Re: [Drip] Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)
Paul Wouters <paul.wouters@aiven.io> Fri, 16 February 2024 14:03 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3E9C1519BA for <tm-rid@ietfa.amsl.com>; Fri, 16 Feb 2024 06:03:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtyGAM31762z for <tm-rid@ietfa.amsl.com>; Fri, 16 Feb 2024 06:03:52 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A40BC1519B8 for <tm-rid@ietf.org>; Fri, 16 Feb 2024 06:03:51 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-5114b2b3b73so2454431e87.0 for <tm-rid@ietf.org>; Fri, 16 Feb 2024 06:03:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1708092230; x=1708697030; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=jt/WV7+zdJYys1t000nFn4b6k+3oacIsknp0uX8JdYA=; b=UDhAvBOll03bG9ACUuGr55s2Jl5c89VMfzJd0Bj1pXBVFST84cSxpAeEOpIRKlCxov C699/UHWiqI+7DLfaf4MWPPeZaNPofEGrbtQ8FbKWnPiVQcatvDy4uMBsj298yBXkdI6 sL7eNAEloMD15deVF0Z5JMEIjufXn4Ss/6DQo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708092230; x=1708697030; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jt/WV7+zdJYys1t000nFn4b6k+3oacIsknp0uX8JdYA=; b=fm8IR9tBOkUwDZwdM8yOnw3H9j0WIFkzZt51a3IOHLiXf1+vaS5mTdY2ruHFM5SRfr ua9sycoy1RYOXq4LHQir0vUxew7FM0H5p3A6AUvH0j4Bk+Rd5Qh6tCDaAadEoAO2zMn7 tX9XW+NhvY4nc75c/Ackf+RfZ2sh1FfwemiWR2MYUBHhe4GglYSi9h3abNG61KTqGZsg 5FyN4bIbH+aXkViiwto5agcIW0TTGv4+inLedg6cfGy6eE3kvX/J0k66OVGzNUzXfNlt SM/19HFMkcGqlIdcecoAkeG/ySf1yZWCfmYHPLeuNVSmqcY0EQsUMueS/GD42xceQ7HP ofcg==
X-Forwarded-Encrypted: i=1; AJvYcCX171JU9GqZ5TjEvtWFi1NFv/j1mV7B1nG6Y0t1TRikjS1fCDkfVH3WBkLHQFfRNpv8/dnPetRujBipEenSp6s=
X-Gm-Message-State: AOJu0YyT3T8gwYgIxowgzCtf0nqYrWlwZ1HbwNxhTuh5DUEJYWNT6DFT mIYVHbrLgdDP02TAqTTIavZZ9ONKcqhTbTIgcgnZ+11QAQnCBP+wOJgHSsqY7No=
X-Google-Smtp-Source: AGHT+IGpK5JlGuJ6vKIIG2U4i58tIT5DKcfFRBiNngniV7x18yGYcYRt16Id1dYZImrN6r7creO7kg==
X-Received: by 2002:a19:f615:0:b0:511:9776:8a23 with SMTP id x21-20020a19f615000000b0051197768a23mr3625159lfe.65.1708092229922; Fri, 16 Feb 2024 06:03:49 -0800 (PST)
Received: from smtpclient.apple ([74.122.52.94]) by smtp.gmail.com with ESMTPSA id z24-20020a196518000000b005129d107aa9sm22174lfb.92.2024.02.16.06.03.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 16 Feb 2024 06:03:38 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul.wouters@aiven.io>
Mime-Version: 1.0 (1.0)
Date: Fri, 16 Feb 2024 09:03:14 -0500
Message-Id: <090F3466-02A5-4D44-AE4C-EE333B9ECD90@aiven.io>
References: <DU2PR02MB101609FA44EA95A22D144DE72884D2@DU2PR02MB10160.eurprd02.prod.outlook.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-drip-auth@ietf.org, drip-chairs@ietf.org, tm-rid@ietf.org
In-Reply-To: <DU2PR02MB101609FA44EA95A22D144DE72884D2@DU2PR02MB10160.eurprd02.prod.outlook.com>
To: mohamed.boucadair@orange.com
X-Mailer: iPhone Mail (21D61)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/qkjH6CByKq8dsZjNvVyF5NN0bvo>
Subject: Re: [Drip] Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2024 14:03:55 -0000
On Feb 15, 2024, at 06:09, mohamed.boucadair@orange.com wrote: > > >> >> I'm a little puzzled why this is an IETF document. It feels more like >> a [F3411] >> extension ? > > [Med] The WG discussed that issues in "Explain why it makes sense to define an IETF extension to a scheme that is defined in an external body (ASTM)" (https://github.com/ietf-wg-drip/draft-ietf-drip-auth/issues/2) and the justification is recorded in the draft: It justifies why a standard and registry is needed. It does not really say why the IETF should be that body. I just noticed that the entire document is basically about non-ietf protocols. >> I understand transports being out of scope but not DNS security >> options? If >> pulling key material from DNS, I think one should call out DNSSEC, or >> even >> mandate it. >> > > [Med] DNSSEC is called out in the sentence right after the one you quoted: > > [drip-registries] is the main specification for DNS operations in > DRIP and as such will specify DRIP usage of best common practices for > security (such as [RFC9364]). > > Do you think mentioning of RFCs 4033, 4034, and 4035 is better than BCP 237? No, BCP237 is the right quote. But perhaps remove or reduce the sentence so it doesn’t exclude dns security options and then references something about dns security options ? Note that these were non-blocking comments. The authors are free to choose to take no further action on this. Paul
- [Drip] Paul Wouters' No Objection on draft-ietf-d… Paul Wouters via Datatracker
- Re: [Drip] Paul Wouters' No Objection on draft-ie… mohamed.boucadair
- Re: [Drip] Paul Wouters' No Objection on draft-ie… Paul Wouters
- Re: [Drip] Paul Wouters' No Objection on draft-ie… Robert Moskowitz
- Re: [Drip] Paul Wouters' No Objection on draft-ie… Adam Wiethuechter