Sun, 11 Mar 2012 03:02:34 -0700 (PDT)
Received: by elektron.atoom.net (Postfix, from userid 1000) id A49A440034; Sun, 11 Mar 2012 11:02:32 +0100 (CET)
Date: Sun, 11 Mar 2012 11:02:32 +0100
From: Miek Gieben <miek@miek.nl>
To: dnsext@ietf.org
Message-ID: <20120311100232.GB23576@miek.nl>
Mail-Followup-To: dnsext@ietf.org
References: <20120306162935.4172.91398.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
In-Reply-To: <20120306162935.4172.91398.idtracker@ietfa.amsl.com>
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5114472141490609468=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
[ Quoting <internet-drafts@ietf.org> at 08:29 on Mar 6 in "[dnsext] I-D Action:..." ] > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-algo-signal-04.txt I've read the draft and I support it. Below are a few things I found. (And I still have this question: http://www.ietf.org/mail-archive/web/dnsext/current/msg12286.html) | These signaling options can be | used by zone administrators as a gauge to measure the successful | deployment of code that implements a newly deployed digital signature | and hash algorithm, DS hash and NSEC3 hash algorithm used with | DNSSEC. This sentence has some funny wording. | A validating stub resolver already (usually) sets the DO bit already (usually), either already of usually? | 5. Server Considerations What if the server can not comply to the clients wishes? Does it need to send back an empty DUA edns0? | The goal of this option is these options are to signal new algorithm | uptake in client code to allow zone administrators to know when it is | possible to complete an algorithm rollover in a DNSSEC signed zone. It this the goal? Because with this option we can also facilitate hash rollovers in nsec3. Regards, -- Miek Gieben
_______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Warren Kumari
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Patrik Fältström
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- [dnsext] FW: I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Mark Andrews
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] FW: I-D Action: draft-ietf-dnsext-dn… Scott Rose