From nicholsond@aebi.com Mon Dec 1 04:17:15 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 571A13A6847 for ; Mon, 1 Dec 2008 04:17:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.128 X-Spam-Level: X-Spam-Status: No, score=-1.128 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cktCZ9O2XWM for ; Mon, 1 Dec 2008 04:17:14 -0800 (PST) Received: from ppp-58-9-161-128.revip2.asianet.co.th (ppp-58-9-161-128.revip2.asianet.co.th [58.9.161.128]) by core3.amsl.com (Postfix) with SMTP id 6B08F3A63EC for ; Mon, 1 Dec 2008 04:17:12 -0800 (PST) To: Subject: RE: Message From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081201121713.6B08F3A63EC@core3.amsl.com> Date: Mon, 1 Dec 2008 04:17:12 -0800 (PST) Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Mon Dec 1 12:31:14 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8806B3A69AF; Mon, 1 Dec 2008 12:31:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.076 X-Spam-Level: X-Spam-Status: No, score=-102.076 tagged_above=-999 required=5 tests=[AWL=-1.581, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yaJ8-Z5xpYJ; Mon, 1 Dec 2008 12:31:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1B6DA3A6808; Mon, 1 Dec 2008 12:31:05 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7FE7-000P3w-R1 for namedroppers-data@psg.com; Mon, 01 Dec 2008 20:18:39 +0000 Received: from [199.106.114.251] (helo=wolverine02.qualcomm.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7FE1-000P3U-VD for namedroppers@ops.ietf.org; Mon, 01 Dec 2008 20:18:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=hardie@qualcomm.com; q=dns/txt; s=qcdkim; t=1228162714; x=1259698714; h=mime-version:message-id:in-reply-to:references:date:to: from:subject:cc:content-type:x-ironport-av; z=MIME-Version:=201.0|Message-ID:=20|In-Reply-To:=20<1227787953.26178.91.cam el@shane-macbook-pro>|References:=20<20081121190348.GB208 68@shinkuro.com>=09=0D=0A=20=09=0D=0A=20<2F156900-A5B6-42FF-A206-DB7FFD17E 5AD@rfc1035.com>=09=0D=0A=20=0D=0A=20<1227787953.26178.91.camel@shane-macbo ok-pro>|Date:=20Mon,=201=20Dec=202008=2012:17:58=20-0800 |To:=20Shane=20Kerr=20|From:=20Ted =20Hardie=20|Subject:=20Re:=20RRTYPE =20love,=20was=20Re:=20[dnsext]=20RRTYPE=20request:=20tem plate=20for=20ZS=0D=0A=20record|CC:=20"namedroppers@ops.i etf.org"=20|Content-Type:=20te xt/plain=3B=20charset=3D"us-ascii"|X-IronPort-AV:=20E=3DM cAfee=3Bi=3D"5100,188,5451"=3B=20a=3D"13563733"; bh=wfyocCV4Y41vOzq3DNW4wiFp4OcXBxWHleXnIM01xF4=; b=h8dsH0iSaz4YVABsHjf1skhu08zXIcfevVzBqynBXloBlPiDndmN8aO7 8Pzf4IPiU+KQKeJ6QfeQdvfakuEv+nmetIYxOKRB3VtX6EpsXcwX2wIPx tHM9SetStrC8ZNxvMLfVohKM7TmQ2MtOpqnGNWPhXu8CR1HnhJ54z6Kdv g=; X-IronPort-AV: E=McAfee;i="5100,188,5451"; a="13563733" Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Dec 2008 12:18:33 -0800 Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mB1KIWkb005605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 1 Dec 2008 12:18:32 -0800 Received: from nasanexhub03.na.qualcomm.com (nasanexhub03.na.qualcomm.com [10.46.93.98]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mB1KIUu6016164 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 1 Dec 2008 12:18:32 -0800 Received: from nasanexmsp01.na.qualcomm.com (10.45.56.204) by nasanexhub03.na.qualcomm.com (10.46.93.98) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 1 Dec 2008 12:17:54 -0800 Received: from [10.227.68.132] (10.46.82.6) by qcmail1.qualcomm.com (10.45.56.204) with Microsoft SMTP Server (TLS) id 8.1.311.2; Mon, 1 Dec 2008 12:17:53 -0800 MIME-Version: 1.0 Message-ID: In-Reply-To: <1227787953.26178.91.camel@shane-macbook-pro> References: <20081121190348.GB20868@shinkuro.com> <2F156900-A5B6-42FF-A206-DB7FFD17E5AD@rfc1035.com> <1227787953.26178.91.camel@shane-macbook-pro> Date: Mon, 1 Dec 2008 12:17:58 -0800 To: Shane Kerr From: Ted Hardie Subject: Re: RRTYPE love, was Re: [dnsext] RRTYPE request: template for ZS record CC: "namedroppers@ops.ietf.org" Content-Type: text/plain; charset="us-ascii" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: >I guess the IETF does not want to support standards that it does not >consider "good". However, in the past this has led to people simply >ignoring the IETF and doing things their own way, in an undocumented and >non-interoperable way. Why yes, I *am* thinking of NAT and Skype and P2P >and SPF and plenty of other things I use daily... > >IIRC, the SPF folks put records into TXT records because they had no >other way to do it. In the midst of the nuclear-hot flames that were >directed their way when they entered the IETF arena were complaints that >they were putting structured data into an unstructured field. So, now we >have the SPF record. (I may not be remembering this perfectly, so >someone involved with the effort feel free to correct me.) > >Based on that history, I think Jim is Doing the Right Thing by trying to >get the NINFO RR assigned. > > >Regarding whether or not we want DNS to allow "gunk" or "clutter", I >have to admit I don't share the DNS religion about wanting to keep stuff >*out* of the DNS. I think there are huge classes of problems that share >similar properties to things that do work well with DNS-style lookups, >and given that DNS is arguably the most successful distributed database >it makes sense that these will appear. I am generally in favor of getting folks to register new RRs, rather than simply re-using TXT. The problem here is that this RR doesn't actually create an RRTYPE that can be re-used successfully within the distributed database system you so feelingly describe above. It has no structure whatever and it will evidently vary in what sort of content it contains, potentially from node to node (and realistically from zone to zone). The use case given (a presence replacement) is missing one key feature of the deployed systems for presence--the ability to control who sees what pieces of data. That makes me suspect it is of limited utility in replacing any of those, so I am missing the utility here. Will I fall on my sword, crying out in pain at the cruelty of the world if this gets allocated? Nope. But I think it is under-specified as described. As a private use within .tel, it would be fine by me; but as global RR, I think there needs to be a bit more in the application about what node info might mean for this to be really useful. Two cents, Ted Hardie -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 1 13:37:29 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A715C28C0F2; Mon, 1 Dec 2008 13:37:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.519 X-Spam-Level: X-Spam-Status: No, score=-102.519 tagged_above=-999 required=5 tests=[AWL=0.080, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2e1fcVQgJW7; Mon, 1 Dec 2008 13:37:28 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id AA6BC28C0F9; Mon, 1 Dec 2008 13:37:28 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7GND-0002ew-HS for namedroppers-data@psg.com; Mon, 01 Dec 2008 21:32:07 +0000 Received: from [2001:14b8:400::130] (helo=smtp.piuha.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7GN6-0002eO-09 for namedroppers@ops.ietf.org; Mon, 01 Dec 2008 21:32:03 +0000 Received: from smtp.piuha.net (localhost [127.0.0.1]) by smtp.piuha.net (Postfix) with ESMTP id 2988719876B; Mon, 1 Dec 2008 23:31:58 +0200 (EET) Received: from [127.0.0.1] (unknown [IPv6:2001:14b8:400::130]) by smtp.piuha.net (Postfix) with ESMTP id C25E1198639; Mon, 1 Dec 2008 23:31:57 +0200 (EET) Message-ID: <493457BA.5020203@piuha.net> Date: Mon, 01 Dec 2008 23:31:38 +0200 From: Jari Arkko User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: namedroppers@ops.ietf.org CC: Carlos Pignataro , Russ Housley Subject: [dnsext] DNS RR (RFC 4701) impacts from draft-arkko-arp-iana-rules Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Folks, I recently wrote a draft about the IANA rules regarding ARP, as no such rules were defined before. During last call, it became apparent that there are a few other protocols that use the same numbers. For instance, specialized forms of ARP for certain link layers or DHCPv4/6. Having realized this, we did a more thorough search of the RFC series to attempt to find all such uses. The new version of my draft lists all these uses and updates the RFCs in question. I would like to ask for your review to make sure (a) that the ARP rule change is OK from the perspective of your protocol and (b) we have found all uses of the ARP numbers. Here's what the draft says: "The change is also applicable to extensions of ARP that use the same message format, such as [RFC0903], [RFC1931], and [RFC2390]. The change also affects other protocols that employ values from the ARP name spaces. For instance, the ARP hardware address type (ar$hrd) number space is also used in the "htype" (hardware address type) fields in Bootstrap Protocol (BOOTP) [RFC0951] and Dynamic Host Configuration Protocol (DHCP) [RFC2131], as well as in the "hardware type" field in the DHCP Unique Identifiers in DHCPv6 [RFC3315]. These protocols are therefore affected by the update in the IANA rules. Other affected specifications include the specialized address resolution mechanisms in HYPERchannel [RFC1044], DHCP options [RFC2132], [RFC4361], ATM (Asynchronous Transfer Mode) ARP [RFC2225], HARP (High-Performance Parallel Interface ARP) [RFC2834], [RFC2835], Dual MAC FDDI (Fiber Distributed Data Interface) ARP [RFC1329], MAPOS (Multiple Access Protocol over Synchronous Optical Network/Synchronous Digital Hierarchy) ARP [RFC2176], FC (Fibre Channel) ARP [RFC4338], and DNS Resource Records [RFC4701]." (We have only listed a protocol as affected when uses ARP values directly, e.g., in its own protocol message formats. Use of ARP as-is is of course not an issue. I have also not listed the many IP over Foo specifications that talk about how to use ARP in Foo, describing what hardware type values to use, etc.) Here's the URL for the draft: http://tools.ietf.org/html/draft-arkko-arp-iana-rules-04 Jari -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 2 10:06:32 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27A9C28C1BB; Tue, 2 Dec 2008 10:06:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.914 X-Spam-Level: X-Spam-Status: No, score=-101.914 tagged_above=-999 required=5 tests=[AWL=-1.419, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pfZ3Xkd8QGnd; Tue, 2 Dec 2008 10:06:31 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3226328C18D; Tue, 2 Dec 2008 10:06:31 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7ZQ9-000DP8-Id for namedroppers-data@psg.com; Tue, 02 Dec 2008 17:52:25 +0000 Received: from [199.106.114.251] (helo=wolverine02.qualcomm.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7ZQ5-000DNt-AX for namedroppers@ops.ietf.org; Tue, 02 Dec 2008 17:52:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=hardie@qualcomm.com; q=dns/txt; s=qcdkim; t=1228240341; x=1259776341; h=mime-version:message-id:date:to:from:subject: content-type:x-ironport-av; z=MIME-Version:=201.0|Message-ID:=20|Date:=20Tue,=202=20Dec=202008=2009:52:1 8=20-0800|To:=20|From:=20Ted =20Hardie=20|Subject:=20RRTYPE=20req uest=20for=20NINFO|Content-Type:=20text/plain=3B=20charse t=3D"us-ascii"|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5100,18 8,5451"=3B=20a=3D"13592854"; bh=+Ncs2eWuD0Mypy/kOUl54Z6U7KfLHnrSEbkyRyh+XqQ=; b=WuPTnalv4A4EuLEh7jJlUi5GcHiV7dIJmtbw/0HJZHGOG8gbzX3pTZf1 W2QqBhKUvDFFW8DKcSAAUThd4kRWlRiDNe41/s2yXS03hUz43jjobnoxX htOqVtHXE0EHyBZa3dLhzY1f7Yo16QexUd0QXBq4qXUP9nM+W9UWaqw7J o=; X-IronPort-AV: E=McAfee;i="5100,188,5451"; a="13592854" Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Dec 2008 09:52:20 -0800 Received: from msgtransport01.qualcomm.com (msgtransport01.qualcomm.com [129.46.61.148]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mB2HqKXo007957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Tue, 2 Dec 2008 09:52:20 -0800 Received: from nasanexhub05.na.qualcomm.com (nasanexhub05.na.qualcomm.com [129.46.134.219]) by msgtransport01.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id mB2HqC4p026866 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Tue, 2 Dec 2008 09:52:19 -0800 Received: from nasanexmsp02.na.qualcomm.com (10.45.56.203) by nasanexhub05.na.qualcomm.com (129.46.134.219) with Microsoft SMTP Server (TLS) id 8.1.311.2; Tue, 2 Dec 2008 09:52:13 -0800 Received: from [10.227.68.132] (10.46.82.6) by qcmail1.qualcomm.com (10.45.56.203) with Microsoft SMTP Server (TLS) id 8.1.311.2; Tue, 2 Dec 2008 09:52:11 -0800 MIME-Version: 1.0 Message-ID: Date: Tue, 2 Dec 2008 09:52:18 -0800 To: From: Ted Hardie Subject: [dnsext] RRTYPE request for NINFO Content-Type: text/plain; charset="us-ascii" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In some off-line discussions with Jim, I noted that I do believe that the primary purpose of registration in this space is to avoid code point collision. Based on that criterion, the request for NINFO should probably go forward; it is clear that .tel plans to deploy this RRType and allocating a code point to distinguish their use from what would happen with a simple grab has value for the community. I have asked Jim to consider some changes to his registration which would, I believe, help establish at least the charset of the text and potentially the media type of the NINFO (e.g. distinguishing html-formatted text from plain text). Those changes would, in my opinion, make this more useful to a broader range of folks, but they don't change the value of avoiding collision. regards, Ted Hardie -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 2 11:25:22 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F94C28C1E3; Tue, 2 Dec 2008 11:25:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.663 X-Spam-Level: ** X-Spam-Status: No, score=2.663 tagged_above=-999 required=5 tests=[AWL=-1.587, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P072AYxvY+R1; Tue, 2 Dec 2008 11:25:19 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4B27828C196; Tue, 2 Dec 2008 11:25:17 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7amI-000Ijk-Ox for namedroppers-data@psg.com; Tue, 02 Dec 2008 19:19:22 +0000 Received: from [213.178.172.147] (helo=WOTAN.TR-Sys.de) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7amD-000Ij5-46 for namedroppers@ops.ietf.org; Tue, 02 Dec 2008 19:19:20 +0000 Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA270395460; Tue, 2 Dec 2008 20:17:40 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id UAA07373; Tue, 2 Dec 2008 20:17:39 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200812021917.UAA07373@TR-Sys.de> Subject: Re: [dnsext] DNS RR (RFC 4701) impacts from draft-arkko-arp-iana-rules To: jari.arkko@piuha.net, namedroppers@ops.ietf.org Date: Tue, 2 Dec 2008 20:17:39 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 8bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: At Mon, 01 Dec 2008 23:31:38 +0200 , Jari Arkko wrote: > Folks, > > I recently wrote a draft about the IANA rules regarding ARP, as no > such rules were defined before. > > During last call, it became apparent that there are a few other > protocols that use the same numbers. For instance, specialized > forms of ARP for certain link layers or DHCPv4/6. Having realized > this, we did a more thorough search of the RFC series to attempt > to find all such uses. The new version of my draft lists all these > uses and updates the RFCs in question. > > I would like to ask for your review to make sure > (a) that the ARP rule change is OK from the perspective of your > protocol and > (b) we have found all uses of the ARP numbers. > > Here's what the draft says: > > "... > [...]. These protocols are > therefore affected by the update in the IANA rules. Other affected > specifications include ... > ... > , and DNS Resource > Records [RFC4701]." As one of the culprits for the broadening of scope for draft-arkko-arp-iana-rules , I want to take up this thread. RFC 4701 essentially builds a framework for storing and validating 'semaphores' in the very same database commonly being dynamically updated by DHCP clients and servers, the DNS. As such, RFC 4701 transparently deals with the DHC information used to establish these semaphores, it is not interested in the semantics (for other protocols) of these items which it simply (re-)uses to uniquely identify a DHCP client. IMO, listing RFC 4701 as a Normative Reference and even in the metadata as being "Updated" is a bit of overstressing. draft-arkko-arp-iana-rules-05 does not indicate which parts of RFC 4701 it updates, and the only section there that might be affected, section 3.5.3, only refers to the DHCP fields as the containers of information to be concatenated and hashed; it does not impose any semantics to these fields, and thus obviously is not affected by the registration policy for the values in some of these fields. The only property assumed in RFC 4701 is that the {'htype','chaddr'} tuple indeed can be used as a unique identifier for the DHCP client -- at least within the scope of a specific DHCP deployment. But that should be granted anyway, for DHCP's use. Noting that RFC 4701 is indirectly affected by the ARP-IANA draft seems reasonable, but listing RFC 4701 as a Normative Reference and calling for "Updating" it doesn't seem to be necessary or even useful. However, should you decide to leave the ref. to RFC 4701 in your draft, I suggest to make the citation in the text more specific, replacing ... ..., and DNS Resource Records [RFC4701]. by: ..., and the DNS DHCID Resource Record [RFC4701]. Kind regards, Alfred HÎnes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From kriegersi@acs-inc.com Tue Dec 2 12:18:23 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E9A33A696F for ; Tue, 2 Dec 2008 12:18:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -24.706 X-Spam-Level: X-Spam-Status: No, score=-24.706 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovgLBZbriM30 for ; Tue, 2 Dec 2008 12:18:22 -0800 (PST) Received: from a4u.com (unknown [91.78.11.32]) by core3.amsl.com (Postfix) with SMTP id 271CF3A6852 for ; Tue, 2 Dec 2008 12:18:20 -0800 (PST) To: Subject: Re: Order status From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081202201821.271CF3A6852@core3.amsl.com> Date: Tue, 2 Dec 2008 12:18:20 -0800 (PST) Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Tue Dec 2 13:13:14 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7935528C1DA; Tue, 2 Dec 2008 13:13:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xcmJfmjxakH; Tue, 2 Dec 2008 13:13:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9E89128C1C3; Tue, 2 Dec 2008 13:13:13 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7cRi-0000DR-2Q for namedroppers-data@psg.com; Tue, 02 Dec 2008 21:06:14 +0000 Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7cRd-0000Cw-He for namedroppers@ops.ietf.org; Tue, 02 Dec 2008 21:06:11 +0000 Received: from [192.168.100.22] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id 45717C2DA5; Tue, 2 Dec 2008 21:06:05 +0000 (GMT) Date: Tue, 02 Dec 2008 21:06:30 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Ted Hardie , namedroppers@ops.ietf.org cc: Alex Bligh Subject: Re: [dnsext] RRTYPE request for NINFO Message-ID: <7B1A71B030104F39B45C5887@nimrod.local> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --On 2 December 2008 09:52:18 -0800 Ted Hardie wrote: > In some off-line discussions with Jim, I noted that I do believe > that the primary purpose of registration in this space is to avoid > code point collision. Without prejudice to the particular application in question, would it make sense to have a means of assigning private RRTYPEs even if we limited the RRTYPEs to ones whose records "looked just like TXT RRs"? Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 2 13:26:44 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B334528C0EB; Tue, 2 Dec 2008 13:26:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.517 X-Spam-Level: X-Spam-Status: No, score=-102.517 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06+osCjr8mxx; Tue, 2 Dec 2008 13:26:44 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DB18E3A694F; Tue, 2 Dec 2008 13:26:43 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7cgf-00019S-Rk for namedroppers-data@psg.com; Tue, 02 Dec 2008 21:21:41 +0000 Received: from [2001:14b8:400::130] (helo=smtp.piuha.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7cgZ-00018W-P4 for namedroppers@ops.ietf.org; Tue, 02 Dec 2008 21:21:38 +0000 Received: from smtp.piuha.net (localhost [127.0.0.1]) by smtp.piuha.net (Postfix) with ESMTP id 336B0198711; Tue, 2 Dec 2008 23:21:34 +0200 (EET) Received: from [127.0.0.1] (unknown [IPv6:2001:14b8:400::130]) by smtp.piuha.net (Postfix) with ESMTP id 761F2198639; Tue, 2 Dec 2008 23:21:33 +0200 (EET) Message-ID: <4935A6C9.9030503@piuha.net> Date: Tue, 02 Dec 2008 23:21:13 +0200 From: Jari Arkko User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: =?windows-1252?Q?Alfred_=3F?= CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] DNS RR (RFC 4701) impacts from draft-arkko-arp-iana-rules References: <200812021917.UAA07373@TR-Sys.de> In-Reply-To: <200812021917.UAA07373@TR-Sys.