Re: [dnsext] Issues in WGLC of dnssec-bis-updates
Andrew Sullivan <ajs@anvilwalrusden.com> Tue, 07 February 2012 16:23 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB1AD21F86A5; Tue, 7 Feb 2012 08:23:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1328631835; bh=Wzz3IJyJym8cyDm6BuNAdWRqM9kn3mPhjQ04sTVLYkQ=; h=Date:From:To:Message-ID:References:MIME-Version:In-Reply-To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=cEwDzHEvcBysxsxU6+tk9iPFAvBpWHX8RF9R47vkgJJvKvbxB+Prvdnm8rrB96sfE HtvsJBO8Z00i8Q7St/y6FzOvS525UmXyyd60gvM6nfGCMqgUJ6ifEzlHXOxXa02Vhk 4zayA+w1vMXvgBy4yg1s3T3W0767g4xOekkcSKfE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2288621F86A5 for <dnsext@ietfa.amsl.com>; Tue, 7 Feb 2012 08:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.607
X-Spam-Level:
X-Spam-Status: No, score=-2.607 tagged_above=-999 required=5 tests=[AWL=-0.008, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3E1b5nHd1uU for <dnsext@ietfa.amsl.com>; Tue, 7 Feb 2012 08:23:53 -0800 (PST)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by ietfa.amsl.com (Postfix) with ESMTP id 51EE121F869C for <dnsext@ietf.org>; Tue, 7 Feb 2012 08:23:47 -0800 (PST)
Received: from mail.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id A4D4A1ECB41D for <dnsext@ietf.org>; Tue, 7 Feb 2012 16:23:46 +0000 (UTC)
Date: Tue, 07 Feb 2012 11:23:44 -0500
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsext@ietf.org
Message-ID: <20120207162344.GH9478@mail.yitter.info>
References: <20120207151820.GE9478@crankycanuck.ca> <4F31449C.9040604@nlnetlabs.nl>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <4F31449C.9040604@nlnetlabs.nl>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dnsext] Issues in WGLC of dnssec-bis-updates
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Hi, On Tue, Feb 07, 2012 at 04:34:52PM +0100, W.C.A. Wijngaards wrote: > > I feel the first (4033) is a better description. I personally use a > definition for this as: this portion of the tree does not have a trust > anchor above it (higher up the hierarchy), and therefore is not secure, > insecure, or bogus. Note that with the root trust anchor the > indeterminate state no longer occurs, since we know everything is > covered by that trust anchor. This is extremely interesting and helpful; thanks. I wonder about something, though. What should we call the state you get when you have a validating resolver that can only speak to upstream resolvers that all respond NOTIMP (or similar) to the DO bit? That case appears to be covered by the 4035 definition and not the 4033 one. Is this "unvalidatable" rather than "indeterminate"? Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Edward Lewis
- [dnsext] What is indeterminate Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] What is indeterminate Mark Andrews
- Re: [dnsext] What is indeterminate Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates bmanning
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Eric Brunner-Williams
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Edward Lewis
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mark Andrews
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Mohan Parthasarathy
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates W.C.A. Wijngaards
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Samuel Weiler
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Andrew Sullivan
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Paul Hoffman
- Re: [dnsext] Issues in WGLC of dnssec-bis-updates Wes Hardaker