Re: [lamps] [dnsdir] Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04
Tim Wicinski <tjw.ietf@gmail.com> Wed, 05 July 2023 18:58 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 846D9C151093; Wed, 5 Jul 2023 11:58:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iVPX3z19YA7G; Wed, 5 Jul 2023 11:58:49 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC2BFC151089; Wed, 5 Jul 2023 11:58:49 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-99357737980so466261066b.2; Wed, 05 Jul 2023 11:58:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688583528; x=1691175528; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7bNbMP79mn0hK4pXWd8LCa57sAQtwKnrcp1vlKtxwL8=; b=MGtelhc7eWJVkk3NV2e3hxZjldZKnS7lMkVSRgn4Eo1pXJevISJQX2xO6bEHKHI43F 4of5O5NBoJ5qKBQ+3uuXN6Wk4QacHG4RcBcFwqUg3g6Lvg+IHga3/0hUvQrFS41Opdqu l1X7v5WDNgN6IkQlLKnZj5fNEaHGIQwHR+rEZuFHRUTopZlzblITg/67v7utGlP6DBeE R+dPar/eDKxkeqDzVNIj0lL8Edf8VoKH/t6QYj4M//OlFqCiMvLPTWJZNh6A4MKH12Oy kyd8Hfj6I+PSm9Xv45SjOu63jV8cWs9bJRpasynZGvMM5j1ZkIDvuVwhMLSSDNSnO8TV 5IvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688583528; x=1691175528; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7bNbMP79mn0hK4pXWd8LCa57sAQtwKnrcp1vlKtxwL8=; b=ARXfHoZFRu4cRhglLtdTq1rF9y980MldTATPnYTHBTm17Kt0bDkOQZAlwkdNGd15qp C9DEq0Fb1QzcLQfkpXnwi0QW0FpYflgY5thNVtk1uc7g5/gkRmiKHpz7idcNxjjfjhgb AgJiw7MklG8oPiDNuUN+QO3CEwz9KGOAVYNCZtUbalfJE87v/yRByxM3xnGTT+4QWJI6 qoRZvPBBaekspqh83pSg4Dmyrl3Ungvbz+pszSbw952dQtrtBtHlQvvy/ihLdEiCk+0h 9w1DbWNptPrEZbIcy48L6W66hUQl0/oOHAfLIotHAQs+hJ/PC6B+m7OGjGPFTWAxa/WX Av2w==
X-Gm-Message-State: ABy/qLbN0KDmKZ191RdW7a79NQx/Rjjn+PvtPPXXix5hw228OtMd5oUu 8vCSzYgQ/4CUMrhVU7a25A61qOL2a1MTf5rTjyXDUkfCYfs=
X-Google-Smtp-Source: APBJJlHgbswPjgC1mosrSG1wLlKcKTBzcAwpK+WMEjk8CAWNw11bwK6UiYzMkJwfHuMT/eQJjF234c5Y+iDUyrdUU90=
X-Received: by 2002:a17:906:aaca:b0:978:6e73:e837 with SMTP id kt10-20020a170906aaca00b009786e73e837mr15299372ejb.4.1688583527876; Wed, 05 Jul 2023 11:58:47 -0700 (PDT)
MIME-Version: 1.0
References: <168824824729.6276.10280676082913684846@ietfa.amsl.com> <DM6PR14MB21865A8376EE613A4571B6A8922FA@DM6PR14MB2186.namprd14.prod.outlook.com>
In-Reply-To: <DM6PR14MB21865A8376EE613A4571B6A8922FA@DM6PR14MB2186.namprd14.prod.outlook.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Wed, 05 Jul 2023 14:58:35 -0400
Message-ID: <CADyWQ+HB75AVXxah_rB83LR_=vRk=JMA9xTXW4wu4aFKh=-rJg@mail.gmail.com>
To: Corey Bonnell <Corey.Bonnell@digicert.com>
Cc: Tim Wicinski <tim@dnsopwg.org>, "dnsdir@ietf.org" <dnsdir@ietf.org>, "draft-ietf-lamps-caa-issuemail.all@ietf.org" <draft-ietf-lamps-caa-issuemail.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005a4e0905ffc1fd2a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SosvA57BnZoN2_Ff-4oCPFeCHqg>
Subject: Re: [lamps] [dnsdir] Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 18:58:50 -0000