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Alfred, > IMO, listing RFC 4701 as a Normative Reference and even in the > metadata as being "Updated" is a bit of overstressing. > Perhaps. I struggled with the question of what to do for these cases. But for the record, here's the rationale that I used. I wanted to make sure that whoever used protocol X would easily find what the IANA rules are for that protocol. The updates relationship helps at least me in searching such things. Also, if we had a standalone protocol RFC that had originally been published without IANA rules, when a new RFC defines these rules I would probably use the update relationship to note this. However, I do not want to claim that this is the only possible way of doing it -- simply noting that the protocols are affected and listing the references in the informative references section would also be fine. I also note that IETF's practices for IANA guideline documents have been varied: some have become PS RFCs, some BCPs, sometimes there is an Update and sometimes there isn't. There are also differences between the RFCs that my draft updates. For instance, the RFC 4701 speaks about values defined by DHCP and refers to RFC 2131, so you could argue that the necessary reference is already in place. RFC 2131 on the other hand does not even refer to RFC 826 and speaks only of the "ARP section in the Assigned Numbers RFC". > ..., and DNS Resource Records [RFC4701]. > by: > ..., and the DNS DHCID Resource Record [RFC4701]. > > Noted. Jari -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 2 14:22:46 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 648A528C0F3; Tue, 2 Dec 2008 14:22:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.1 X-Spam-Level: X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[AWL=-1.500, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLb8v064UDoM; Tue, 2 Dec 2008 14:22:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8F5653A69AB; Tue, 2 Dec 2008 14:22:45 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7dXL-0004GM-I6 for namedroppers-data@psg.com; Tue, 02 Dec 2008 22:16:07 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7dXG-0004Fu-Pg for namedroppers@ops.ietf.org; Tue, 02 Dec 2008 22:16:05 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 9B3252FE9555 for ; Tue, 2 Dec 2008 22:16:01 +0000 (UTC) Date: Tue, 2 Dec 2008 17:15:59 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: [dnsext] Minutes from IETF73 uploaded Message-ID: <20081202221559.GB90760@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear colleagues, Draft minutes from our meeting in Minneapolis are now available from http://www.ietf.org/proceedings/08nov/minutes/dnsext.txt. If you have additions or corrections, please let the Chairs know as soon as possible. We're . Thanks. Best regards, Andrew (for the Chairs) -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 3 08:54:07 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE0383A6886; Wed, 3 Dec 2008 08:54:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.281 X-Spam-Level: X-Spam-Status: No, score=-102.281 tagged_above=-999 required=5 tests=[AWL=0.319, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9G7nArv7sZC; Wed, 3 Dec 2008 08:54:07 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CECA43A67ED; Wed, 3 Dec 2008 08:54:06 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7uqX-000EDQ-ME for namedroppers-data@psg.com; Wed, 03 Dec 2008 16:45:05 +0000 Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7uqR-000ECa-0a for namedroppers@ops.ietf.org; Wed, 03 Dec 2008 16:45:02 +0000 Received: by core3.amsl.com (Postfix, from userid 0) id E1C423A6886; Wed, 3 Dec 2008 08:45:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: namedroppers@ops.ietf.org Subject: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20081203164501.E1C423A6886@core3.amsl.com> Date: Wed, 3 Dec 2008 08:45:01 -0800 (PST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC Author(s) : J. Jansen Filename : draft-ietf-dnsext-dnssec-rsasha256-07.txt Pages : 9 Date : 2008-12-03 This document describes how to produce RSA/SHA-256 and RSA/SHA-512 DNSKEY and RRSIG resource records for use in the Domain Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsasha256-07.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-dnsext-dnssec-rsasha256-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2008-12-03083715.I-D@ietf.org> --NextPart-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 3 11:54:59 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E8083A69E4; Wed, 3 Dec 2008 11:54:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.547 X-Spam-Level: X-Spam-Status: No, score=-1.547 tagged_above=-999 required=5 tests=[AWL=-1.052, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCah091e1jEI; Wed, 3 Dec 2008 11:54:58 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4CF023A67ED; Wed, 3 Dec 2008 11:54:58 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7xj2-00006V-Gs for namedroppers-data@psg.com; Wed, 03 Dec 2008 19:49:32 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7xiw-000061-Rw for namedroppers@ops.ietf.org; Wed, 03 Dec 2008 19:49:29 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mB3JnSMP078044 for ; Wed, 3 Dec 2008 14:49:28 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mB3JnSZ2078043 for namedroppers@ops.ietf.org; Wed, 3 Dec 2008 14:49:28 -0500 (EST) (envelope-from namedroppers) Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7lq4-0005IG-C0 for namedroppers@ops.ietf.org; Wed, 03 Dec 2008 07:08:04 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mB377wLw041319 for ; Wed, 3 Dec 2008 02:07:58 -0500 (EST) (envelope-from weiler@watson.org) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mB377veJ041316 for ; Wed, 3 Dec 2008 02:07:58 -0500 (EST) (envelope-from weiler@watson.org) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Wed, 3 Dec 2008 02:07:57 -0500 (EST) From: Samuel Weiler To: namedroppers@ops.ietf.org Subject: Re: [dnsext] RRTYPE request for NINFO In-Reply-To: Message-ID: References: User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Wed, 03 Dec 2008 02:07:58 -0500 (EST) X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] This request fully satisfies the criteria we agreed on in (the shiny new) RFC5395 section 3.1.2 and, accordingly, should be granted. That said, using unstructured text is ill-advised, and I hope Jim resubmits the request, adding meta-data for character set at the very least. I also encourage not using "zone" in the name or mnemonic of the RR -- it appears that this RR is more tied to domains than zones, and it would be better to avoid the confusion. -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 3 11:55:37 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14D8B3A67ED; Wed, 3 Dec 2008 11:55:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.372 X-Spam-Level: X-Spam-Status: No, score=-1.372 tagged_above=-999 required=5 tests=[AWL=-0.877, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IYrSxcxuNWIs; Wed, 3 Dec 2008 11:55:36 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1D10B3A69E4; Wed, 3 Dec 2008 11:55:36 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7xjB-00007A-Sn for namedroppers-data@psg.com; Wed, 03 Dec 2008 19:49:41 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7xj6-00006k-Dk for namedroppers@ops.ietf.org; Wed, 03 Dec 2008 19:49:39 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mB3JncUr078050 for ; Wed, 3 Dec 2008 14:49:38 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mB3Jnca8078049 for namedroppers@ops.ietf.org; Wed, 3 Dec 2008 14:49:38 -0500 (EST) (envelope-from namedroppers) Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L7lqC-0005Iz-Tc for namedroppers@ops.ietf.org; Wed, 03 Dec 2008 07:08:11 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mB37873M041343; Wed, 3 Dec 2008 02:08:07 -0500 (EST) (envelope-from weiler@watson.org) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mB3787uG041337; Wed, 3 Dec 2008 02:08:07 -0500 (EST) (envelope-from weiler@watson.org) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Wed, 3 Dec 2008 02:08:06 -0500 (EST) From: Samuel Weiler To: Jim Reid cc: namedroppers@ops.ietf.org Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype In-Reply-To: Message-ID: References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Wed, 03 Dec 2008 02:08:08 -0500 (EST) X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] First, I think this template is adequate for the purpose of an RFC5395 assignment. That said, the idea as presented seems very flawed. Without addressing the merits of providing confidentiality for DNS data: why use public key cryptography here at all? It seems that symmetric cryptography with shared keys more closely matches the need. Thierry makes a good point in that the DNSSEC algorithms are for signatures. It happens that some can also be used for encryption, but that's not generally the case, and reusing the registry is of dubious value. >> If clients retrieve keys to *decode* encrypted data from the public DNS, >> then what prevents unauthorized parties from doing the same? > > Because only authorised clients will have the corresponding private key(s). > Since there may be many keys in use an RKEY RRtype tells the client which (if > any) of the private keys it holds can be used to do the decoding. The draft isn't clear that the primary point of publishing the keys is to allow identification of which non-published keys should be used to decrypt the content -- that could be clarified. As it is, I see much confusion arising. And, if the primary point is just to allow identification of keys, it seems like there are several other ways to do this are more generally effective, that that result in less confusion, and perhaps that result less data in the DNS. In general, key fingerprints seem more appropriate. In the case of RSA, it's not necessary to publish any exponents to allow key identification -- the modulus (or a digest of it) is sufficient. That key indentification could also be embedded in the RDATA of the encrypted record, rather than floating around in some other RR. > It also > allows for new keys to be introduced: either by rollover to a new one, or a > change of algorithm or key size. It's pretty much the same principle as > DNSKEY for DNSSEC signatures. Which is why the records are almost identical. Without more documentation, it's hard to see how choosing this format enables rollover. Rollover is sometimes a very tricky thing. All that said, the template conditions are satisfied -- the record is well-formed and should be allocated. But I see enough opportunities for improvement in the substance that I hope you withdraw the request until the idea is fleshed out a bit further. -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From murammattimediadih@ammattimedia.com Wed Dec 3 17:00:52 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C3FC63A677D for ; Wed, 3 Dec 2008 17:00:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -31.548 X-Spam-Level: X-Spam-Status: No, score=-31.548 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hT2bVrnWBj28 for ; Wed, 3 Dec 2008 17:00:52 -0800 (PST) Received: from agoranet.es (unknown [200.203.154.253]) by core3.amsl.com (Postfix) with SMTP id 8E8BC3A65A5 for ; Wed, 3 Dec 2008 17:00:49 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081204010050.8E8BC3A65A5@core3.amsl.com> Date: Wed, 3 Dec 2008 17:00:49 -0800 (PST) Click here to view as a webpage From owner-namedroppers@ops.ietf.org Wed Dec 3 20:00:28 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10C973A689C; Wed, 3 Dec 2008 20:00:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.595 X-Spam-Level: X-Spam-Status: No, score=-0.595 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id houpZ+pIEZcK; Wed, 3 Dec 2008 20:00:27 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0D1D73A689A; Wed, 3 Dec 2008 20:00:27 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L85Fu-0001ta-QS for namedroppers-data@psg.com; Thu, 04 Dec 2008 03:51:58 +0000 Received: from [195.54.233.68] (helo=shaun.rfc1035.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L85Fm-0001sh-Lh for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 03:51:53 +0000 Received: from [12.46.250.10] (account jim HELO [10.71.0.126]) by shaun.rfc1035.com (CommuniGate Pro SMTP 5.1.4) with ESMTPSA id 373779; Thu, 04 Dec 2008 03:51:47 +0000 Cc: namedroppers@ops.ietf.org Message-Id: <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> From: Jim Reid To: Samuel Weiler In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Date: Thu, 4 Dec 2008 03:50:44 +0000 References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 3, 2008, at 07:08, Samuel Weiler wrote: > First, I think this template is adequate for the purpose of an > RFC5395 assignment. Thanks. > Without addressing the merits of providing confidentiality for DNS > data: why use public key cryptography here at all? It seems that > symmetric cryptography with shared keys more closely matches the need. It doesn't. Further discussion about whether symmetric or asymmetric keys are more fit for purpose here is irrelevant. RKEY is about a minimalist way to use public key crypto to encrypt DNS data, specifically NAPTR records. If you believe there's a need for an even more general-purpose all-singing all-dancing key RRtype, feel free to write up your own template and/or I-D. > Thierry makes a good point in that the DNSSEC algorithms are for > signatures. It happens that some can also be used for encryption, > but that's not generally the case, and reusing the registry is of > dubious value. Well this was done on the assumption that it was the path of least resistance. No doubt if the template proposed to have yet another IANA registry for subtyping the proposed RRtype, the WG would be pushing back saying that both the suggestion of an extra registry (and the stuff for maintaining that) and for introducing yet another form of subtyping were not welcome. Piggybacking on an existing protocol registry was hopefully more palatable to the WG than that approach. > The draft isn't clear that the primary point of publishing the keys > is to allow identification of which non-published keys should be > used to decrypt the content -- that could be clarified. That clarification was provided in the response to Thierry's earlier identical comment that was posted on Nov 26th. > In general, key fingerprints seem more appropriate. In the case of > RSA, it's not necessary to publish any exponents to allow key > identification -- the modulus (or a digest of it) is sufficient. > That key indentification could also be embedded in the RDATA of the > encrypted record, rather than floating around in some other RR. Nope. Please read http://www.ietf.org/internet-drafts/draft-timms-encrypt-naptr-01.txt . Section 7 explains why it's impractical to use a NAPTR's RDATA for this. > Without more documentation, it's hard to see how choosing this > format enables rollover. It's just a key. Rollover is irrelevant. When a new key is needed, the old one is retired and the data gets encrypted with the new one. If this isn't done, the decryption fails. Which is the sole responsibility of whoever publishes that key and the encrypted NAPTRs associated with that key. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 3 21:11:52 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 218993A689A; Wed, 3 Dec 2008 21:11:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.463 X-Spam-Level: X-Spam-Status: No, score=-2.463 tagged_above=-999 required=5 tests=[AWL=0.136, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNK-bmLoaYRz; Wed, 3 Dec 2008 21:11:51 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 352353A6818; Wed, 3 Dec 2008 21:11:51 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L86Q2-0006Gq-2q for namedroppers-data@psg.com; Thu, 04 Dec 2008 05:06:30 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L86Pw-0006Fl-HN for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 05:06:26 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 52F1311401C for ; Thu, 4 Dec 2008 05:06:17 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id C6D4BE60A5 for ; Thu, 4 Dec 2008 05:06:16 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mB456EPY099170 for ; Thu, 4 Dec 2008 16:06:14 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812040506.mB456EPY099170@drugs.dv.isc.org> To: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt In-reply-to: Your message of "Wed, 03 Dec 2008 08:45:01 -0800." <20081203164501.E1C423A6886@core3.amsl.com> Date: Thu, 04 Dec 2008 16:06:14 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: For use with NSEC3 [RFC5155], the algorithm number for RSA/SHA-256 will be {TBA2}. The use of a different algorithm number to differentiate between the use of NSEC and NSEC3 is in keeping with the approach adopted in RFC5155. RFC5155 used different numbers because we *couldn't* use the same numbers. That alone is not sufficient justification to have seperate numbers. The only reason to have different numbers is if the wg believes that there will be DNSSEC implementations in the future that will not support NSEC3. Given that a number of TLD's intend to deploy NSEC3 I can't see any new implementation not including NSEC3 support. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 01:13:36 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEEE63A69D8; Thu, 4 Dec 2008 01:13:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9rBTK9ZMAGS; Thu, 4 Dec 2008 01:13:35 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9AAA63A6881; Thu, 4 Dec 2008 01:13:35 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8AAe-000K2A-Qk for namedroppers-data@psg.com; Thu, 04 Dec 2008 09:06:52 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8AAX-000K1O-2j for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 09:06:49 +0000 Received: from mirre.nlnetlabs.nl (mirre.nlnetlabs.nl [IPv6:2001:7b8:206:1:219:d1ff:fe0b:89f4]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mB496Rsn015939 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 4 Dec 2008 10:06:27 +0100 (CET) (envelope-from jelte@NLnetLabs.nl) Message-ID: <49379D93.3010700@NLnetLabs.nl> Date: Thu, 04 Dec 2008 10:06:27 +0100 From: Jelte Jansen User-Agent: Thunderbird 2.0.0.17 (X11/20080929) MIME-Version: 1.0 To: Mark Andrews CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt References: <200812040506.mB456EPY099170@drugs.dv.isc.org> In-Reply-To: <200812040506.mB456EPY099170@drugs.dv.isc.org> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Thu, 04 Dec 2008 10:06:27 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Andrews wrote: > > The only reason to have different numbers is if the wg > believes that there will be DNSSEC implementations in the > future that will not support NSEC3. > Given that a number > of TLD's intend to deploy NSEC3 I can't see any new > implementation not including NSEC3 support. > me neither, but tell it to the chairs, they made me ;) Apparently it has already been decided that there will be validators that do not do nsec3, even if they cannot validate much of the internet... But actually, there was a better reason to use algorithm number signaling imho. I think Sam pointed me to that. That is that there are no other nsec-type-signaling mechanisms, so until you actualy get NSEC or NSEC3 records as a validator, you don't know what you are supposed to get, opening you up for downgrade attacks if either NSEC or NSEC3 turns out to contain an attackable problem. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk3nZMACgkQ4nZCKsdOncVzzQCfSrOOXZlXEpUUlLrkFcHkTzr/ JT0AoLG9qmCrv5/bpRFtVGN267gjjPcb =5PjV -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 02:43:15 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 942D83A69DC; Thu, 4 Dec 2008 02:43:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.45 X-Spam-Level: X-Spam-Status: No, score=-101.45 tagged_above=-999 required=5 tests=[AWL=1.150, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqU8f3AbS46K; Thu, 4 Dec 2008 02:43:15 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C11C33A68EC; Thu, 4 Dec 2008 02:43:14 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Bac-000PVw-2c for namedroppers-data@psg.com; Thu, 04 Dec 2008 10:37:46 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8BaT-000PUK-UZ for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 10:37:41 +0000 Received: from [IPv6:2001:7b8:206:1:219:d2ff:fed0:8495] ([IPv6:2001:7b8:206:1:219:d2ff:fed0:8495]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mB4AbWK2023738 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 4 Dec 2008 11:37:33 +0100 (CET) (envelope-from matthijs@nlnetlabs.nl) Message-ID: <4937B2ED.4030309@nlnetlabs.nl> Date: Thu, 04 Dec 2008 11:37:33 +0100 From: Matthijs Mekking User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: namedroppers@ops.ietf.org Subject: [dnsext] errata 4034 - 5011 X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Thu, 04 Dec 2008 11:37:33 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was notified about the fact that 5011 does not update 4034, and vice versa. Because of the description of the REVOKED bit, I believe it should. That's why I would like to report two editorial erratas, one for 4034, one for 5011. Regards, Matthijs Mekking NLnet Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJN7LtIXqNzxRs6egRAt9qAKCQXlbShs3hcdnCUnDFdTpz6Cuj8QCfe0fM 5CNOThkhzy2zekLtpowdm6g= =VbF3 -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 03:49:58 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F31D33A69BB; Thu, 4 Dec 2008 03:49:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.52 X-Spam-Level: X-Spam-Status: No, score=-102.52 tagged_above=-999 required=5 tests=[AWL=0.080, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWXeWDNZLBVf; Thu, 4 Dec 2008 03:49:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2910E3A699E; Thu, 4 Dec 2008 03:49:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Cdl-0003YN-4M for namedroppers-data@psg.com; Thu, 04 Dec 2008 11:45:05 +0000 Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Cde-0003Xc-ME for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 11:45:01 +0000 Received: by core3.amsl.com (Postfix, from userid 0) id A774F3A69EB; Thu, 4 Dec 2008 03:45:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: namedroppers@ops.ietf.org Subject: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-08.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20081204114501.A774F3A69EB@core3.amsl.com> Date: Thu, 4 Dec 2008 03:45:01 -0800 (PST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC Author(s) : J. Jansen Filename : draft-ietf-dnsext-dnssec-rsasha256-08.txt Pages : 9 Date : 2008-12-04 This document describes how to produce RSA/SHA-256 and RSA/SHA-512 DNSKEY and RRSIG resource records for use in the Domain Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsasha256-08.