Re: [secdir] SECDIR review of draft-ietf-dnsop-root-loopback-03

joel jaeggli <joelja@bogus.com> Mon, 14 September 2015 17:44 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36211B2EC5; Mon, 14 Sep 2015 10:44:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jt2qx5q9UGvS; Mon, 14 Sep 2015 10:44:56 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CF981B3A90; Mon, 14 Sep 2015 10:44:56 -0700 (PDT)
Received: from mb.local ([156.39.136.139]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t8EHiqKv058169 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 14 Sep 2015 17:44:53 GMT (envelope-from joelja@bogus.com)
To: Paul Hoffman <paul.hoffman@vpnc.org>, Matthew Lepinski <mlepinski.ietf@gmail.com>
References: <CANTg3aAPYVTHzLLDNBKCpikCFREqHSpsAe_vHm8Z7LVTjSKyCg@mail.gmail.com> <138F09FC-109C-410E-ACA7-2DADF3D4460D@vpnc.org>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <55F7078E.2070802@bogus.com>
Date: Mon, 14 Sep 2015 10:44:46 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Thunderbird/40.0
MIME-Version: 1.0
In-Reply-To: <138F09FC-109C-410E-ACA7-2DADF3D4460D@vpnc.org>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OtT1oKHMOlSUPLsiCNVxbwbe8B7HB02nT"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/J96sfCWVcH15P3H2q7wStmdV4Zc>
Cc: draft-ietf-dnsop-root-loopback.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review of draft-ietf-dnsop-root-loopback-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2015 17:44:58 -0000

On 9/14/15 8:17 AM, Paul Hoffman wrote:
> Thanks! We have made these changes in the pre-draft of -04. If the ADs
> want us to publish this before the IESG review, we can; otherwise, we'll
> wait until after the IESG review to release them.


It's fine by me if you do that. no reason not to be dicsussing the
latest version so long as we have a few days between the update and the
review call.

thanks
joel

> --Paul Hoffman
> 
>       <t>A system that does not follow the DNSSEC-related requirements
> given
>       in <xref target="reqs"/> can be fooled into giving bad responses
> in the
>       same way as any recursive resolver that does not do DNSSEC
> validation on
>       responses from a remote root server. Anyone deploying the method
>       described in this document should be familiar with the operational
> benefits
>       and costs of deploying DNSSEC <xref target="RFC4033"/>.</t>
> 
>       <t>As stated in <xref target="intro"/>, this design explicitly
> only allows
>       the new root zone server to be run on a loopback address, in order to
>       prevent the server from serving authoritative answers to any
> system other
>       than the recursive resolver. This has the security property of
> limiting
>       damage to any other system that might try to rely on the copy of
> the root
>       in case that copy becomes altered.</t>
>