Corey, On Wed, Jul 5, 2023 at 2:47 PM Corey Bonnell via dnsdir <dnsdir@ietf.org> wrote: > Hi Tim, > Thank you for your review. Comments inline. > > > This is a very minor nit, but when I was validating the ABNF, I realized > the proper order should have these two first > > My preference would be to keep the grammar as-is, for two reasons: > > 1. The current grammar is identical to that in RFC 8659 and reordering > them would introduce a deviation between the two documents. > 2. While entirely reasonable that production rules should be defined prior > to being used, I don't believe that RFC 5234 provides any guidance > regarding the relative ordering of production rules. > No this makes sense, I did not look at 8659 so bad on me. I also was thinking I should just hack up 'bap' to not throw the errors. > > However, I'd be happy to change the ordering if there are strong feelings > that this should be changed. > > > malformed.client.example CAA 0 issuemail "authority.example; > %%%%%" > > If I read this correctly, the entire record is ignored. Is this true? > > The record isn't ignored, but rather treated as if it contains an empty > issuer-domain-name. In the absence of any other issuemail records in the > RRSet, this would be interpreted as a prohibition on issuance. > Okay, so any part of a record the CA fails to parse the issuer-domain-name is set to be the empty string (for that CAA record). thanks and going over the text again also shows that. then we should be good thanks tim Thanks, > Corey > > -----Original Message----- > From: Tim Wicinski via Datatracker <noreply@ietf.org> > Sent: Saturday, July 1, 2023 5:51 PM > To: dnsdir@ietf.org > Cc: draft-ietf-lamps-caa-issuemail.all@ietf.org; last-call@ietf.org; > spasm@ietf.org > Subject: Dnsdir last call review of draft-ietf-lamps-caa-issuemail-04 > > Reviewer: Tim Wicinski > Review result: Ready with Nits > > > Reviewer: Tim Wicinski > Review result: Ready with Nits > > I have been selected as the DNS Directorate reviewer for this draft. The > DNS Directorate seeks to review all DNS or DNS-related drafts as they pass > through IETF last call and IESG review, and sometimes on special request. > The purpose of the review is to provide assistance to the ADs. > For more information about the DNS Directorate, please see > https://wiki.ietf.org/en/group/dnsdir > > > I find the document well written, and easy to understand. I have a few > minor nits. > > > This is a very minor nit, but when I was validating the ABNF, I realized > the proper order should have these two first: > > label = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) > > issuer-domain-name = label *("." label) > > Like I said, very minor. (according to bap) > > > > A question on malformed parameters (Section 4): > The text says this: > > However, parameters that do not conform to the ABNF syntax as defined > in Section 3 will result in the issuemail-value being not conformant > with the ABNF syntax. As stated above, a Property whose issuemail- > value is malformed SHALL be treated as if the issuer-domain-name in > the issuemail-value is the empty string. > > And you have this example of a malformed property. > > malformed.client.example CAA 0 issuemail "%%%%%" > > > But what happens if this is the record? > > malformed.client.example CAA 0 issuemail "authority.example; %%%%%" > > If I read this correctly, the entire record is ignored. Is this true? > > > > -- > dnsdir mailing list > dnsdir@ietf.org > https://www.ietf.org/mailman/listinfo/dnsdir >
- [lamps] Dnsdir last call review of draft-ietf-lam… Tim Wicinski via Datatracker
- Re: [lamps] Dnsdir last call review of draft-ietf… Corey Bonnell
- Re: [lamps] [dnsdir] Dnsdir last call review of d… Tim Wicinski