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-dnsext-dnssec-rsasha256-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2008-12-04034320.I-D@ietf.org> --NextPart-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 04:01:57 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 26A8A3A693D; Thu, 4 Dec 2008 04:01:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.954 X-Spam-Level: X-Spam-Status: No, score=-101.954 tagged_above=-999 required=5 tests=[AWL=-0.646, BAYES_00=-2.599, MISSING_HEADERS=1.292, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4N0fFds-Tfjr; Thu, 4 Dec 2008 04:01:56 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 570F33A692D; Thu, 4 Dec 2008 04:01:56 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8CqK-0004IA-Uu for namedroppers-data@psg.com; Thu, 04 Dec 2008 11:58:04 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8CqE-0004H6-Bx for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 11:58:02 +0000 Received: from mirre.nlnetlabs.nl (mirre.nlnetlabs.nl [IPv6:2001:7b8:206:1:219:d1ff:fe0b:89f4]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mB4BvqTH030981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 4 Dec 2008 12:57:52 +0100 (CET) (envelope-from jelte@NLnetLabs.nl) Message-ID: <4937C5C0.700@NLnetLabs.nl> Date: Thu, 04 Dec 2008 12:57:52 +0100 From: Jelte Jansen User-Agent: Thunderbird 2.0.0.17 (X11/20080929) MIME-Version: 1.0 CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-08.txt References: <20081204114501.A774F3A69EB@core3.amsl.com> In-Reply-To: <20081204114501.A774F3A69EB@core3.amsl.com> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Thu, 04 Dec 2008 12:57:52 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the DNS Extensions Working Group of the IETF. > > > Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC > Author(s) : J. Jansen > Filename : draft-ietf-dnsext-dnssec-rsasha256-08.txt Alfred pointed me to the fact that a new version of the secure hash standard has been released (FIPS 180-3, in october already) and that my references included one to a superseded document (FIPS 180-2). this version updates that reference (and nothing else) Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAkk3xb8ACgkQ4nZCKsdOncVhkQCYnsLqfLtsCtN8AQHmg82iJnB/ DQCfaQklqKHkNZv3CVehze5ve+A42fU= =RTNf -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 04:03:45 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2231B3A692D; Thu, 4 Dec 2008 04:03:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.299 X-Spam-Level: X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAR6OxOGooln; Thu, 4 Dec 2008 04:03:44 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3C0F43A699E; Thu, 4 Dec 2008 04:03:44 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8CsZ-0004S3-DH for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:00:23 +0000 Received: from [131.111.8.131] (helo=ppsw-1.csi.cam.ac.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8CsU-0004Ra-Fx for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:00:20 +0000 X-Cam-AntiVirus: no malware found X-Cam-SpamDetails: not scanned X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:57015) by ppsw-1.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.151]:25) with esmtpa (EXTERNAL:cet1) id 1L8CsN-0008Gl-5K (Exim 4.70) (return-path ); Thu, 04 Dec 2008 12:00:11 +0000 Received: from prayer by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local (PRAYER:cet1) id 1L8CsN-0006d1-KR (Exim 4.67) (return-path ); Thu, 04 Dec 2008 12:00:11 +0000 Received: from [131.111.11.47] by webmail.hermes.cam.ac.uk with HTTP (Prayer-1.3.1); 04 Dec 2008 12:00:11 +0000 Date: 04 Dec 2008 12:00:11 +0000 From: Chris Thompson To: Jim Reid Cc: Samuel Weiler , namedroppers@ops.ietf.org Reply-To: cet1@cam.ac.uk Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Message-ID: In-Reply-To: <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> X-Mailer: Prayer v1.3.1 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 4 2008, Jim Reid wrote: >On Dec 3, 2008, at 07:08, Samuel Weiler wrote: > [... other points snipped ...] > >> Without more documentation, it's hard to see how choosing this >> format enables rollover. > >It's just a key. Rollover is irrelevant. When a new key is needed, the >old one is retired and the data gets encrypted with the new one. If >this isn't done, the decryption fails. Which is the sole >responsibility of whoever publishes that key and the encrypted NAPTRs >associated with that key. Unless you are proposing that RKEY records always have a TTL of zero, you have to deal with the fact that some clients will have old versions of them in their caches. Some sort of overlap mechanism is needed. -- Chris Thompson Email: cet1@cam.ac.uk -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 04:24:24 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA8733A6A30; Thu, 4 Dec 2008 04:24:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.85 X-Spam-Level: X-Spam-Status: No, score=-0.85 tagged_above=-999 required=5 tests=[AWL=-1.250, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-IYm0ftyxMp; Thu, 4 Dec 2008 04:24:24 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C7CE63A6A0C; Thu, 4 Dec 2008 04:24:23 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DBe-00060Q-Ex for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:20:06 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DBZ-0005zZ-H5 for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:20:03 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 3EE232FE9555 for ; Thu, 4 Dec 2008 12:19:58 +0000 (UTC) Date: Thu, 4 Dec 2008 07:19:56 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt Message-ID: <20081204121956.GD2327@shinkuro.com> References: <20081203164501.E1C423A6886@core3.amsl.com> <200812040506.mB456EPY099170@drugs.dv.isc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200812040506.mB456EPY099170@drugs.dv.isc.org> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Thu, Dec 04, 2008 at 04:06:14PM +1100, Mark Andrews wrote: > RFC5155 used different numbers because we *couldn't* use > the same numbers. That alone is not sufficient justification > to have seperate numbers. Note that the text merely says that it's in keeping with the previous approach. All that means is that there's a precedent; that isn't a claim of justfication. > The only reason to have different numbers is if the wg > believes that there will be DNSSEC implementations in the > future that will not support NSEC3. Given that a number > of TLD's intend to deploy NSEC3 I can't see any new > implementation not including NSEC3 support. Why not? I might want to build a non-validating (authority only) system that can nevertheless serve NSEC and not NSEC3 records. It wouldn't be useful for TLDs, but it might be useful elsewhere. See also Jelte's point about downgrades. During WGLC, there appeared to be many strong arguments in favour of separating these pieces, and I heard no arguments in favour of keeping them joined. So that's what we've decided to do. Speaking personally, it seems to me that on grounds of feature isolation, it's preferable anyway. But speaking as document shepherd, my impression of the rough consensus was that people wanted the NSEC/NSEC3 issue to be separate from the SHA2 issue. I haven't so far seen anything to suggest otherwise. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From klass@accord.com.tw Thu Dec 4 04:24:25 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 900F03A68EB for ; Thu, 4 Dec 2008 04:24:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.016 X-Spam-Level: X-Spam-Status: No, score=-22.016 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XxVTkCuMcyjo for ; Thu, 4 Dec 2008 04:24:25 -0800 (PST) Received: from n166s088.ntc.blacksburg.shentel.net (n166s088.ntc.blacksburg.shentel.net [204.111.166.88]) by core3.amsl.com (Postfix) with SMTP id E04E23A6A1C for ; Thu, 4 Dec 2008 04:24:23 -0800 (PST) To: Subject: Re: Order status From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081204122423.E04E23A6A1C@core3.amsl.com> Date: Thu, 4 Dec 2008 04:24:23 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Thu Dec 4 04:26:32 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A73C3A6A01; Thu, 4 Dec 2008 04:26:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.027 X-Spam-Level: * X-Spam-Status: No, score=1.027 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmYcrl-cRvI4; Thu, 4 Dec 2008 04:26:31 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1051F3A68AE; Thu, 4 Dec 2008 04:26:31 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DEl-0006Ck-VN for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:23:19 +0000 Received: from [74.125.78.25] (helo=ey-out-2122.google.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DEh-0006CG-8n for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:23:17 +0000 Received: by ey-out-2122.google.com with SMTP id 25so1752272eya.65 for ; Thu, 04 Dec 2008 04:23:13 -0800 (PST) Received: by 10.210.104.20 with SMTP id b20mr16506189ebc.29.1228393393289; Thu, 04 Dec 2008 04:23:13 -0800 (PST) Received: by 10.210.121.1 with HTTP; Thu, 4 Dec 2008 04:23:13 -0800 (PST) Message-ID: Date: Thu, 4 Dec 2008 13:23:13 +0100 From: "=?UTF-8?Q?Ond=C5=99ej_Sur=C3=BD?=" To: cet1@cam.ac.uk Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Cc: "Jim Reid" , "Samuel Weiler" , namedroppers@ops.ietf.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: >> It's just a key. Rollover is irrelevant. When a new key is needed, the >> old one is retired and the data gets encrypted with the new one. If this >> isn't done, the decryption fails. Which is the sole responsibility of >> whoever publishes that key and the encrypted NAPTRs associated with that >> key. > > Unless you are proposing that RKEY records always have a TTL of zero, Or owner can publish two RKEYs and start encrypting with second key after all caches are clear. (similar to pre-publish method of rotating DNSKEYs). Or am I missing something? Ondrej. -- Ondrej Sury technicky reditel/Chief Technical Officer ----------------------------------------- CZ.NIC, z.s.p.o. -- .cz domain registry Americka 23,120 00 Praha 2,Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ sip:ondrej.sury@nic.cz tel:+420.222745110 mob:+420.739013699 fax:+420.222745112 ----------------------------------------- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 04:32:35 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4643A3A6A3B; Thu, 4 Dec 2008 04:32:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.472 X-Spam-Level: X-Spam-Status: No, score=-2.472 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4kbDWq6ZKQL5; Thu, 4 Dec 2008 04:32:34 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2CDD93A68AE; Thu, 4 Dec 2008 04:32:34 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DK4-0006cZ-De for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:28:48 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DJt-0006bU-CK for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:28:44 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 4A31511404F; Thu, 4 Dec 2008 12:28:27 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 98FB1E609A; Thu, 4 Dec 2008 12:28:26 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mB4CSOqX000991; Thu, 4 Dec 2008 23:28:24 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812041228.mB4CSOqX000991@drugs.dv.isc.org> To: Jelte Jansen Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt In-reply-to: Your message of "Thu, 04 Dec 2008 10:06:27 BST." <49379D93.3010700@NLnetLabs.nl> Date: Thu, 04 Dec 2008 23:28:24 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message <49379D93.3010700@NLnetLabs.nl>, Jelte Jansen writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark Andrews wrote: > > > > The only reason to have different numbers is if the wg > > believes that there will be DNSSEC implementations in the > > future that will not support NSEC3. > > > > Given that a number > > of TLD's intend to deploy NSEC3 I can't see any new > > implementation not including NSEC3 support. > > > > me neither, but tell it to the chairs, they made me ;) > > Apparently it has already been decided that there will be validators > that do not do nsec3, even if they cannot validate much of the internet... > > But actually, there was a better reason to use algorithm number > signaling imho. I think Sam pointed me to that. That is that there are > no other nsec-type-signaling mechanisms, so until you actualy get NSEC > or NSEC3 records as a validator, you don't know what you are supposed to > get, opening you up for downgrade attacks if either NSEC or NSEC3 turns > out to contain an attackable problem. It doesn't matter. A answer will contain one or the other but not both for a given zone. There is no downgrade attack. I can return NSEC or NSEC3 records with algorithm 7 today. Mark > Jelte > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkk3nZMACgkQ4nZCKsdOncVzzQCfSrOOXZlXEpUUlLrkFcHkTzr/ > JT0AoLG9qmCrv5/bpRFtVGN267gjjPcb > =5PjV > -----END PGP SIGNATURE----- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 04:55:15 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9F663A6A4B; Thu, 4 Dec 2008 04:55:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.18 X-Spam-Level: X-Spam-Status: No, score=-2.18 tagged_above=-999 required=5 tests=[AWL=-0.181, BAYES_00=-2.599, J_CHICKENPOX_45=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpJwAd3YoqLB; Thu, 4 Dec 2008 04:55:15 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E1FC23A6A2E; Thu, 4 Dec 2008 04:55:14 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Df5-0008Go-Cl for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:50:31 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Der-0008Fo-3Z for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:50:24 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 6FB8F11404F; Thu, 4 Dec 2008 12:50:05 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id D2693E606A; Thu, 4 Dec 2008 12:49:59 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mB4CnvQv001310; Thu, 4 Dec 2008 23:49:57 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812041249.mB4CnvQv001310@drugs.dv.isc.org> To: Andrew Sullivan Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt In-reply-to: Your message of "Thu, 04 Dec 2008 07:19:56 CDT." <20081204121956.GD2327@shinkuro.com> Date: Thu, 04 Dec 2008 23:49:57 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message <20081204121956.GD2327@shinkuro.com>, Andrew Sullivan writes: > On Thu, Dec 04, 2008 at 04:06:14PM +1100, Mark Andrews wrote: > > RFC5155 used different numbers because we *couldn't* use > > the same numbers. That alone is not sufficient justification > > to have seperate numbers. > > Note that the text merely says that it's in keeping with the previous > approach. All that means is that there's a precedent; that isn't a > claim of justfication. > > > The only reason to have different numbers is if the wg > > believes that there will be DNSSEC implementations in the > > future that will not support NSEC3. Given that a number > > of TLD's intend to deploy NSEC3 I can't see any new > > implementation not including NSEC3 support. > > Why not? I might want to build a non-validating (authority only) > system that can nevertheless serve NSEC and not NSEC3 records. It > wouldn't be useful for TLDs, but it might be useful elsewhere. And no one would know if you used algorithm 7 to do that and only served zones that contained NSEC records. The only time the authoritative server needs to know how to return NSEC3 proofs is when the zone contains a NSEC3 and there is a appropriate NSEC3PARAM record there. The validator however needs to handle both both forms or it can't validate the returned responses. > See also Jelte's point about downgrades. > During WGLC, there appeared to be many strong arguments in favour of > separating these pieces, and I heard no arguments in favour of keeping > them joined. So that's what we've decided to do. Speaking > personally, it seems to me that on grounds of feature isolation, it's > preferable anyway. But speaking as document shepherd, my impression > of the rough consensus was that people wanted the NSEC/NSEC3 > issue to be separate from the SHA2 issue. I haven't so far seen > anything to suggest otherwise. > > Best regards, > Andrew > > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 05:00:26 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 786343A6A61; Thu, 4 Dec 2008 05:00:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.595 X-Spam-Level: X-Spam-Status: No, score=-0.595 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3r4wz4YydiFu; Thu, 4 Dec 2008 05:00:25 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7C54A3A6A5F; Thu, 4 Dec 2008 05:00:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DlL-0008ml-MR for namedroppers-data@psg.com; Thu, 04 Dec 2008 12:56:59 +0000 Received: from [195.54.233.68] (helo=shaun.rfc1035.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8DlG-0008mC-DM for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 12:56:56 +0000 Received: from [12.46.250.10] (account jim HELO [10.71.0.126]) by shaun.rfc1035.com (CommuniGate Pro SMTP 5.1.4) with ESMTPSA id 373822; Thu, 04 Dec 2008 12:56:53 +0000 Cc: namedroppers@ops.ietf.org Message-Id: From: Jim Reid To: cet1@cam.ac.uk In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: [dnsext] RRs with 0 TTL Date: Thu, 4 Dec 2008 12:55:50 +0000 References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 4, 2008, at 12:00, Chris Thompson wrote: > Unless you are proposing that RKEY records always have a TTL of zero I'm not. And even if I was, how is that different from any other RRtype that gets advertised with a 0 second TTL? -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 05:16:35 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC3CF3A6A46; Thu, 4 Dec 2008 05:16:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.371 X-Spam-Level: X-Spam-Status: No, score=-0.371 tagged_above=-999 required=5 tests=[AWL=-1.371, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, J_CHICKENPOX_45=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXKvcqSksGRI; Thu, 4 Dec 2008 05:16:35 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0743B3A6A42; Thu, 4 Dec 2008 05:16:35 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8E06-0009wZ-14 for namedroppers-data@psg.com; Thu, 04 Dec 2008 13:12:14 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8E01-0009vo-5l for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 13:12:11 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 16C202FE9555 for ; Thu, 4 Dec 2008 13:12:08 +0000 (UTC) Date: Thu, 4 Dec 2008 08:12:06 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt Message-ID: <20081204131206.GF2327@shinkuro.com> References: <20081204121956.GD2327@shinkuro.com> <200812041249.mB4CnvQv001310@drugs.dv.isc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200812041249.mB4CnvQv001310@drugs.dv.isc.org> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Thu, Dec 04, 2008 at 11:49:57PM +1100, Mark Andrews wrote: > And no one would know if you used algorithm 7 to do that > and only served zones that contained NSEC records. The > only time the authoritative server needs to know how to > return NSEC3 proofs is when the zone contains a NSEC3 and > there is a appropriate NSEC3PARAM record there. > > The validator however needs to handle both both forms or > it can't validate the returned responses. But there'd still be a formal violation, because the server wouldn't know what to do with NSEC3, at least in some reading of the specification. Remember, not every use of RFCs is for practical, engineering-type purposes. Sometimes, it has to do with checkboxes on a conformance chart. I don't see any reason to make that harder. (Also, what would you do about the case where an admin who didn't read the manual put an NSEC3 record in such a zone anyway? Should the server stop using SHA-2 in that case? Just not run? Catch on fire? I can think of lots of different answers, but none of them benefit from conflating two tangentially related issues, i.e. NSEC vs NSEC3 and the algorithms involved in each case.) A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 05:23:53 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 604303A6A46; Thu, 4 Dec 2008 05:23:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.445 X-Spam-Level: X-Spam-Status: No, score=-0.445 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WD35-phe3Kkm; Thu, 4 Dec 2008 05:23:52 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6A39A3A69D4; Thu, 4 Dec 2008 05:23:52 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8E85-000AUx-CF for namedroppers-data@psg.com; Thu, 04 Dec 2008 13:20:29 +0000 Received: from [195.54.233.68] (helo=shaun.rfc1035.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8E7y-000AUJ-GF for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 13:20:26 +0000 Received: from [12.46.250.10] (account jim HELO [10.71.0.126]) by shaun.rfc1035.com (CommuniGate Pro SMTP 5.1.4) with ESMTPSA id 373828; Thu, 04 Dec 2008 13:20:21 +0000 Cc: namedroppers@ops.ietf.org Message-Id: <28B615B2-E8D3-4020-815D-48AD29F8281A@rfc1035.com> From: Jim Reid To: =?UTF-8?Q?=22Ond=C5=99ej_Sur=C3=BD=22?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Date: Thu, 4 Dec 2008 13:19:18 +0000 References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 4, 2008, at 12:23, Ond=C5=99ej Sur=C3=BD wrote: > Or owner can publish two RKEYs and start encrypting with second key > after all caches are clear. (similar to pre-publish method of =20 > rotating > DNSKEYs). Or am I missing something? Yes. Implementation details that are not germane to what should be =20 getting discussed here: namely the template and type code assignment. I have already stated key rollover is not necessary. An RKEY is bound =20= to a bunch of encrypted NAPTRs. Both get generated and managed as a =20 single entity. [This is from an implementation perspective, not from a =20= DNS protocol perspective.] If they are not co-ordinated in that way, =20 bad things will happen to whoever broke that linkage. Their problem. =20 Not this WG's. =46rom a DNS protocol point of view this is no different =20= from having an MX record point at a non-existent hostname. