Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
Mohan Parthasarathy <suruti94@gmail.com> Sat, 28 January 2012 02:21 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4D7921F858F; Fri, 27 Jan 2012 18:21:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1327717299; bh=uD2GuiPnmmS1JZjBvqFyrmJ228CjggxtYGwgNC9Nukc=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:From:To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=gq0kO5CkceBwwIAbwtFlejHa7bFunYD6vlAE9cFR4XPlR7hmtwChSJSStMsByWDvA dHc7yLBlLhEF2JIkSUqVK5g+4qYipCPavCtSU35MuiYheJ8NgIgnWd7HqNbPG++cDE UPFkxWNb2M0eEZ5QBbwRluEJnxZFce9oNrnVuh0s=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76CEC21F858F for <dnsext@ietfa.amsl.com>; Fri, 27 Jan 2012 18:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.109
X-Spam-Level:
X-Spam-Status: No, score=-3.109 tagged_above=-999 required=5 tests=[AWL=0.490, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uenYpotzjnmN for <dnsext@ietfa.amsl.com>; Fri, 27 Jan 2012 18:21:36 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id B19F021F8589 for <dnsext@ietf.org>; Fri, 27 Jan 2012 18:21:36 -0800 (PST)
Received: by obbwc12 with SMTP id wc12so2823929obb.31 for <dnsext@ietf.org>; Fri, 27 Jan 2012 18:21:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=yKqXpu1kOSJmsWsyig3eBCFl87yxj3utcqiSA1GR3Ls=; b=iQAzev8P51/aybjaDu6NbVw0BKqZozR+0f/BNeZ5wgdzsXNxDOmxvrlwP9VPcNtmlz bZg4WFdP7jH60NkDM7K2lTG93c+SOX/AL5eRZFMNdWJp8zFRKtKCIR6ttbOG2c5ymYoL XkTT+3Vnite/qar6h6sAlaMGgTOh77DfNLURM=
MIME-Version: 1.0
Received: by 10.182.36.106 with SMTP id p10mr8815911obj.55.1327717295274; Fri, 27 Jan 2012 18:21:35 -0800 (PST)
Received: by 10.182.147.105 with HTTP; Fri, 27 Jan 2012 18:21:35 -0800 (PST)
In-Reply-To: <20120120054939.GD4365@mail.yitter.info>
References: <20120120054939.GD4365@mail.yitter.info>
Date: Fri, 27 Jan 2012 18:21:35 -0800
Message-ID: <CACU5sDnS-3V26yKyvTGObR67H2LPiBjWxCZAbMpHPZrgXJeNFg@mail.gmail.com>
From: Mohan Parthasarathy <suruti94@gmail.com>
To: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updates-16
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
I read the draft and support publication of the draft.
Here are a few comments...
- Section 4.4 Insecure Delegation proofs last sentence is very
confusing. An example as to what attack this is describing would be
helpful to the implementer.
- Section 5.7 setting the AD bit on queries. Is CD=0,DO=0 in the query
same as AD=1,DO=0 ? If so, why do we need two ways ? I might have
missed the discussion on this earlier. If there is a valid reason,
that needs to be stated explicitly as to why we are introducing this
new option.
- The "Security Considerations" section says:
This document adds two cryptographic features to the core DNSSEC protocol.
Is this referring to the algorithms mentioned in section 2.2 (
which actually lists three) or something else ?
-mohan
On Thu, Jan 19, 2012 at 9:49 PM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
> Dear colleagues,
>
> This message initiates a three week Working Group Last Call on the
> document draft-ietf-dnsext-dnssec-bis-updates-16. LC will close on
> 2012-01-11 at 00:00 UTC.
>
> The WG's standard conventions, which require five reviewers who state
> that they have read the draft and support its publication as a
> necessary but not sufficient determinant of rough consensus, are in
> force. Please review the document and post to the list any comments
> you have before the close of LC. If you cannot meet that deadline,
> but are willing to commit to completing a review and can give me a
> firm date for it (and that date is within a reasonable horizon), I
> will announce an extension of the LC deadline. I'd appreciate it if
> you'd tell me of this need sooner rather than later. Specific
> comments are much better than generic ones, and specific comments with
> suggested text (if you find some text wanting) are particularly
> encouraged.
>
> Speaking only personally, this draft is the product of several years
> of WG work: the -00 of the draft was submitted in 2005. Moreover, it
> is the product of a lot of heated discussion and careful teasing out
> of the issues involved. I would be sad to discover that we could not
> find (rather) more than five reviewers for this document.
>
> I will be the shepherd for this document if it is sent to the IESG.
>
> Best regards,
>
> Andrew
>
> --
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-updat… Andrew Sullivan
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Andrew Sullivan
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Edward Lewis
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… W.C.A. Wijngaards
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Warren Kumari
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Michael StJohns
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Matthijs Mekking
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Paul Hoffman
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Blacka, David
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mohan Parthasarathy
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Samuel Weiler
- Re: [dnsext] WGLC: draft-ietf-dnsext-dnssec-bis-u… Mark Andrews