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 05:56:24 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C08EE3A6A08; Thu, 4 Dec 2008 05:56:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.707 X-Spam-Level: ** X-Spam-Status: No, score=2.707 tagged_above=-999 required=5 tests=[AWL=-1.679, BAYES_20=-0.74, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, MIME_ASCII0=1.5, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcIkiAA2aRKf; Thu, 4 Dec 2008 05:56:23 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 547903A68AC; Thu, 4 Dec 2008 05:56:23 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Ec6-000CdS-H7 for namedroppers-data@psg.com; Thu, 04 Dec 2008 13:51:30 +0000 Received: from [74.125.78.25] (helo=ey-out-2122.google.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Ec0-000Cch-L7 for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 13:51:27 +0000 Received: by ey-out-2122.google.com with SMTP id 25so1770102eya.65 for ; Thu, 04 Dec 2008 05:51:22 -0800 (PST) Received: by 10.210.66.13 with SMTP id o13mr6889735eba.105.1228398681989; Thu, 04 Dec 2008 05:51:21 -0800 (PST) Received: by 10.210.121.1 with HTTP; Thu, 4 Dec 2008 05:51:21 -0800 (PST) Message-ID: Date: Thu, 4 Dec 2008 14:51:21 +0100 From: "=?UTF-8?Q?Ond=C5=99ej_Sur=C3=BD?=" To: "Jim Reid" Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Cc: namedroppers@ops.ietf.org In-Reply-To: <28B615B2-E8D3-4020-815D-48AD29F8281A@rfc1035.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Content-Disposition: inline References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> <28B615B2-E8D3-4020-815D-48AD29F8281A@rfc1035.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: MjAwOC8xMi80IEppbSBSZWlkIDxqaW1AcmZjMTAzNS5jb20+Ogo+IE9uIERlYyA0LCAyMDA4LCBh dCAxMjoyMywgT25kxZllaiBTdXLDvSB3cm90ZToKPgo+PiBPciBvd25lciBjYW4gcHVibGlzaCB0 d28gUktFWXMgYW5kIHN0YXJ0IGVuY3J5cHRpbmcgd2l0aCBzZWNvbmQga2V5Cj4+IGFmdGVyIGFs bCBjYWNoZXMgYXJlIGNsZWFyLiAgKHNpbWlsYXIgdG8gcHJlLXB1Ymxpc2ggbWV0aG9kIG9mIHJv dGF0aW5nCj4+IEROU0tFWXMpLiAgT3IgYW0gSSBtaXNzaW5nIHNvbWV0aGluZz8KPgo+IFllcy4g SW1wbGVtZW50YXRpb24gZGV0YWlscyB0aGF0IGFyZSBub3QgZ2VybWFuZSB0byB3aGF0IHNob3Vs ZCBiZSBnZXR0aW5nCj4gZGlzY3Vzc2VkIGhlcmU6IG5hbWVseSB0aGUgdGVtcGxhdGUgYW5kIHR5 cGUgY29kZSBhc3NpZ25tZW50LgoKSSBhZ3JlZSBoZXJlLgoKPiBJIGhhdmUgYWxyZWFkeSBzdGF0 ZWQga2V5IHJvbGxvdmVyIGlzIG5vdCBuZWNlc3NhcnkuIEFuIFJLRVkgaXMgYm91bmQgdG8gYQo+ IGJ1bmNoIG9mIGVuY3J5cHRlZCBOQVBUUnMuIEJvdGggZ2V0IGdlbmVyYXRlZCBhbmQgbWFuYWdl ZCBhcyBhIHNpbmdsZQo+IGVudGl0eS4gW1RoaXMgaXMgZnJvbSBhbiBpbXBsZW1lbnRhdGlvbiBw ZXJzcGVjdGl2ZSwgbm90IGZyb20gYSBETlMgcHJvdG9jb2wKPiBwZXJzcGVjdGl2ZS5dIElmIHRo ZXkgYXJlIG5vdCBjby1vcmRpbmF0ZWQgaW4gdGhhdCB3YXksIGJhZCB0aGluZ3Mgd2lsbAo+IGhh cHBlbiB0byB3aG9ldmVyIGJyb2tlIHRoYXQgbGlua2FnZS4gVGhlaXIgcHJvYmxlbS4gTm90IHRo aXMgV0cncy4gRnJvbSBhCj4gRE5TIHByb3RvY29sIHBvaW50IG9mIHZpZXcgdGhpcyBpcyBubyBk aWZmZXJlbnQgZnJvbSBoYXZpbmcgYW4gTVggcmVjb3JkCj4gcG9pbnQgYXQgYSBub24tZXhpc3Rl bnQgaG9zdG5hbWUuCgpJIGFsc28gYWdyZWUgaGVyZS4KCkFuZCBJIHN1cHBvcnQgdGhpcyBwcm9w b3NhbCBmb3IgUlIgVHlwZSBhc3NpZ25tZW50LgoKT25kcmVqCi0tIAogT25kcmVqIFN1cnkKIHRl Y2huaWNreSByZWRpdGVsL0NoaWVmIFRlY2huaWNhbCBPZmZpY2VyCiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogQ1ouTklDLCB6LnMucC5vLiAgLS0gIC5jeiBkb21h aW4gcmVnaXN0cnkKIEFtZXJpY2thIDIzLDEyMCAwMCBQcmFoYSAyLEN6ZWNoIFJlcHVibGljCiBt YWlsdG86b25kcmVqLnN1cnlAbmljLmN6ICBodHRwOi8vbmljLmN6Lwogc2lwOm9uZHJlai5zdXJ5 QG5pYy5jeiB0ZWw6KzQyMC4yMjI3NDUxMTAKIG1vYjorNDIwLjczOTAxMzY5OSAgICAgZmF4Ois0 MjAuMjIyNzQ1MTEyCiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo= -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 08:16:57 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 81E0928C0F2; Thu, 4 Dec 2008 08:16:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.299 X-Spam-Level: X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZLNic8WDo-M; Thu, 4 Dec 2008 08:16:56 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 97C4E3A6AB0; Thu, 4 Dec 2008 08:16:54 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8GmV-000KOW-KY for namedroppers-data@psg.com; Thu, 04 Dec 2008 16:10:23 +0000 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8GmK-000KNB-Gw for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 16:10:17 +0000 DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=DEJ3dO66eyKGXqGHyrsRIbB5I3Kx1X/xufN13X78Opw+Z8WgPdRxOMGx 9bPDDRzjWPtIZG3FGLglKVDEcJV3GE1DTIInJ+dk/uLffkwqauNdnhHmU mmz70ucbt/ges6i; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1228407012; x=1259943012; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20|Subject: =20Re:=20[dnsext]=20errata=204034=20-=205011|Date:=20Thu, =204=20Dec=202008=2017:10:11=20+0100|Message-ID:=20|To:=20Matthijs=20Mekking=20|Cc:=20namedroppers@ops.ietf.org|MIME-Version:=201.0 |In-Reply-To:=20<4937B2ED.4030309@nlnetlabs.nl> |References:=20<4937B2ED.4030309@nlnetlabs.nl>; bh=xuoYnpGOfA9bofCXXELOSuLmdEdDJB0B87FCByZ6WSQ=; b=bbRguiaKwNdXZH58Wv5JYzdcevNomNt0s102fxGgJ5I/396m7pvJvTUV 3vqGYKutY6Zld9ez3dqvvRpp+ppIfX0M4HSwLciMO67UCA5LRxU+bafii +0fDfKyoQDr30qp; X-IronPort-AV: E=Sophos;i="4.33,715,1220223600"; d="scan'208";a="9564571" Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 04 Dec 2008 16:10:10 +0000 In-Reply-To: <4937B2ED.4030309@nlnetlabs.nl> References: <4937B2ED.4030309@nlnetlabs.nl> To: Matthijs Mekking Cc: namedroppers@ops.ietf.org Subject: Re: [dnsext] errata 4034 - 5011 MIME-Version: 1.0 X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008 Message-ID: From: "Roy Arends" Date: Thu, 4 Dec 2008 17:10:11 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 04/12/2008 04:10:10 PM, Serialize complete at 04/12/2008 04:10:10 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Matthijs Mekking wrote on 12/04/2008 11:37:33 AM: > I was notified about the fact that 5011 does not update 4034, That is correct. > and vice versa. It is hard to write a document that updates future publications preemptively, so we decided to leave it out when writing rfc4034. :-) > Because of the description of the REVOKED bit, I believe it > should. That's why I would like to report two editorial erratas, one for > 4034, one for 5011. What should be updated? Can you suggest text? IMHO the document does not need to be updated solely on the assignment of new flags by IANA. Regards, Roy Arends Sr. Researcher Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 4 09:18:44 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CBB83A6A27; Thu, 4 Dec 2008 09:18:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.149 X-Spam-Level: X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SrEfbt4wd1Q6; Thu, 4 Dec 2008 09:18:43 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7FA273A6961; Thu, 4 Dec 2008 09:18:43 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Hkr-000NsF-U5 for namedroppers-data@psg.com; Thu, 04 Dec 2008 17:12:45 +0000 Received: from [131.111.8.130] (helo=ppsw-0.csi.cam.ac.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8Hkn-000Nrs-Hn for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 17:12:43 +0000 X-Cam-AntiVirus: no malware found X-Cam-SpamDetails: not scanned X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:39414) by ppsw-0.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.150]:25) with esmtpa (EXTERNAL:cet1) id 1L8Hkf-0004zT-0S (Exim 4.70) (return-path ); Thu, 04 Dec 2008 17:12:33 +0000 Received: from prayer by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local (PRAYER:cet1) id 1L8Hkf-0006uJ-3X (Exim 4.67) (return-path ); Thu, 04 Dec 2008 17:12:33 +0000 Received: from [131.111.11.47] by webmail.hermes.cam.ac.uk with HTTP (Prayer-1.3.1); 04 Dec 2008 17:12:33 +0000 Date: 04 Dec 2008 17:12:33 +0000 From: Chris Thompson To: =?UTF-8?Q?Ond=C5=99ej_Sur=C3=BD?= Cc: Jim Reid , Samuel Weiler , namedroppers@ops.ietf.org Reply-To: cet1@cam.ac.uk Subject: Re: [dnsext] RRTYPE request: template for proposed RKEY RRtype Message-ID: In-Reply-To: References: <20081121190713.GC20868@shinkuro.com> <492C5095.7000105@connotech.com> <637C4516-7BDA-4489-861E-E3D6E241D48D@rfc1035.com> X-Mailer: Prayer v1.3.1 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 4 2008, Ond=C5=99ej Sur=C3=BD wrote: >>> It's just a key. Rollover is irrelevant. When a new key is needed, the >>> old one is retired and the data gets encrypted with the new one. If t= his >>> isn't done, the decryption fails. Which is the sole responsibility of >>> whoever publishes that key and the encrypted NAPTRs associated with th= at >>> key. >> >> Unless you are proposing that RKEY records always have a TTL of zero, > >Or owner can publish two RKEYs and start encrypting with second key >after all caches are clear. (similar to pre-publish method of rotating >DNSKEYs). Or am I missing something? No, this is probably quite adequate, together with a rubric that clients need to try all RKEYs in the RRset, possibly weakly distinguished by=20 footprint, etc.=20 It's just that there is nothing about this in draft-reid-dnsext-rkey-00, and I think there ought to be. But on further consideration, I agree that there doesn't need to be anything about it in the template itself. --=20 Chris Thompson Email: cet1@cam.ac.uk -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From ljn@agora.pl Thu Dec 4 11:04:03 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 34F933A6AA6 for ; Thu, 4 Dec 2008 11:04:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.548 X-Spam-Level: X-Spam-Status: No, score=-10.548 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HOST_EQ_MODEMCABLE=1.368, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VS+IicMNc8Cb for ; Thu, 4 Dec 2008 11:04:02 -0800 (PST) Received: from allwet.com (cpc1-stap1-0-0-cust217.nott.cable.ntl.com [86.18.164.218]) by core3.amsl.com (Postfix) with SMTP id 880AC28C13E for ; Thu, 4 Dec 2008 11:03:59 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081204190401.880AC28C13E@core3.amsl.com> Date: Thu, 4 Dec 2008 11:03:59 -0800 (PST) Click here to view as a webpage From owner-namedroppers@ops.ietf.org Thu Dec 4 13:21:53 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF45E28C0CF; Thu, 4 Dec 2008 13:21:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.38 X-Spam-Level: X-Spam-Status: No, score=-102.38 tagged_above=-999 required=5 tests=[AWL=0.220, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efEbzrzQ2lot; Thu, 4 Dec 2008 13:21:53 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 27E273A68A5; Thu, 4 Dec 2008 13:21:53 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8LXM-000Cuc-He for namedroppers-data@psg.com; Thu, 04 Dec 2008 21:15:04 +0000 Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8LXG-000CtV-Vq for namedroppers@ops.ietf.org; Thu, 04 Dec 2008 21:15:01 +0000 Received: by core3.amsl.com (Postfix, from userid 0) id 0D8003A6B02; Thu, 4 Dec 2008 13:15:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: namedroppers@ops.ietf.org Subject: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-09.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20081204211502.0D8003A6B02@core3.amsl.com> Date: Thu, 4 Dec 2008 13:15:02 -0800 (PST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC Author(s) : J. Jansen Filename : draft-ietf-dnsext-dnssec-rsasha256-09.txt Pages : 9 Date : 2008-12-04 This document describes how to produce RSA/SHA-256 and RSA/SHA-512 DNSKEY and RRSIG resource records for use in the Domain Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsasha256-09.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-dnsext-dnssec-rsasha256-09.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2008-12-04131018.I-D@ietf.org> --NextPart-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From jason.collins@alexmann.com Thu Dec 4 13:44:09 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD4543A6B7A for ; Thu, 4 Dec 2008 13:44:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -20.347 X-Spam-Level: X-Spam-Status: No, score=-20.347 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eFIdbFPSMerT for ; Thu, 4 Dec 2008 13:44:09 -0800 (PST) Received: from cpe-74-75-57-239.maine.res.rr.com (cpe-74-75-57-239.maine.res.rr.com [74.75.57.239]) by core3.amsl.com (Postfix) with SMTP id 05E3A3A6B2E for ; Thu, 4 Dec 2008 13:44:07 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081204214408.05E3A3A6B2E@core3.amsl.com> Date: Thu, 4 Dec 2008 13:44:07 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From jolleyh@allied-brokers.com Thu Dec 4 16:39:32 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FBCA3A6A33 for ; Thu, 4 Dec 2008 16:39:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.834 X-Spam-Level: X-Spam-Status: No, score=-11.834 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CPE=0.5, HOST_EQ_CPE=0.979, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4LVPq7Jv1xIS for ; Thu, 4 Dec 2008 16:39:32 -0800 (PST) Received: from cpe-065-188-044-016.sc.res.rr.com (cpe-065-188-044-016.sc.res.rr.com [65.188.44.16]) by core3.amsl.com (Postfix) with SMTP id 1731F3A6972 for ; Thu, 4 Dec 2008 16:39:30 -0800 (PST) To: Subject: Delivery Status Notification From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081205003931.1731F3A6972@core3.amsl.com> Date: Thu, 4 Dec 2008 16:39:30 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Fri Dec 5 00:54:07 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 490783A6C3D; Fri, 5 Dec 2008 00:54:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.025 X-Spam-Level: X-Spam-Status: No, score=-102.025 tagged_above=-999 required=5 tests=[AWL=0.575, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DtJzW9rcpgHF; Fri, 5 Dec 2008 00:54:06 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5D6213A6C3B; Fri, 5 Dec 2008 00:54:06 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8WKs-0000Eb-SX for namedroppers-data@psg.com; Fri, 05 Dec 2008 08:46:54 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8WKl-0000EB-3R for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 08:46:51 +0000 Received: from [IPv6:2001:0:53aa:64c:0:7fff:ad51:8f84] ([IPv6:2001:0:53aa:64c:0:7fff:ad51:8f84]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mB58kc2c042473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Dec 2008 09:46:39 +0100 (CET) (envelope-from matthijs@nlnetlabs.nl) Message-ID: <4938EA6E.5060908@nlnetlabs.nl> Date: Fri, 05 Dec 2008 09:46:38 +0100 From: Matthijs Mekking User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: Roy Arends CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] errata 4034 - 5011 References: <4937B2ED.4030309@nlnetlabs.nl> In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Fri, 05 Dec 2008 09:46:39 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I only suggest 'Updates: 4034' or another pointer, to indicate the relationship between the documents. Don't know if the Errata is the correct place to do it. Roy Arends wrote: > What should be updated? Can you suggest text? IMHO the document does not > need to be updated solely on the assignment of new flags by IANA. Bits 0-6 and 8-14 are reserved: these bits MUST have value 0 upon creation of the DNSKEY RR and MUST be ignored upon receipt Technically, bit 7 is not reserved anymore. But I think it will not harm revocation-oblivious resolvers to ignore the REVOKE bit. Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJOOpuIXqNzxRs6egRAs4tAJwInYzPOINQ/e8L5u1sywrR3t06xgCfc/u9 XLXP54zhmgJfZn7JNBIRMjI= =O2y3 -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From krisramos1@1800contacts.com Fri Dec 5 01:54:02 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FFAC3A6C51 for ; Fri, 5 Dec 2008 01:54:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -25.115 X-Spam-Level: X-Spam-Status: No, score=-25.115 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_IP_ADDR=1.119, HOST_EQ_USERONOCOM=1.444, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Q+GgmMT+aMr for ; Fri, 5 Dec 2008 01:54:02 -0800 (PST) Received: from 212.183.225.94.dyn.user.ono.com (212.183.225.94.dyn.user.ono.com [212.183.225.94]) by core3.amsl.com (Postfix) with SMTP id 9A1593A6AEE for ; Fri, 5 Dec 2008 01:53:58 -0800 (PST) To: Subject: Re: Order status From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081205095359.9A1593A6AEE@core3.amsl.com> Date: Fri, 5 Dec 2008 01:53:58 -0800 (PST) Click to visit Official Web Site! From owner-namedroppers@ops.ietf.org Fri Dec 5 06:29:27 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D2B93A6C6F; Fri, 5 Dec 2008 06:29:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBkDibNNDGr2; Fri, 5 Dec 2008 06:29:26 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 980433A6C6E; Fri, 5 Dec 2008 06:29:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8bZq-000KKq-9a for namedroppers-data@psg.com; Fri, 05 Dec 2008 14:22:42 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8bZd-000KJx-Fe for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 14:22:35 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mB5EMVv7041401 for ; Fri, 5 Dec 2008 09:22:31 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mB5EMVs8041400 for namedroppers@ops.ietf.org; Fri, 5 Dec 2008 09:22:31 -0500 (EST) (envelope-from namedroppers) Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8awJ-000HSm-1b for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 13:41:57 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 3CC27114021 for ; Fri, 5 Dec 2008 13:41:35 +0000 (UTC) (envelope-from Joao_Damas@isc.org) Received: from core.c-l-i.net (core.c-l-i.net [204.62.249.36]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 3C342E606A for ; Fri, 5 Dec 2008 13:41:34 +0000 (UTC) (envelope-from Joao_Damas@isc.org) Message-Id: <352A7A13-9C15-4538-8C0C-2EAAFB0B3E32@isc.org> From: Joao Damas To: namedroppers@ops.ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v929.2) Subject: [dnsext] Report on NSEC3 interop workshop during IETF73 Date: Fri, 5 Dec 2008 14:41:31 +0100 X-Mailer: Apple Mail (2.929.2) X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] AS some of you may be aware, we got together a few people involved in =20= the production of software support NSEC3 as well as some registry =20 people and put all the implementations we knew and had at hand against =20= each other. Below is the report of this activity Joao Damas ISC NSEC3 interoperability workshop Minneapolis, Minnesota, USA 17 December 2008 Participants =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Local ----- Joe Gersch - Secure64 Jelte Jansen - NLNetLabs Rob Austein - ISC Mark Andrews - ISC Jo=E3o Damas - ISC Roy Arends - Nominet Shane Kerr - Afilias Frederico Neves - Registro.br Hugo Koji Kobayashi - Registro.br Remote ------ Wouter Wijngaards - NLNetLabs Matthijs Mekking - NLNetLabs Goals =3D=3D=3D=3D=3D Test available implementations of NSEC3 DNSSEC software, both signers/=20= authoritative servers and validating resolvers Implementations present =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - BIND 9.6.0rc1 - NSD - Secure64 - Registro.br (NSEC3 signer only, no validator) - unbound - ldns (signer) Tests undertaken =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D AXFR/IXFR in both directions between all implementations present. =20 registro.br as source only Initial test zone sec3.br zone. Registro.br All servers transferred production sec3.br zone correctly. Same tests using the RFC example zone to introduce tests using opt-out. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D transfer from BIND to NSD axfr tested OK. Zones on both servers are equal ixfr tested OK. Zones on both servers are equal transfer from BIND to secure64 axfr tested OK. Zones on both servers are equal ixfr tested OK. Zones on both servers are equal transfer from NSD to BIND axfr tested OK. Zones on both servers are equal ixfr NOTIMPL. Fallback to AXFR transfer from NSD to secure64 axfr tested OK. Zones on both servers are equal ixfr NOT IMPL. Fallback was not working. Forced AXFR worked OK. transfer from secure64 to NSD axfr tested OK, including fallback to AXFR from IXFR transfer from secure64 to BIND axfr tested OK. Zones on both servers are equal ixfr tested OK. Zones on both servers are equal Validation =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Unbound, drill, BIND Queries tested -------------- Query for existing RR Query for non-existing RR Query for non-existing RR in an opt-out range Query for non-existing RR without opt-out Query for existing RR with invalid signature * BIND vs BIND validate OK for the 5 queries * BIND vs Secure64 validate OK for the 5 queries * Unbound vs BIND validate OK for the 5 queries * Unbound vs NSD validate OK for the 5 queries * Unbound vs Secure64 cache all 5 queries OK * Drill vs BIND cache validate OK for the 5 queries Issues discovered =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All 3 signers were adding an RRSIG bit to the NSEC3 bitmap in insecure =20= delegations. Doesn't cause operational problems other than a bigger =20 than necessary NSEC3. ALl vendors committed to fixing in next releases. Secure64 pointed to an inconsistency in RFC 5155, already addressed by =20= one of the authors in a communication to the IETF DNS Extensions WG. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 5 08:34:13 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD2D53A6C80; Fri, 5 Dec 2008 08:34:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.878 X-Spam-Level: ** X-Spam-Status: No, score=2.878 tagged_above=-999 required=5 tests=[AWL=-1.372, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdJ-vJ7C2Gkb; Fri, 5 Dec 2008 08:34:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E9BED3A6951; Fri, 5 Dec 2008 08:34:12 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8dVN-0003Wg-Bp for namedroppers-data@psg.com; Fri, 05 Dec 2008 16:26:13 +0000 Received: from [213.178.172.147] (helo=WOTAN.TR-Sys.de) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8dVH-0003VS-On for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 16:26:10 +0000 Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA292554270; Fri, 5 Dec 2008 17:24:30 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id RAA12908; Fri, 5 Dec 2008 17:24:29 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= Message-Id: <200812051624.RAA12908@TR-Sys.de> Subject: Re: [dnsext] errata 4034 - 5011 To: namedroppers@ops.ietf.org Date: Fri, 5 Dec 2008 17:24:29 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Folks, according to past experience, it does not even need a formal Errata Note to have the RFC Editor update the RFC metadata with a relation "RFC 5011 updates RFC 4034" . However, IMO it would be much more important to add the relation "RFC 5011 updates RFC 4035" , because the path to find the definition of the REVOKED bit is paived by the IANA registry for these bits based on RFC 4034, whereas the significant change in resolver behavior for the proper treatment of that bit affects the processing rules in RFC 4035. I guess, an email to the RFC-Ed from the chairs, perhaps with an approval from the responsible AD, should suffice in this case. Nevertheless, to better document the issue, I recomment that some involved party (perhaps Matthijs, RFC 5011 author Mike StJohns ?) file a Technical RFC Errata Note at the RFC Editor web site. The rationale noted there should state that the 'Revoked' bit modifies the on-the-wire format (RFC 4034) and the protocol processing in validating resolvers (RFC 4035). ( For those not acquainted with the procedure: In that case, an avalanche of mails will be triggered; the RFC author and the WG chairs should comment/approve the Erratum, and the resp. AD eventually will validate the Erratum and sign it off for the IESG. ) Kind regards, Alfred. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 5 09:56:52 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA2863A6ABA; Fri, 5 Dec 2008 09:56:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.26 X-Spam-Level: X-Spam-Status: No, score=-1.26 tagged_above=-999 required=5 tests=[AWL=-0.765, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnCdK+i1BLEN; Fri, 5 Dec 2008 09:56:50 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C5E543A6B16; Fri, 5 Dec 2008 09:56:17 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8ein-0009dM-Hq for namedroppers-data@psg.com; Fri, 05 Dec 2008 17:44:09 +0000 Received: from [72.34.52.22] (helo=montage2.altserver.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8eiY-0009bF-Kd for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 17:44:00 +0000 Received: from eurolab.net2.nerim.net ([213.41.175.161]:3434 helo=asus.jefsey.com) by montage2.altserver.com with esmtp (Exim 4.69) (envelope-from ) id 1L8eiT-0005Nn-3j; Fri, 05 Dec 2008 09:43:49 -0800 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 05 Dec 2008 18:40:30 +0100 To: Andrew Sullivan , IETF DNSEXT WG From: JFC Morfin Subject: Re: [dnsext] draft-crocker-dnssec-algo-signal as WG item In-Reply-To: <20081114142322.GC80622@shinkuro.com> References: <491D757F.30600@nist.gov> <20081114142322.GC80622@shinkuro.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Pass-two: yes X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - montage2.altserver.com X-AntiAbuse: Original Domain - ops.ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - jefsey.com X-Source: X-Source-Args: X-Source-Dir: Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Message-Id: At 15:23 14/11/2008, Andrew Sullivan wrote: >The draft is still active in the Internet-Drafts database: > > http://www.ietf.org/internet-drafts/draft-crocker-dnssec-algo-signal-01.txt > > > > Please feel free to suggest ways to change the general operation: The > > goal is to have a way for validating end clients signal which algorithms > > they prefer to servers. We suggest an EDNS flag but are open to > > anything that would be a better solution. > >This draft has also not, as far as my records show, been adopted as a >DNSEXT item. We did have a previous request for adoption, however. >If you support adopting the draft by the working group, please say so. >If you are willing to work on it (== review it through to completion), >please say so as well. Without at least five committed reviewers, we >can't adopt it, since we won't have enough reviewers committed for >WGLC. Please, also count me in as a reviewer. I think there is a more general use of that concept I would like to see explored. jfc -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 5 11:51:57 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 774983A6A36; Fri, 5 Dec 2008 11:51:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.62 X-Spam-Level: X-Spam-Status: No, score=-0.62 tagged_above=-999 required=5 tests=[AWL=-1.020, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPVdhXIC-h4z; Fri, 5 Dec 2008 11:51:56 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8116028C1B0; Fri, 5 Dec 2008 11:51:56 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8gcr-000JLR-Vo for namedroppers-data@psg.com; Fri, 05 Dec 2008 19:46:09 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8gcl-000JKt-QN for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 19:46:06 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 5F0F52FE9555; Fri, 5 Dec 2008 19:46:02 +0000 (UTC) Date: Fri, 5 Dec 2008 14:46:00 -0500 From: Andrew Sullivan To: dnsext-ads@tools.ietf.org Cc: namedroppers@ops.ietf.org, iesg-secretary@ietf.org Subject: [dnsext] Publication request for draft-ietf-dnsext-dnssec-rsasha256-09.txt Message-ID: <20081205194600.GG4148@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear Mark, This message serves as a request to publish draft-ietf-dnsext-dnssec-rsasha256-09.txt. Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC Author(s) : J. Jansen Filename : draft-ietf-dnsext-dnssec-rsasha256-09.txt Date : 2008-12-04 Document shepherd: Andrew Sullivan Answers to http://www.ietf.org/IESG/content/Doc-Writeup.html, dated 2008-09-17. (1.a) Andrew Sullivan is the document shepherd. He has read this version and believe it is ready for forwarding to the IESG. (1.b) The document has had adequate review. The shepherd has no concerns. (1.c) The shepherd has no concerns that additional review is needed, beyond the expected reviews during IETF last call. (1.d) The shepherd has no specific concerns. It is not clear whether the IPR claim at https://datatracker.ietf.org/ipr/1000/ applies to this draft; no specific claim has so far been made to the shepherd's knowledge. The WG did not discuss that claim. (1.e) The WG consensus appears to be strong enough to warrant publication. (1.f) Nobody has threatened an appeal or indicated extrene discontent. One participant in the WG, at a late date, has objected to using two different algorithm identifiers, one for NSEC and a different one for NSEC3. There appeared nevertheless to be fairly strong consensus in favour of the current approach during WGLC. (1.g) The shepherd has checked all nits. The document uses the old boilerplate from RFC 3878. Since xml2rfc >= 1.3.4 isn't out yet, the shepherd thinks this is ok. (1.h) References are split, and there are no downrefs. (1.i) The IANA Considerations section exists, and is consistent. The reservations are properly requested. (1.j) There is no formal language segment in the document. (1.k) Technical Summary This document describes how to produce RSA/SHA-256 and RSA/SHA-512 DNSKEY and RRSIG resource records for use in the Domain Name System Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). Working Group Summary The DNS Extensions Working Group had consensus to publish the document. Document Quality The document received thorough review, and it is expected that vendors supporting DNSSEC will implement SHA-2 once the document is published. During Working Group Last Call, there were objections that an earlier approach, which tied SHA-2 to implementation of NSEC3, would be a barrier for adoption by some vendors, so the specification was changed to avoid the link. Best regards, Andrew and Olafur -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 5 12:03:42 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 204213A63EB; Fri, 5 Dec 2008 12:03:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.137 X-Spam-Level: X-Spam-Status: No, score=-0.137 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnUMDv-v24EV; Fri, 5 Dec 2008 12:03:35 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 52F7A3A6B35; Fri, 5 Dec 2008 12:03:35 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8gon-000KFl-UZ for namedroppers-data@psg.com; Fri, 05 Dec 2008 19:58:29 +0000 Received: from [76.96.62.48] (helo=QMTA05.westchester.pa.mail.comcast.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L8goj-000KFU-PP for namedroppers@ops.ietf.org; Fri, 05 Dec 2008 19:58:27 +0000 Received: from OMTA11.westchester.pa.mail.comcast.net ([76.96.62.36]) by QMTA05.westchester.pa.mail.comcast.net with comcast id nWh21a01l0mv7h055XyQA6; Fri, 05 Dec 2008 19:58:24 +0000 Received: from MIKES-LAPTOM.comcast.net ([68.48.0.201]) by OMTA11.westchester.pa.mail.comcast.net with comcast id nXyM1a00A4LCBKY3XXyMMX; Fri, 05 Dec 2008 19:58:24 +0000 X-Authority-Analysis: v=1.0 c=1 a=PqPJEVtul_DzoRBKLd0A:9 a=OzDXBACcYsxH1GINtWS_Kk0RV_0A:4 a=h9s5Ru71U4oA:10 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 05 Dec 2008 14:58:22 -0500 To: Alfred =?hp-roman8?B?SM5uZXM=?= ,namedroppers@ops.ietf.org From: Michael StJohns Subject: Re: [dnsext] errata 4034 - 5011 In-Reply-To: <200812051624.RAA12908@TR-Sys.de> References: <200812051624.RAA12908@TR-Sys.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Message-Id: At 11:24 AM 12/5/2008, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >Folks, >The rationale noted there should state that the 'Revoked' bit >modifies the on-the-wire format (RFC 4034) and the protocol >processing in validating resolvers (RFC 4035). No - it does not. Assigning a value to a bit is not changing the on-the-wire format. 4034 says specifically to ignore unknown bits in the flag field If you're compliant with 4034 and not 5011 that's the correct action. If you're compliant with 5011, THEN you modify the processing. . Mike -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From jecciechend@163169.net Sat Dec 6 03:47:50 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2668E3A684E for ; Sat, 6 Dec 2008 03:47:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.639 X-Spam-Level: X-Spam-Status: No, score=-12.639 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_EQ_JP=1.244, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iasdzkxJ5ekf for ; Sat, 6 Dec 2008 03:47:50 -0800 (PST) Received: from a3.ctktv.ne.jp (unknown [125.160.220.86]) by core3.amsl.com (Postfix) with SMTP id 5898B3A6801 for ; Sat, 6 Dec 2008 03:47:42 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081206114746.5898B3A6801@core3.amsl.com> Date: Sat, 6 Dec 2008 03:47:42 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Sat Dec 6 18:36:58 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B19153A67E1; Sat, 6 Dec 2008 18:36:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.774 X-Spam-Level: X-Spam-Status: No, score=0.774 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keQWm5w+PYs1; Sat, 6 Dec 2008 18:36:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 97A253A6358; Sat, 6 Dec 2008 18:36:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L99P9-0003AU-5F for namedroppers-data@psg.com; Sun, 07 Dec 2008 02:29:55 +0000 Received: from [209.86.89.70] (helo=elasmtp-banded.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L99P1-000390-En for namedroppers@ops.ietf.org; Sun, 07 Dec 2008 02:29:51 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=t8AyEwSwvqkvCJx4Meqa0iiuQ5U6DsJf3+juLMl3A691qFkdXFQo5Q5++ZLQmnhE; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.96.177] (helo=ix.netcom.com) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from ) id 1L99Ok-00055K-RC; Sat, 06 Dec 2008 21:29:31 -0500 Message-ID: <4939FD7E.4E096A96@ix.netcom.com> Date: Fri, 05 Dec 2008 20:20:14 -0800 From: "Jeffrey A. Williams" Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jelte Jansen CC: Mark Andrews , namedroppers@ops.ietf.org Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-dnssec-rsasha256-07.txt References: <200812040506.mB456EPY099170@drugs.dv.isc.org> <49379D93.3010700@NLnetLabs.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e519606886158add4789615590d6822466cff9927350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.96.177 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Jelte and all, Sorry for being silent so long. Good point Jelte! if nsec3 is not used as a validator, the DNSSEC implemented in such a manner, is nearly worthless for very useful purposes. Jelte Jansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark Andrews wrote: > > > > The only reason to have different numbers is if the wg > > believes that there will be DNSSEC implementations in the > > future that will not support NSEC3. > > > Given that a number > > of TLD's intend to deploy NSEC3 I can't see any new > > implementation not including NSEC3 support. > > > > me neither, but tell it to the chairs, they made me ;) > > Apparently it has already been decided that there will be validators > that do not do nsec3, even if they cannot validate much of the internet... > > But actually, there was a better reason to use algorithm number > signaling imho. I think Sam pointed me to that. That is that there are > no other nsec-type-signaling mechanisms, so until you actualy get NSEC > or NSEC3 records as a validator, you don't know what you are supposed to > get, opening you up for downgrade attacks if either NSEC or NSEC3 turns > out to contain an attackable problem. > > Jelte > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (FreeBSD) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkk3nZMACgkQ4nZCKsdOncVzzQCfSrOOXZlXEpUUlLrkFcHkTzr/ > JT0AoLG9qmCrv5/bpRFtVGN267gjjPcb > =5PjV > -----END PGP SIGNATURE----- > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From mas.macia.pan@allianz.es Sun Dec 7 08:58:08 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E1A528C0D0 for ; Sun, 7 Dec 2008 08:58:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.215 X-Spam-Level: X-Spam-Status: No, score=-0.215 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c90HeMPYRXld for ; Sun, 7 Dec 2008 08:58:08 -0800 (PST) Received: from 6dtr.com (unknown [82.201.172.3]) by core3.amsl.com (Postfix) with SMTP id 0E85728B797 for ; Sun, 7 Dec 2008 08:58:05 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081207165806.0E85728B797@core3.amsl.com> Date: Sun, 7 Dec 2008 08:58:05 -0800 (PST) Having trouble viewing this email? Click here! From martin.amarante@amher.com.mx Sun Dec 7 14:15:36 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC0123A69D7 for ; Sun, 7 Dec 2008 14:15:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.293 X-Spam-Level: X-Spam-Status: No, score=-6.293 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, SC_TOP200_89=3, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzuVu8xfu+nQ for ; Sun, 7 Dec 2008 14:15:36 -0800 (PST) Received: from amicillc.com (unknown [89.222.150.253]) by core3.amsl.com (Postfix) with SMTP id 552633A69AF for ; Sun, 7 Dec 2008 14:15:34 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081207221535.552633A69AF@core3.amsl.com> Date: Sun, 7 Dec 2008 14:15:34 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From lburns@absconsulting.com Sun Dec 7 17:34:39 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C171C3A6925 for ; Sun, 7 Dec 2008 17:34:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.391 X-Spam-Level: X-Spam-Status: No, score=-22.391 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QcP20I26KBJS for ; Sun, 7 Dec 2008 17:34:39 -0800 (PST) Received: from 235-246.dedicado.com.uy (235-246.dedicado.com.uy [200.108.246.235]) by core3.amsl.com (Postfix) with SMTP id E70E33A67A4 for ; Sun, 7 Dec 2008 17:34:37 -0800 (PST) To: Subject: Delivery Status Notification From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081208013437.E70E33A67A4@core3.amsl.com> Date: Sun, 7 Dec 2008 17:34:37 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Mon Dec 8 19:32:12 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 535A03A680D; Mon, 8 Dec 2008 19:32:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.413 X-Spam-Level: X-Spam-Status: No, score=-2.413 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mu-g5Z0aO-xT; Mon, 8 Dec 2008 19:32:11 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 362D63A63EB; Mon, 8 Dec 2008 19:32:10 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L9tD8-00052J-Ux for namedroppers-data@psg.com; Tue, 09 Dec 2008 03:24:34 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L9tD3-00051r-BN for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 03:24:31 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id CC6EA11401F; Tue, 9 Dec 2008 03:24:15 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 04188E60A6; Tue, 9 Dec 2008 03:24:14 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mB93OARV045445; Tue, 9 Dec 2008 14:24:11 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812090324.mB93OARV045445@drugs.dv.isc.org> To: Sam Weiler Cc: IETF DNSEXT WG From: Mark Andrews Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-reply-to: Your message of "Tue, 30 Sep 2008 12:51:15 -0400." Date: Tue, 09 Dec 2008 14:24:10 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message , Sam Weiler writes: > I have read this document. Aside from the nits previously raised and > the below, it should go forward. > > >>> I agree with the spirit, but since there is no immediately obvious > >>> connection between NSEC3 and these two new algorithms, implementors > >>> might deserve some explanation, otherwise this could come as a late > >>> surprise. If we're saving precious DNS security algorithm numbers, > >>> we can say that ;-) > >> > >> From the document I read a zone that signs with RSA/SHA2 can use > >> either NSEC or NSEC3, thus and validator can not be sure until it > >> gets back an answer from the zone, which kind of negative > >> "expression" the zone uses. > >> > >> Are the members of the working group comfortable with this ? > > No. This creates an unneccessary link between two unrelated DNSSEC > parameters. The danger is that if someone finds an attack that takes > advantage of NSEC3, zones may have to choose between being vulnerable > to that attack while using good hash algorithms and protecting > themselves from the NSEC3 attack while using poor hash algorithms. > Not a fun choice. There is no such risk. Zones operators have a choice of whether to generate NSEC or NSEC3 chains. I can generate NSEC chains with algorithm 5 or 7. Both are equally secure. The fact that one could generate a NSEC3 chain is irrelevent as one would also have to get the signatures on the NSEC3 chain accepted for there to be a threat and if you can get that to happen it doesn't matter if we are using NSEC or NSEC3 because the whole kit and kaboodle is gone. If the flaw is found then it is no worse than saying don't use 3 as the exponents with RSA. If you *only* had the choice of generating NSEC3 chains with the new algorithm number then your argument would make sense. One however would also have to go through the insecure state to transition from NSEC to NSEC3 and we specified the use of algorithm 7 to mean both NSEC and NSEC3 chains are possible. Currently we have TBA1 is NSEC. TBA2 is NSEC or NSEC3. What's the point of TBA1? B.T.W. Section 2.1, Paragraph 2 should start with "For the use of NSEC or NSEC3," to make that clearer. The only reason for having two numbers is if you believe there there is a reason to support validators which can do RSA/SHA-256 and not NSEC3. I don't see a need to support that combination. Mark > Is there any compelling reason to link them? > > -- Sam > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 9 06:42:02 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 786FF28C16B; Tue, 9 Dec 2008 06:42:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.575 X-Spam-Level: X-Spam-Status: No, score=-0.575 tagged_above=-999 required=5 tests=[AWL=-0.975, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XaQ9n8hCzSZe; Tue, 9 Dec 2008 06:42:01 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A82AC28C15C; Tue, 9 Dec 2008 06:42:01 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA3fT-000MVA-M5 for namedroppers-data0@psg.com; Tue, 09 Dec 2008 14:34:31 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA3fO-000MUm-IB for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 14:34:28 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id D4DEC2FE9647 for ; Tue, 9 Dec 2008 14:34:22 +0000 (UTC) Date: Tue, 9 Dec 2008 09:34:21 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081209143420.GA8932@shinkuro.com> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200812090324.mB93OARV045445@drugs.dv.isc.org> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Tue, Dec 09, 2008 at 02:24:10PM +1100, Mark Andrews wrote: > The only reason for having two numbers is if you believe > there there is a reason to support validators which can do > RSA/SHA-256 and not NSEC3. I don't see a need to support > that combination. I determined during working group last call, however, that others _did_ see a need to support that combination. Moreover, I buy the argument that we shouldn't link these two issues together. If there is a validator that can't do NSEC3 and they find they suddently want to do SHA-2, why do we want to put an extra barrier in their way? A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 9 07:17:46 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 956A23A68F1; Tue, 9 Dec 2008 07:17:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.299 X-Spam-Level: X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Remt55HZoQDy; Tue, 9 Dec 2008 07:17:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5C6103A687A; Tue, 9 Dec 2008 07:17:44 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA4EF-000PHZ-Ag for namedroppers-data0@psg.com; Tue, 09 Dec 2008 15:10:27 +0000 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA4EA-000PGG-55 for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 15:10:24 +0000 DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=p6uh5PJbgj5owecY8pv7RfPQqTe8Wvki7W7zNvAbyM9HT1VSUwDhDd+R QNkpC++XpFW1ecFWs9EJ4b5GJNk+sKJ5UYuYK5MsKtvvtdAGrF03G0Dze QjmbaXNyaJG4xDm; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1228835422; x=1260371422; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20|Subject: =20explicit=20non-support=20of=20NSEC3|Date:=20Tue,=209 =20Dec=202008=2016:10:19=20+0100|Message-ID:=20|To:=20Andrew=20Sullivan=20|Cc: =20namedroppers@ops.ietf.org|MIME-Version:=201.0 |In-Reply-To:=20<20081209143420.GA8932@shinkuro.com> |References:=20 =20<200812090324.mB93OARV045445@drugs.dv.isc.org>=20<2008 1209143420.GA8932@shinkuro.com>; bh=+NZvor7OfZ0Eo4Voy3v07pFaXNfK0AtRks+gzsrYTF0=; b=sMmKnFMBam9HdBMzgQHO7LR+4Q8rv0tlix+t+r8iYs11aQ9wIc6M/U2U UniIK1Xu2tDVN5XNtqvuOXBy0aB2pJ16bOEcEYelqhBNNNYCIk8xxiBOj tA0XZBCr9eDCSqD; X-IronPort-AV: E=Sophos;i="4.33,741,1220223600"; d="scan'208";a="7268206" Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 09 Dec 2008 15:10:20 +0000 In-Reply-To: <20081209143420.GA8932@shinkuro.com> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> To: Andrew Sullivan Cc: namedroppers@ops.ietf.org Subject: [dnsext] explicit non-support of NSEC3 MIME-Version: 1.0 X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008 Message-ID: From: "Roy Arends" Date: Tue, 9 Dec 2008 16:10:19 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 09/12/2008 03:10:19 PM, Serialize complete at 09/12/2008 03:10:19 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Andrew Sullivan wrote on 12/09/2008 03:34:21 PM: > On Tue, Dec 09, 2008 at 02:24:10PM +1100, Mark Andrews wrote: > > > The only reason for having two numbers is if you believe > > there there is a reason to support validators which can do > > RSA/SHA-256 and not NSEC3. I don't see a need to support > > that combination. > > I determined during working group last call, however, that others > _did_ see a need to support that combination. Moreover, I buy the > argument that we shouldn't link these two issues together. If there > is a validator that can't do NSEC3 and they find they suddently want > to do SHA-2, why do we want to put an extra barrier in their way? Such a validator _can_ implement SHA-2. Since such a validator explicitly does not implement NSEC3, it can now treat zones with these NSEC3 records as unsigned. The method used in RFC5155 was to protect legacy validators against unknown extensions. Since RFC5155 is an integral part of DNSSEC, I see no reason to further forking the algorithm space. Imho, a validator does not have to understand NSEC3 to be able to validate, parse, or even signal its presence. Regards, Roy Arends Sr. Researcher Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From farmers@sympatico.ca Tue Dec 9 07:39:00 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBADD28C184 for ; Tue, 9 Dec 2008 07:39:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.782 X-Spam-Level: * X-Spam-Status: No, score=1.782 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_MISMATCH_NET=0.611, TO_MALFORMED=1.17] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwOqJwH1H-4N for ; Tue, 9 Dec 2008 07:39:00 -0800 (PST) Received: from simmts5-srv.bellnexxia.net (simmts5-qfe0.srvr.bell.ca [206.47.199.163]) by core3.amsl.com (Postfix) with ESMTP id 36FD73A6968 for ; Tue, 9 Dec 2008 07:38:59 -0800 (PST) Received: from simip9-ac.srvr.bell.ca ([206.47.199.87]) by simmts5-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20081209153842.KAAU1658.simmts5-srv.bellnexxia.net@simip9-ac.srvr.bell.ca> for ; Tue, 9 Dec 2008 10:38:42 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnUtAI8ZPknOL8eg/2dsb2JhbACBbIo9L8cT Received: from simfep5.srvr.bell.ca (HELO smtpacout.sympatico.ca) ([206.47.199.160]) by simip9-ac.srvr.bell.ca with SMTP; 09 Dec 2008 10:45:39 -0500 X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113) X-Originating-IP: [65.120.57.18] From: Anniversary 2008 Reply-To: claims_donaldwilson000@ymail.com To: Subject: Award 2008 Date: Tue, 9 Dec 2008 10:38:41 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-Id: <20081209153842.KAAU1658.simmts5-srv.bellnexxia.net@simip9-ac.srvr.bell.ca> The sum of =A31,000,000,00 GBP Pounds has won by your E-MAIL Do get back= to this office with your information via (claims_donaldwilson000@ymail.= com) = Names : = Address: Conntry : = Occupation : Age : = Sex : Phone = From owner-namedroppers@ops.ietf.org Tue Dec 9 10:18:19 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 223E23A69F2; Tue, 9 Dec 2008 10:18:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.5 X-Spam-Level: X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[AWL=-0.900, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5A6tVso3GUux; Tue, 9 Dec 2008 10:18:18 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 20AB43A6B42; Tue, 9 Dec 2008 10:18:18 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA720-000Cdk-Ok for namedroppers-data0@psg.com; Tue, 09 Dec 2008 18:10:00 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LA71r-000Ccy-Hd for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 18:09:55 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 0A9CB2FE9647 for ; Tue, 9 Dec 2008 18:09:50 +0000 (UTC) Date: Tue, 9 Dec 2008 13:09:48 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: [dnsext] Working group workflow Message-ID: <20081209180947.GD8932@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear colleagues, I'm writing to express some concern over the working group work flow. What concerns me is that some current events may be part of a larger pattern of how work gets done in this group. We are currently embroiled in an argument about different algorithm identifiers for NSEC and NSEC3 records. This new round of objections started with one participant immediately before the document was sent for publication, and it did not address the fundamental arguments that had been made during WGLC. Moreover, the new round of objections is really late. I sent a message (http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02113.html) to the WG on 22 October, noting that we were planning this change. I also noted at the time that after the new draft was published, I'd wait a week before sending the document to the IESG. On 24 October, I drew to everyone's attention that the new draft had been posted (http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02133.html). Nobody said anything. I actually waited more than a week. Nobody said anything to me in Minneapolis, either. But now, well after the WG is supposed to be done with the document, we have a new round of objections that re-open a previously closed discussion. The last call for the document in question started shortly after the meeting in Dublin. For a complicated document, perhaps such a long period of deliberation is important. For a document of this brevity and clarity, I find the delay a little depressing, not to say alarming. Now, I do not wish to suggest, even for a moment, that if you realise that there's a critical problem with a specification way late in the process, that you should keep quiet. It is of course the central responsibility of participants to ensure that the documents we produce represent our best technical judgement on the topic in question. Moreover, I appreciate that this is a volunteer organization, and that people have day jobs. Nevertheless, if the working group cannot give a document as short as this one adequate attention so that controversies are addressed to the satisfaction of the working group, then maybe it is an indication that people do not consider the work of the working group important enough to prioritize it above other things they have to do. In that case, the most responsible thing we can do is to shut down the working group, and stop committing to additional tasks. If this work isn't important enough for us to do in a reasonable time (the document in question first came to the WG in July of 2006), I'm not sure it's important enough for us to do. It is simply unfair to the editors of WG documents to leave them hanging without review, or to perform review very late and raise showstopper problems after everyone else has completed their work. If you need to review something before a deadline passes, and you're not going to have time, please say so. It is similarly unfair to the rest of the IETF to wait until documents are going to IETF last call, and have a discussion more appropriate to the WG on the IETF list. I am hoping that, with new work the WG is taking on, we are keeping these factors in mind when agreeing to take the work. We need to set realistic, achievable deadlines for ourselves and stick to them. If we can't do that, then we shouldn't take on new work. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From misjudgedduelist@aati-us.com Tue Dec 9 12:30:26 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A23928C187 for ; Tue, 9 Dec 2008 12:30:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.884 X-Spam-Level: X-Spam-Status: No, score=-8.884 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RVokTA6t24a0 for ; Tue, 9 Dec 2008 12:30:25 -0800 (PST) Received: from venuska.t16.ds.pwr.wroc.pl (venuska.t16.ds.pwr.wroc.pl [156.17.232.174]) by core3.amsl.com (Postfix) with SMTP id 0AA373A6889 for ; Tue, 9 Dec 2008 12:30:16 -0800 (PST) To: Subject: Your order From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081209203019.0AA373A6889@core3.amsl.com> Date: Tue, 9 Dec 2008 12:30:16 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Tue Dec 9 14:32:29 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D92028C14A; Tue, 9 Dec 2008 14:32:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.439 X-Spam-Level: X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqziorlIOk7a; Tue, 9 Dec 2008 14:32:28 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7E0D63A688F; Tue, 9 Dec 2008 14:32:28 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAB19-0003aU-Ha for namedroppers-data0@psg.com; Tue, 09 Dec 2008 22:25:23 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAB11-0003Zb-QV for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 22:25:18 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id BD3CB114027; Tue, 9 Dec 2008 22:25:00 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 3EBC6E60AF; Tue, 9 Dec 2008 22:25:00 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mB9MOuTo059215; Wed, 10 Dec 2008 09:24:56 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812092224.mB9MOuTo059215@drugs.dv.isc.org> To: Andrew Sullivan Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-reply-to: Your message of "Tue, 09 Dec 2008 09:34:21 CDT." <20081209143420.GA8932@shinkuro.com> Date: Wed, 10 Dec 2008 09:24:56 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message <20081209143420.GA8932@shinkuro.com>, Andrew Sullivan writes: > On Tue, Dec 09, 2008 at 02:24:10PM +1100, Mark Andrews wrote: > > > The only reason for having two numbers is if you believe > > there there is a reason to support validators which can do > > RSA/SHA-256 and not NSEC3. I don't see a need to support > > that combination. > > I determined during working group last call, however, that others > _did_ see a need to support that combination. Moreover, I buy the > argument that we shouldn't link these two issues together. If there > is a validator that can't do NSEC3 and they find they suddently want > to do SHA-2, why do we want to put an extra barrier in their way? Because it sets a BAD precident. It means that you just cut down the effective algorithm space by half. Yes it requires validator writers to support NSEC3 but I don't see that as a bad thing as it is a real world requirement to support NSEC3 if DNSSEC is ever going to fly. We have several TLD operators stating that they intend to deploy NSEC3. Is there any DNSSEC validator vendor that is not planning to support NSEC3? I'm aware of none. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 9 14:52:58 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B9143A6B0E; Tue, 9 Dec 2008 14:52:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.299 X-Spam-Level: X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I9UA7VKEaV3n; Tue, 9 Dec 2008 14:52:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E03FC3A6B20; Tue, 9 Dec 2008 14:52:56 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LABNg-0004lx-PI for namedroppers-data0@psg.com; Tue, 09 Dec 2008 22:48:40 +0000 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LABNY-0004kw-79 for namedroppers@ops.ietf.org; Tue, 09 Dec 2008 22:48:34 +0000 DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=h/iMMcAS4g/jMQeJLXFhdWdOT6UHRllujRsjfl4rerpM4hAhkyI+0dzo LnHHeFlVcLFztYE+NylwbtliSi5vWDlVd+3LGDrqSWVpK6rTjZM5GUGxY j0n6DDSE/kMRYww; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1228862912; x=1260398912; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20|Subject: =20Re:=20[dnsext]=20Working=20group=20workflow|Date:=20Tu e,=209=20Dec=202008=2023:48:27=20+0100|Message-ID:=20|To:=20Andrew=20Sullivan=20|Cc:=20namedroppers@ops.ietf.org|MIME-Version:=201.0 |In-Reply-To:=20<20081209180947.GD8932@shinkuro.com> |References:=20<20081209180947.GD8932@shinkuro.com>; bh=5x9CZUALC2WSuXX0zx+j1LHzPscd+GgdnCA7dJByIlY=; b=3QVg08X8SFmziYaefxYUbQegQyHbFYNZgKrhLpjANtFmqC//GiYmvvKY cQR8p1erhPs/xF674pdlhuodyltjGoDITOTvmF+NMcwwvFephNXDip5/F yfp52yciLqKknAj; X-IronPort-AV: E=Sophos;i="4.33,743,1220223600"; d="scan'208";a="9677501" Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 09 Dec 2008 22:48:29 +0000 In-Reply-To: <20081209180947.GD8932@shinkuro.com> References: <20081209180947.GD8932@shinkuro.com> To: Andrew Sullivan Cc: namedroppers@ops.ietf.org Subject: Re: [dnsext] Working group workflow MIME-Version: 1.0 X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008 Message-ID: From: "Roy Arends" Date: Tue, 9 Dec 2008 23:48:27 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 09/12/2008 10:48:29 PM, Serialize complete at 09/12/2008 10:48:29 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Andrew Sullivan wrote on 12/09/2008 07:09:48 PM: > Dear colleagues, > > I'm writing to express some concern over the working group work flow. > What concerns me is that some current events may be part of a larger > pattern of how work gets done in this group. > > We are currently embroiled in an argument about different algorithm > identifiers for NSEC and NSEC3 records. This new round of objections > started with one participant immediately before the document was sent > for publication, and it did not address the fundamental arguments that > had been made during WGLC. > > Moreover, the new round of objections is really late. I sent a > message > (http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02113.html) > to the WG on 22 October, noting that we were planning this change. I > also noted at the time that after the new draft was published, I'd > wait a week before sending the document to the IESG. On 24 October, I > drew to everyone's attention that the new draft had been posted > (http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02133.html ). > Nobody said anything. I actually waited more than a week. Nobody > said anything to me in Minneapolis, either. > > But now, well after the WG is supposed to be done with the document, > we have a new round of objections that re-open a previously closed > discussion. Not so fast: I asked for implied support of NSEC3 in october 2007, and the document subsequently reflected this: http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00599.html "What I do like to mandate is support for the new keytypes implies support for NSEC3, provided that NSEC3 is proposed standard by that time. That would avoid allocating an alias for every keytype." ( Note that the document had expired from July 5th 2006 until December 10 2007 ) There has been no objection since then, and the document reflected this, until recently. I _have_ reviewed the document in october 2007. I call that early, not late. Regards, Roy Arends Sr. Researcher Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 9 19:17:16 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B60963A6AB6; Tue, 9 Dec 2008 19:17:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.437 X-Spam-Level: X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfdMvuCg2TXX; Tue, 9 Dec 2008 19:17:15 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8D1373A68D3; Tue, 9 Dec 2008 19:17:14 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAFPf-000Jq4-Og for namedroppers-data0@psg.com; Wed, 10 Dec 2008 03:06:59 +0000 Received: from [64.22.125.99] (helo=mail.kahlerlarson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAFPR-000JpG-Hk for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 03:06:53 +0000 Received: from sirocco.local (pool-96-255-131-92.washdc.fios.verizon.net [96.255.131.92]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kahlerlarson.org (Postfix) with ESMTP id 65BAC37CEF; Tue, 9 Dec 2008 22:06:37 -0500 (EST) Date: Tue, 9 Dec 2008 22:06:37 -0500 From: Matt Larson To: Andrew Sullivan Cc: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081210030636.GA565@sirocco.local> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081209143420.GA8932@shinkuro.com> User-Agent: Mutt/1.5.11 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Tue, 09 Dec 2008, Andrew Sullivan wrote: > On Tue, Dec 09, 2008 at 02:24:10PM +1100, Mark Andrews wrote: > > > The only reason for having two numbers is if you believe > > there there is a reason to support validators which can do > > RSA/SHA-256 and not NSEC3. I don't see a need to support > > that combination. > > I determined during working group last call, however, that others > _did_ see a need to support that combination. I do not believe the record supports that conclusion. > Moreover, I buy the argument that we shouldn't link these two issues > together. If there is a validator that can't do NSEC3 and they find > they suddently want to do SHA-2, why do we want to put an extra > barrier in their way? Roy already explained that a validator can support SHA-2 and not NSEC3; their is no barrier. I want to amplify Mark's comment about the impending need for validators to support NSEC3. The NSEC3 ship has sailed and is now part of DNSSEC. Let us not ignore operational reality while we consider this particular piece of protocol engineering. PIR has said that .org will be signed with NSEC3. While I cannot speak for Nominet nor DENIC, all indications I've seen are that .co.uk and .de will be signed with NSEC3 (as their representatives worked actively on the protocol). And, finally, I can most certainly assure you that when .com and .net are signed, they will use NSEC3. Those five zones represent well over 50% of the total number of registered domain names in the worldwide TLD market. A DNSSEC validator without NSEC3 support will shortly be either a useless antique or a laboratory curiosity. As others have pointed out, the multiple algorithm hack was only needed to protect past validators, not future validators. There is simply no reason to propagate this technique and it unnecessarily reduces and complicates the algorithm space. I regret that I did not notice paragraph 7 of Andrew's October 22 WGLC message until this thread came back to life. However, now that the inaccuracies in that paragraph have been brought to light, and I have gone back through the mailing list to examine the record, I strongly oppose its conclusion. The language regarding NSEC3 support from the -05 version should be restored and we should not continue the unnecessary practice of algorithm aliases. Matt -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 00:49:07 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C8EF3A6901; Wed, 10 Dec 2008 00:49:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.502 X-Spam-Level: X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[AWL=-1.452, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_NL=0.55, HELO_MISMATCH_NL=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAdgHp+mYrRa; Wed, 10 Dec 2008 00:49:04 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1316D3A6841; Wed, 10 Dec 2008 00:49:03 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAKdE-000D2b-3P for namedroppers-data0@psg.com; Wed, 10 Dec 2008 08:41:20 +0000 Received: from [213.154.224.43] (helo=sol.nlnetlabs.nl) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAKc4-000Cxn-JN for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 08:40:12 +0000 Received: from jelte (vhe-520087.sshn.net [195.169.221.157]) by sol.nlnetlabs.nl (Postfix) with ESMTP id E623D13141B; Wed, 10 Dec 2008 09:40:05 +0100 (CET) Received: from [192.168.8.11] (dragon [192.168.8.11]) by jelte (Postfix) with ESMTP id B9C69CFB14; Wed, 10 Dec 2008 09:41:26 +0100 (CET) Message-ID: <493F8065.8070806@NLnetLabs.nl> Date: Wed, 10 Dec 2008 09:40:05 +0100 From: Jelte Jansen User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: Roy Arends CC: Andrew Sullivan , namedroppers@ops.ietf.org Subject: Re: [dnsext] Working group workflow (nsec3 in draft-sha256) References: <20081209180947.GD8932@shinkuro.com> In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roy Arends wrote: > Andrew Sullivan wrote on 12/09/2008 07:09:48 PM: > >> But now, well after the WG is supposed to be done with the document, >> we have a new round of objections that re-open a previously closed >> discussion. > > Not so fast: > > I asked for implied support of NSEC3 in october 2007, and the document > subsequently reflected this: > > http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00599.html > > "What I do like to mandate is support for the new keytypes implies support > for NSEC3, provided that NSEC3 is proposed standard by that time. That > would avoid allocating an alias for every keytype." > > There has been no objection since then, and the document reflected this, > until recently. I _have_ reviewed the document in october 2007. I call > that early, not late. > There was not much support either; Matt is the third (!) person I count (please correct me if i'm wrong). This is probably my fault; I could have asked for more explicit support on-list back when I made the original change to implied support. During the last call, there were some objections to it. While most were merely about the text, others were about the spirit. It appeared to me more objections were raised to the chairs off-list (if so, chairs, please instruct people to send such comments to the list, or come up with a better way to archive them). So I asked the list to speak up about this issue, and there was a torrent of 2 whole responses (1 for, 1 against), until the revival of the thread two days ago. Now i don't like sending or seeing '+1' messages. But we do apparently need those. In my defense, I did ask for a second last call. But seeing as the first last call just barely survived, i did not mind too much when this request wasn't granted. We do have a real workflow problem. Jelte ps. > ( Note that the document had expired from July 5th 2006 until December 10 > 2007 ) > The initial draft dates from february 2006. So much for algorithm agility. Sigh. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk/gGIACgkQ4nZCKsdOncXzrQCeOENCB1vBKZWmybdaxcX0UqtE yzkAn1e+q9+UP1fZl6ghmEVhdxnY8N+a =Pvyk -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 02:00:42 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 212FA28C1A0; Wed, 10 Dec 2008 02:00:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.299 X-Spam-Level: X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q66eiVwC8kV0; Wed, 10 Dec 2008 02:00:41 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id AAB6B3A68AB; Wed, 10 Dec 2008 02:00:40 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LALm4-000JnV-Oc for namedroppers-data0@psg.com; Wed, 10 Dec 2008 09:54:32 +0000 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LALlz-000Jn6-Gl for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 09:54:30 +0000 DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=Yec9cYaRlF/2lsNaBaKRgSPxpWHN7qJAe4g2ObQH/dqe8xI57Q91Gdl0 v3zIXCNSgOlroUzRzndxK7p2WdT1nzxtL4TgPdxqvrm0kjFFzL5dcE7dc YTfZm5wjwjMDdp2; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=roy@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1228902867; x=1260438867; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Roy=20Arends"=20|Subject: =20Re:=20[dnsext]=20Working=20group=20workflow=20(nsec3 =20in=20draft-sha256)|Date:=20Wed,=2010=20Dec=202008=2010 :54:23=20+0100|Message-ID:=20|To:=20Jelt e=20Jansen=20|Cc:=20Andrew=20Sullivan =20,=0D=0A=09namedroppers@ops.ietf.org |MIME-Version:=201.0|In-Reply-To:=20<493F8065.8070806@NLn etLabs.nl>|References:=20<20081209180947.GD8932@shinkuro. com>=20=20<493F8065.8070806@NLnetLabs.nl >; bh=V+NTo1kY5mN2eXQIXqAETuM/WW20B5pPdUskT7zeBP0=; b=J7JlYiHVRSLpLm6bYge2kfbX+rECEUZzUNkEb8kyXBNsMC++W1YW/zH4 gmZRMh0mUEcH/r1LOwWXTojDNbOAiLtNUXZgNlDOShat/o99HH/uxEfJe oqs3r/S4SWygmFN; X-IronPort-AV: E=Sophos;i="4.33,746,1220223600"; d="scan'208";a="9685771" Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 10 Dec 2008 09:54:25 +0000 In-Reply-To: <493F8065.8070806@NLnetLabs.nl> References: <20081209180947.GD8932@shinkuro.com> <493F8065.8070806@NLnetLabs.nl> To: Jelte Jansen Cc: Andrew Sullivan , namedroppers@ops.ietf.org Subject: Re: [dnsext] Working group workflow (nsec3 in draft-sha256) MIME-Version: 1.0 X-Mailer: Lotus Notes Build VMac_Beta85_20080115_MM2 January 15, 2008 Message-ID: From: "Roy Arends" Date: Wed, 10 Dec 2008 10:54:23 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 10/12/2008 09:54:25 AM, Serialize complete at 10/12/2008 09:54:25 AM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Jelte Jansen wrote on 12/10/2008 09:40:05 AM: > Roy Arends wrote: > > Andrew Sullivan wrote on 12/09/2008 07:09:48 PM: > > > >> But now, well after the WG is supposed to be done with the document, > >> we have a new round of objections that re-open a previously closed > >> discussion. > > > > Not so fast: > > > > I asked for implied support of NSEC3 in october 2007, and the document > > subsequently reflected this: > > > > http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00599.html > > > > "What I do like to mandate is support for the new keytypes implies support > > for NSEC3, provided that NSEC3 is proposed standard by that time. That > > would avoid allocating an alias for every keytype." > > > > There has been no objection since then, and the document reflected this, > > until recently. I _have_ reviewed the document in october 2007. I call > > that early, not late. > > > > There was not much support either; How do you know? It was a significant section in a small document, there for about a year. During last call no one objected, and there was one person noting the section (unsolicited) and declaring support for it (yes, during last call). It wasn't until after the last call that Olafur asked in the middle of some mail thread if this section was okay, resulting in one objection. The problem with this process is, if you ask in a certain way, often and loud, and wait long enough, you can always get someone willing to object. It took one objection to have this section removed. And when folks are surprised about this, and voice their protest, you get a misplaced rant about working group workflow. > During the last call, there were some objections to it. I haven't seen any objections during last call. > So I asked the list to speak up about this issue, and there was a torrent of 2 > whole responses (1 for, 1 against), until the revival of the thread > two days ago. > > Now i don't like sending or seeing '+1' messages. But we do > apparently need those. +1 Regards, Roy Arends Sr. Researcher Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 03:45:53 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E8CBA3A68C1; Wed, 10 Dec 2008 03:45:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.048 X-Spam-Level: X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gF+WsR2t+bUo; Wed, 10 Dec 2008 03:45:51 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4761F3A67EC; Wed, 10 Dec 2008 03:45:51 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LANPI-0000Ql-E3 for namedroppers-data0@psg.com; Wed, 10 Dec 2008 11:39:08 +0000 Received: from [129.6.16.227] (helo=smtp.nist.gov) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LANPC-0000QK-K9 for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 11:39:06 +0000 Received: from postmark.nist.gov (emailha1.nist.gov [129.6.16.196]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id mBABcvI7017077 for ; Wed, 10 Dec 2008 06:38:57 -0500 Received: from [129.6.222.252] (h222252.nist.gov [129.6.222.252]) by postmark.nist.gov (8.13.1/8.13.1) with ESMTP id mBABcqBo004331 for ; Wed, 10 Dec 2008 06:38:52 -0500 User-Agent: Microsoft-Entourage/12.14.0.081024 Date: Wed, 10 Dec 2008 06:38:52 -0500 Subject: Re: [dnsext] Working group workflow (nsec3 in draft-sha256) From: Scott Rose To: Message-ID: Thread-Topic: [dnsext] Working group workflow (nsec3 in draft-sha256) Thread-Index: Aclau9/8ORaApk9bZ0ycW5R6UeKJsw== In-Reply-To: <493F8065.8070806@NLnetLabs.nl> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-NIST-MailScanner-Information: X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: scottr@nist.gov Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On 12/10/08 3:40 AM, "Jelte Jansen" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Roy Arends wrote: >> Andrew Sullivan wrote on 12/09/2008 07:09:48 PM: >> >>> But now, well after the WG is supposed to be done with the document, >>> we have a new round of objections that re-open a previously closed >>> discussion. >> >> Not so fast: >> >> I asked for implied support of NSEC3 in october 2007, and the document >> subsequently reflected this: >> >> http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00599.html >> >> "What I do like to mandate is support for the new keytypes implies support >> for NSEC3, provided that NSEC3 is proposed standard by that time. That >> would avoid allocating an alias for every keytype." >> >> There has been no objection since then, and the document reflected this, >> until recently. I _have_ reviewed the document in october 2007. I call >> that early, not late. >> > > There was not much support either; Matt is the third (!) person I count > (please > correct me if i'm wrong). This is probably my fault; I could have asked for > more > explicit support on-list back when I made the original change to implied > support. > I don't know if I was one of the implied or not (Sept/Oct was busy and I did not give the WG enough of my attention). I was one of the earliest supporters and still support this draft. SHA-2 support is the important thing and I didn't not have a strong feeling about implied NSEC3 support. I agree with Matt Larson: Non-NSEC3 aware resolvers will be in the minority soon as large infrastructure zones sign using NSEC3. I see no real need to give every algorithm 2 codes for NSEC/NSEC3 signaling. > So I asked the list to speak up about this issue, and there was a torrent of 2 > whole responses (1 for, 1 against), until the revival of the thread two days > ago. > > Now i don't like sending or seeing '+1' messages. But we do apparently need > those. > I agree, but for the record: I support the SHA-2 draft either way, but would prefer it if support for SHA-2 also signaled support for NSEC3. Scott =================================== Scott Rose NIST scottr@nist.gov ph: +1 301-975-8439 http://www-x.antd.nist.gov/dnssec http://www.dnsops.gov/ =================================== -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 04:28:18 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 071E33A68C3; Wed, 10 Dec 2008 04:28:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTAqneGOOgRm; Wed, 10 Dec 2008 04:28:17 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id F2A3C3A67E1; Wed, 10 Dec 2008 04:28:16 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAO56-0003Mb-6f for namedroppers-data0@psg.com; Wed, 10 Dec 2008 12:22:20 +0000 Received: from [2001:12ff:0:2::4] (helo=clone.registro.br) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAO50-0003LX-Ub for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 12:22:17 +0000 Received: by clone.registro.br (Postfix, from userid 1000) id 35A8395892; Wed, 10 Dec 2008 10:22:14 -0200 (BRST) Date: Wed, 10 Dec 2008 10:22:14 -0200 From: Frederico A C Neves To: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081210122214.GE21808@registro.br> Mail-Followup-To: Frederico A C Neves , namedroppers@ops.ietf.org References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081210030636.GA565@sirocco.local> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Tue, Dec 09, 2008 at 10:06:37PM -0500, Matt Larson wrote: ... > I regret that I did not notice paragraph 7 of Andrew's October 22 WGLC > message until this thread came back to life. However, now that the > inaccuracies in that paragraph have been brought to light, and I have > gone back through the mailing list to examine the record, I strongly > oppose its conclusion. The language regarding NSEC3 support from the > -05 version should be restored and we should not continue the > unnecessary practice of algorithm aliases. +1 Fred -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 05:56:42 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A2583A6BA0; Wed, 10 Dec 2008 05:56:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.48 X-Spam-Level: X-Spam-Status: No, score=-0.48 tagged_above=-999 required=5 tests=[AWL=-0.880, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aLHj6ho2TnO; Wed, 10 Dec 2008 05:56:41 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2E6B83A6BAC; Wed, 10 Dec 2008 05:56:40 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAPRB-000BYS-Au for namedroppers-data0@psg.com; Wed, 10 Dec 2008 13:49:13 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAPR4-000BXn-4n for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 13:49:11 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id D41EA2FE9647 for ; Wed, 10 Dec 2008 13:49:00 +0000 (UTC) Date: Wed, 10 Dec 2008 08:48:59 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: [dnsext] Working group workflow Message-ID: <20081210134859.GA16811@shinkuro.com> References: <20081209180947.GD8932@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear colleagues, On Tue, Dec 09, 2008 at 11:48:27PM +0100, Roy Arends wrote: > There has been no objection since then, and the document reflected this, > until recently. I _have_ reviewed the document in october 2007. I call > that early, not late. I should have known better than to try to link this thread to a current example, and for that I apologise. I similarly apologise to anyone who might think I was trying to single them out for criticism about their role in any current arguments. And I don't want to discuss the particulars of who did what when in this thread: we have another thread for that. What I was attempting to point out is still my main concern here, which is that we have a serious workflow problem in the working group. The SHA-2 document is not the only recent example I can think of where Olafur or I (or both) has asked (not to say "pleaded with") the participants of the working group for responses on specific issues. Those messages frequently seem not to garner responses. To me, that is a serious issue. We have recently committed to taking on Ray Bellis's draft, and we appear to have plans to open the forgery resilence work again. It's one thing just to say we're not going to do the work. It's quite another to agree to do the work, and then not follow through. Unfortunately, as I am painfully aware, "following through" includes monitoring documents in which you have an interest right until the end. This is especially true in a WG like this one, where we have large numbers of people who show up in WG meetings at the IETF, but a tiny handful of people willing to address issues on list, review documents, &c. We're supposed to be a working group, not a spectator sport. If the work isn't getting done, I say again that it isn't clear to me that it is worth it for us to do. Again, I apologise for distracting us with the details of a particular example. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 07:16:43 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D84DF3A6BC2; Wed, 10 Dec 2008 07:16:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.203 X-Spam-Level: X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[AWL=-0.953, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQp1RZXlP-WU; Wed, 10 Dec 2008 07:16:42 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 949B33A6BBE; Wed, 10 Dec 2008 07:16:42 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAQft-000IKY-RT for namedroppers-data0@psg.com; Wed, 10 Dec 2008 15:08:29 +0000 Received: from [81.91.160.182] (helo=office.denic.de) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAQfn-000IK4-EA for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 15:08:27 +0000 Received: from unknown.office.denic.de ([10.122.65.4]) by office.denic.de with esmtp id 1LAQfj-0005l9-7U; Wed, 10 Dec 2008 16:08:19 +0100 Received: by unknown.office.denic.de (Postfix, from userid 501) id CA62910ADB9; Wed, 10 Dec 2008 16:08:18 +0100 (CET) Date: Wed, 10 Dec 2008 16:08:17 +0100 From: Peter Koch To: IETF DNSEXT WG Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081210150817.GC30676@unknown.office.denic.de> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081210030636.GA565@sirocco.local> User-Agent: Mutt/1.4.2.1i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Tue, Dec 09, 2008 at 10:06:37PM -0500, Matt Larson wrote: > > I determined during working group last call, however, that others > > _did_ see a need to support that combination. > > I do not believe the record supports that conclusion. I have my doubts here as well, but I feel a bit guilty at the same time. In my post-WGLC review <20080915132426.GE12022@x27.adm.denic.de>, archived at (missed the 4 weeks LC by another 4 days, but that's for the 'workflow' thread) I wrote: >> 5.2. Support for NSEC3 denial of existence >> >> Implementations that have support for RSA/SHA-2 MUST also have >> support for NSEC3 denial of existence, as specified in RFC 5155 >> [RFC5155]. > > I agree with the spirit, but since there is no immediately obvious > connection between NSEC3 and these two new algorithms, implementors > might deserve some explanation, otherwise this could come as a late > surprise. If we're saving precious DNS security algorithm numbers, > we can say that ;-) This message was later quoted by Olafur in when he asked about the NSEC/NSEC3 unpredictability. First, I'd like to restate that I agree with the spirit of declaring NSEC3 support "mandatory", or state of the art or "NSEC3 [is] an integral part of DNSSEC". As Matt correctly assumed, if/when DE is going to be signed, NSEC3 is a MUST. However, as ... > Roy already explained that a validator can support SHA-2 and not > NSEC3; their is no barrier. ... we saw just here, the language in -05 was probably too strong and an explanation for implementers is really needed, at least the term "support" must be clarified. So, implementations of RSA/SHA-2 MUST be able to recognize and validate NSEC3 records, but they will treat those zones/responses as unsigned unless they fully implement NSEC3. Recognition and validation are necessary to avoid downgrade attacks where the attacker substitutes NSEC RRs by random (NSEC3) garbage. > in the worldwide TLD market. A DNSSEC validator without NSEC3 support > will shortly be either a useless antique or a laboratory curiosity. Agreed, at least for general purpose validators. But saying this en passant in the RSA/SHA-2 spec isn't an optimum service to implementors. And assuming that the linear ordering of RFC numbers gives them a hint, isn't either. > I regret that I did not notice paragraph 7 of Andrew's October 22 WGLC > message until this thread came back to life. However, now that the Same here. > gone back through the mailing list to examine the record, I strongly > oppose its conclusion. The language regarding NSEC3 support from the > -05 version should be restored and we should not continue the > unnecessary practice of algorithm aliases. I agree that we should refrain from the continued algorithm aliasing, but would like to propose a slightly different solution. The draft should go back to two instead of four algorith numbers. The text regarding NSEC3 should be clarified around 'support' and 'recognition'. RFC 5155 pretty well documents the need for aliases, but it didn't make the step forward explaining why this won't set precedent for future extensions. Therefore, we should document, maybe in DNSSECbis-Updates, the decision and the reasoning, so it's available for similar situations in the future. Note that we might also want to strongly recommend NSEC3 as part of DNSSECbis there, but these are separate issues. -Peter -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 07:19:31 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98A223A6BC4; Wed, 10 Dec 2008 07:19:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.425 X-Spam-Level: X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[AWL=-0.825, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jmHRM5gua176; Wed, 10 Dec 2008 07:19:30 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A6CB53A6BC2; Wed, 10 Dec 2008 07:19:30 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAQnM-000Inn-JF for namedroppers-data0@psg.com; Wed, 10 Dec 2008 15:16:12 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAQnH-000InK-TX for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 15:16:10 +0000 Received: from crankycanuck.ca (CPE001b63afe888-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id E139C2FE9647 for ; Wed, 10 Dec 2008 15:16:06 +0000 (UTC) Date: Wed, 10 Dec 2008 10:16:05 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081210151604.GE16811@shinkuro.com> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081210030636.GA565@sirocco.local> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear colleagues, I recognise that there are several people who are unhappy with the current text of draft-ietf-dnsext-dnssec-rsasha256-09. We have a few options: 1. Withdraw the request for publication (and, presumably, either come to some new agreement or abandon the effort). 2. Hash this out during IETF last call. 3. Accept the document as it stands, with the compromise it contains; if we do this, we can also take the further action of preparing things so that next time, we don't have to alias the identifiers. I think the second option imposes on the whole IETF a burden it shouldn't have to face: we should have settled this in the WG. (Plainly, I thought we had, or I wouldn't have sent the document along.) Therefore, from my point of view, the options are (1) or (3). If it appears to me that my earlier determination of consensus was in error and no compromise is forthcoming, I'll default to option (1). If you examine the discussion about this issue prior to the change, you'll observe that the reasoning for it was simple: the single identifier required that implementers not support one new feature (SHA-2), but that they also accept a different feature (NSEC3). I think it is entirely fair to observe that validators that don't support NSEC3 are going to be more or less useless in future. From a process point of view, however, a naive implementer doesn't have a way to learn that: RFC 5155 does not say that it updates any of the DNSSECbis RFCs. Perhaps it should, but it doesn't today. Therefore, it seems to me that the objection against linking the implementation of new algorithms with the implementation (or at least recognition) of a new RRTYPE has considerable force in terms of the protocol documents, even though the practical effect is blunted. The responses to this so far have suggested that NSEC-only implementers don't need to implement NSEC3; this is true, but they have to _recognize_ it. That is is still a technical burden, and one that we have nowhere else announced is necessary. I think it would be a good idea to tell people that future algorithm assignments will not alias the identifiers. A good place to do that would be in the dnssec-bis-updates document. We have an urgent need to complete that document anyway, because that's where the discussion about different trust anchors is supposed to go. If we insist on unifying the identifiers for these algorithms in draft-ietf-dnsext-dnssec-rsasha256, rather than using aliases, then in my opinion we need text for the document that explains the decision in considerably greater depth, since even (some) readers knowledgable in this area found the link perplexing when they reviewed the document. I therefore ask those currently objecting to the algorithm aliasing whether they can live with the current arrangement, with the proviso that we will do something about this in dnssec-bis-updates. (This is option 3.) I also ask those who object to the current text, and who cannot support option 3, to state explicitly that they'd rather delay deployment of SHA-2 than live with this compromise. At the same time, I ask those who objected to the -05 text during WGLC if they could live with putting the old -05 text back in, as long as there was additional text explaining why the change. (This is option 1.) It would be very nice if you had proposed text to add, as well. Note that the upshot of this will be a new draft with a substantive change. I therefore believe it will require another WGLC. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 07:49:14 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 79DE13A6BC6; Wed, 10 Dec 2008 07:49:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.018 X-Spam-Level: X-Spam-Status: No, score=-0.018 tagged_above=-999 required=5 tests=[AWL=-0.968, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_NL=0.55, HELO_MISMATCH_NL=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C69YaJ2ihiO9; Wed, 10 Dec 2008 07:49:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6BFFE3A6952; Wed, 10 Dec 2008 07:49:13 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LARED-000LQV-Nb for namedroppers-data0@psg.com; Wed, 10 Dec 2008 15:43:57 +0000 Received: from [213.154.224.43] (helo=sol.nlnetlabs.nl) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LARE7-000LPP-Dm for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 15:43:53 +0000 Received: from jelte (vhe-520087.sshn.net [195.169.221.157]) by sol.nlnetlabs.nl (Postfix) with ESMTP id 72652130D40; Wed, 10 Dec 2008 16:43:50 +0100 (CET) Received: from [192.168.8.11] (dragon [192.168.8.11]) by jelte (Postfix) with ESMTP id A8A53CFB14; Wed, 10 Dec 2008 16:45:11 +0100 (CET) Message-ID: <493FE3B6.5020807@NLnetLabs.nl> Date: Wed, 10 Dec 2008 16:43:50 +0100 From: Jelte Jansen User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: Peter Koch CC: IETF DNSEXT WG Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210150817.GC30676@unknown.office.denic.de> In-Reply-To: <20081210150817.GC30676@unknown.office.denic.de> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Koch wrote: > >> gone back through the mailing list to examine the record, I strongly >> oppose its conclusion. The language regarding NSEC3 support from the >> -05 version should be restored and we should not continue the >> unnecessary practice of algorithm aliases. > > I agree that we should refrain from the continued algorithm aliasing, but > would like to propose a slightly different solution. The draft should go back to > two instead of four algorith numbers. The text regarding NSEC3 should > be clarified around 'support' and 'recognition'. RFC 5155 pretty well > documents the need for aliases, but it didn't make the step forward > explaining why this won't set precedent for future extensions. > Therefore, we should document, maybe in DNSSECbis-Updates, the decision and > the reasoning, so it's available for similar situations in the future. > Note that we might also want to strongly recommend NSEC3 as part of DNSSECbis > there, but these are separate issues. > heh :) in waiting for the chairs, i preemptively wrote this earlier today: 5.2. Support for NSEC3 Denial of Existence Note that these algorithms have no aliases to signal NSEC3 denial of existence. The aliases mechanism used in RFC5155 was to protect implementations predating that RFC from encountering records they could not know about. Implementations that support RSA/SHA-2 algorithms SHOULD also implement NSEC3 denial of existence [RFC5155]. If an implementation chooses not to support NSEC3, it MUST at the very least recognize NSEC3 Resource Records and treat any zone that uses those as unsigned, after verifying the signatures on those records. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk/47UACgkQ4nZCKsdOncUi1gCgyjNixFJLP9DAlbB5rvK6jA5V MXkAoM1S8XPMBIGAWgKFznUMRZZYwMxs =CV8x -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 09:12:20 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B7933A63EC; Wed, 10 Dec 2008 09:12:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.495 X-Spam-Level: X-Spam-Status: No, score=-4.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dZxuctBgyRE; Wed, 10 Dec 2008 09:12:19 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DCE493A677E; Wed, 10 Dec 2008 09:12:18 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LASWj-0003AT-0Z for namedroppers-data0@psg.com; Wed, 10 Dec 2008 17:07:09 +0000 Received: from [65.201.175.9] (helo=cliffie.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LASWd-00039g-QO for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 17:07:06 +0000 Received: from monsoon.verisignlabs.com (scooter.bo.labs.vrsn.com [172.25.170.10]) by cliffie.verisignlabs.com (Postfix) with ESMTP id BAEB7136759; Wed, 10 Dec 2008 12:07:00 -0500 (EST) Received: from dul1mcmlarson-l1.labs.vrsn.com (dul1mcmlarson-l1.labs.vrsn.com [10.131.244.205]) by monsoon.verisignlabs.com (Postfix) with ESMTP id B321E241EB7; Wed, 10 Dec 2008 12:07:00 -0500 (EST) Date: Wed, 10 Dec 2008 12:06:55 -0500 From: Matt Larson To: Andrew Sullivan Cc: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081210170655.GH608@dul1mcmlarson-l1.labs.vrsn.com> References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210151604.GE16811@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081210151604.GE16811@shinkuro.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Wed, 10 Dec 2008, Andrew Sullivan wrote: > I therefore ask those currently objecting to the algorithm aliasing > whether they can live with the current arrangement, with the proviso > that we will do something about this in dnssec-bis-updates. (This is > option 3.) No. > I also ask those who object to the current text, and who > cannot support option 3, to state explicitly that they'd rather delay > deployment of SHA-2 than live with this compromise. http://en.wikipedia.org/wiki/False_dilemma Your use of the phrase "delay deployment of SHA-2" is unnecesarily dramatic. What sort of delay are you talking about? We already have proposed text from Jelte. Or put the -05 text back if there is insufficient objection to that option. Let's take until the end of the week to bring this to a conclusion--from reponses to far it looks to me like we are close to rough consensus--and then issue another WGLC. That's another two weeks, right? I'll gladly wait another month to avoid the clutter of more algorithm aliases. Matt -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 11:18:02 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 689C83A69C9; Wed, 10 Dec 2008 11:18:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.635 X-Spam-Level: X-Spam-Status: No, score=-2.635 tagged_above=-999 required=5 tests=[AWL=-0.036, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K10k7h2Kh5lk; Wed, 10 Dec 2008 11:18:01 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 83D8E3A6862; Wed, 10 Dec 2008 11:18:01 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAUTX-000Dck-6a for namedroppers-data0@psg.com; Wed, 10 Dec 2008 19:11:59 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAUTP-000Dbq-2u for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 19:11:56 +0000 Received: from [192.168.178.24] (a82-95-132-144.adsl.xs4all.nl [82.95.132.144]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mBAJBjLs039658 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 10 Dec 2008 20:11:46 +0100 (CET) (envelope-from olaf@NLnetLabs.nl) Cc: namedroppers@ops.ietf.org Message-Id: <67E2460E-30AB-493F-B749-875680439704@NLnetLabs.nl> From: Olaf Kolkman To: Andrew Sullivan In-Reply-To: <20081210151604.GE16811@shinkuro.com> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-5--626486192" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Date: Wed, 10 Dec 2008 20:11:40 +0100 References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210151604.GE16811@shinkuro.com> X-Pgp-Agent: GPGMail d54 (v54, Leopard) X-Mailer: Apple Mail (2.929.2) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [213.154.224.1]); Wed, 10 Dec 2008 20:11:46 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-5--626486192 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Dec 10, 2008, at 4:16 PM, Andrew Sullivan wrote: > I think the second option imposes on the whole IETF a burden it > shouldn't have to face: we should have settled this in the WG. Personally I do not see that as a problem. The IETF has seen heavier burdens caused by cookies. Once the WG has agreed then its up for the AD to judge if this needs another IETF LC. If so, that is process that the IETF has been designed to handle. My personal preference: Handle this in the WG, make sure we have hammered out all the issues and adapt a text. Then ask the AD for guidance on the next step. FWIW, I think that we are dealing with a fairly academic issue given that major TLDs move towards NSEC3 and any serious resolver will need to support NSEC3 for DNSSEC and therefore I support Jelte's text. --Olaf --Apple-Mail-5--626486192 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAklAFGwACgkQtN/ca3YJIoerbgCfVn4hlyN3eWsgleMpUKEe06fT KTMAoK576buYbHy+rQAIH1YRXqqPyl+8 =NBoR -----END PGP SIGNATURE----- --Apple-Mail-5--626486192-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 11:46:55 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB86C3A6862; Wed, 10 Dec 2008 11:46:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.284 X-Spam-Level: X-Spam-Status: No, score=-1.284 tagged_above=-999 required=5 tests=[AWL=-0.789, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSqW+CSx+sHb; Wed, 10 Dec 2008 11:46:55 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CAB713A63EC; Wed, 10 Dec 2008 11:46:54 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAUuZ-000Ghr-Nz for namedroppers-data0@psg.com; Wed, 10 Dec 2008 19:39:55 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAUuU-000Gh3-HV for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 19:39:53 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBAJdqPM004919 for ; Wed, 10 Dec 2008 14:39:52 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mBAJdqWx004918 for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 14:39:52 -0500 (EST) (envelope-from namedroppers) Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LARnI-000PZk-5i for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 16:20:14 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mBAGKAsX024465 for ; Wed, 10 Dec 2008 11:20:10 -0500 (EST) (envelope-from weiler@watson.org) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mBAGKAcE024462 for ; Wed, 10 Dec 2008 11:20:10 -0500 (EST) (envelope-from weiler@watson.org) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Wed, 10 Dec 2008 11:20:10 -0500 (EST) From: Samuel Weiler To: IETF DNSEXT WG Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-Reply-To: <200812090324.mB93OARV045445@drugs.dv.isc.org> Message-ID: References: <200812090324.mB93OARV045445@drugs.dv.isc.org> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Wed, 10 Dec 2008 11:20:10 -0500 (EST) X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] >> No. This creates an unneccessary link between two unrelated DNSSEC >> parameters. The danger is that if someone finds an attack that takes >> advantage of NSEC3, zones may have to choose between being vulnerable >> to that attack while using good hash algorithms and protecting >> themselves from the NSEC3 attack while using poor hash algorithms. >> Not a fun choice. > > There is no such risk. > > Zones operators have a choice of whether to generate NSEC > or NSEC3 chains. I can generate NSEC chains with algorithm > 5 or 7. Both are equally secure. The fact that one could > generate a NSEC3 chain is irrelevent as one would also have > to get the signatures on the NSEC3 chain accepted for there > to be a threat and if you can get that to happen it doesn't > matter if we are using NSEC or NSEC3 because the whole kit > and kaboodle is gone. Mark successfully corrected me. (Thank you, Mark.) Given that, I have no objection to removing the aliases (with appropriate explanation, Andrew's option 1). However, for the purposes of expediency, I suggest we take Andrew's option 3 and leave this document as it is. It only uses two extra identifiers at the moment, which seems an acceptable loss. -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 13:50:10 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 17F833A687C; Wed, 10 Dec 2008 13:50:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.048 X-Spam-Level: X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4m17aIKX4c7; Wed, 10 Dec 2008 13:50:05 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7F2183A682B; Wed, 10 Dec 2008 13:50:05 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAWrT-000Py8-5E for namedroppers-data0@psg.com; Wed, 10 Dec 2008 21:44:51 +0000 Received: from [129.6.16.227] (helo=smtp.nist.gov) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAWrM-000Pxg-I2 for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 21:44:48 +0000 Received: from postmark.nist.gov (emailha1.nist.gov [129.6.16.196]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id mBALidxs024200; Wed, 10 Dec 2008 16:44:39 -0500 Received: from [129.6.222.72] (h222072.nist.gov [129.6.222.72]) by postmark.nist.gov (8.13.1/8.13.1) with ESMTP id mBALiQ3P029509; Wed, 10 Dec 2008 16:44:26 -0500 User-Agent: Microsoft-Entourage/12.14.0.081024 Date: Wed, 10 Dec 2008 16:44:25 -0500 Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) From: Scott Rose To: Andrew Sullivan CC: Message-ID: Thread-Topic: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Thread-Index: AclbEHgkZZPZTxS1Skusv1ZJGaOdtw== In-Reply-To: <67E2460E-30AB-493F-B749-875680439704@NLnetLabs.nl> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-NIST-MailScanner-Information: X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: scottr@nist.gov Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On 12/10/08 2:11 PM, "Olaf Kolkman" wrote: > My personal preference: Handle this in the WG, make sure we have > hammered out all the issues and adapt a text. Then ask the AD for > guidance on the next step. > > > FWIW, I think that we are dealing with a fairly academic issue given > that major TLDs move towards NSEC3 and any serious resolver will need > to support NSEC3 for DNSSEC and therefore I support Jelte's text. > I have read and support Jelte's text as well. Failing that, I would recommend going with Andrew's option 3. Scott > --Olaf =================================== Scott Rose NIST scottr@nist.gov ph: +1 301-975-8439 http://www-x.antd.nist.gov/dnssec http://www.dnsops.gov/ =================================== -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 13:56:15 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EABE93A68B8; Wed, 10 Dec 2008 13:56:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.446 X-Spam-Level: X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H35p-TbFKM2b; Wed, 10 Dec 2008 13:56:15 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EEE3F3A68AD; Wed, 10 Dec 2008 13:56:14 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAWyz-0000bB-GO for namedroppers-data0@psg.com; Wed, 10 Dec 2008 21:52:37 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAWyu-0000am-6a for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 21:52:34 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 2217C11401F; Wed, 10 Dec 2008 21:52:21 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 6F22CE606A; Wed, 10 Dec 2008 21:52:20 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBALqHVP077399; Thu, 11 Dec 2008 08:52:18 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812102152.mBALqHVP077399@drugs.dv.isc.org> To: Samuel Weiler Cc: IETF DNSEXT WG From: Mark Andrews Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-reply-to: Your message of "Wed, 10 Dec 2008 11:20:10 CDT." Date: Thu, 11 Dec 2008 08:52:16 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message , Samuel Weile r writes: > [ Moderators note: Post was moderated, either because it was posted by > a non-subscriber, or because it was over 20K. > With the massive amount of spam, it is easy to miss and therefore > delete relevant posts by non-subscribers. > Please fix your subscription addresses. ] > > >> No. This creates an unneccessary link between two unrelated DNSSEC > >> parameters. The danger is that if someone finds an attack that takes > >> advantage of NSEC3, zones may have to choose between being vulnerable > >> to that attack while using good hash algorithms and protecting > >> themselves from the NSEC3 attack while using poor hash algorithms. > >> Not a fun choice. > > > > There is no such risk. > > > > Zones operators have a choice of whether to generate NSEC > > or NSEC3 chains. I can generate NSEC chains with algorithm > > 5 or 7. Both are equally secure. The fact that one could > > generate a NSEC3 chain is irrelevent as one would also have > > to get the signatures on the NSEC3 chain accepted for there > > to be a threat and if you can get that to happen it doesn't > > matter if we are using NSEC or NSEC3 because the whole kit > > and kaboodle is gone. > > Mark successfully corrected me. (Thank you, Mark.) > > Given that, I have no objection to removing the aliases (with > appropriate explanation, Andrew's option 1). However, for the > purposes of expediency, I suggest we take Andrew's option 3 and leave > this document as it is. It only uses two extra identifiers at the > moment, which seems an acceptable loss. Which unfortunately sets a precident. People won't go back and look at this discussion. We need to send the right message, in rfc's, for people adding new algorithms. > -- Sam > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 15:45:22 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D5DF28C1C0; Wed, 10 Dec 2008 15:45:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.303 X-Spam-Level: X-Spam-Status: No, score=-1.303 tagged_above=-999 required=5 tests=[AWL=-1.004, BAYES_00=-2.599, MANGLED_BACK=2.3] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDbOMwA1ECPR; Wed, 10 Dec 2008 15:45:21 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 20C3E28C1AA; Wed, 10 Dec 2008 15:45:21 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAYf0-0007sq-Et for namedroppers-data0@psg.com; Wed, 10 Dec 2008 23:40:06 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAYeu-0007rs-1X for namedroppers@ops.ietf.org; Wed, 10 Dec 2008 23:40:03 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 5971311401E; Wed, 10 Dec 2008 23:39:47 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 54101E606A; Wed, 10 Dec 2008 23:39:46 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBANdOf2071618; Thu, 11 Dec 2008 10:39:36 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812102339.mBANdOf2071618@drugs.dv.isc.org> To: Jelte Jansen Cc: Peter Koch , IETF DNSEXT WG From: Mark Andrews Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-reply-to: Your message of "Wed, 10 Dec 2008 16:43:50 BST." <493FE3B6.5020807@NLnetLabs.nl> Date: Thu, 11 Dec 2008 10:39:24 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message <493FE3B6.5020807@NLnetLabs.nl>, Jelte Jansen writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Koch wrote: > > > >> gone back through the mailing list to examine the record, I strongly > >> oppose its conclusion. The language regarding NSEC3 support from the > >> -05 version should be restored and we should not continue the > >> unnecessary practice of algorithm aliases. > > > > I agree that we should refrain from the continued algorithm aliasing, but > > would like to propose a slightly different solution. The draft should go b > ack to > > two instead of four algorith numbers. The text regarding NSEC3 should > > be clarified around 'support' and 'recognition'. RFC 5155 pretty well > > documents the need for aliases, but it didn't make the step forward > > explaining why this won't set precedent for future extensions. > > Therefore, we should document, maybe in DNSSECbis-Updates, the decision and > > the reasoning, so it's available for similar situations in the future. > > Note that we might also want to strongly recommend NSEC3 as part of DNSSECb > is > > there, but these are separate issues. > > > > heh :) > > in waiting for the chairs, i preemptively wrote this earlier today: > > > 5.2. Support for NSEC3 Denial of Existence > > Note that these algorithms have no aliases to signal NSEC3 denial of > existence. The aliases mechanism used in RFC5155 was to protect > implementations predating that RFC from encountering records they > could not know about. > > Implementations that support RSA/SHA-2 algorithms SHOULD also > implement NSEC3 denial of existence [RFC5155]. > > If an implementation chooses not to support NSEC3, it MUST at the > very least recognize NSEC3 Resource Records and treat any zone that > uses those as unsigned, after verifying the signatures on those > records. Authoritatives servers is SHOULD. This allow for NSEC only servers. Validators is a MUST. A validator needs to be able to handle either NSEC or NSEC3 record or it need to treat the zone as insecure. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkk/47UACgkQ4nZCKsdOncUi1gCgyjNixFJLP9DAlbB5rvK6jA5V > MXkAoM1S8XPMBIGAWgKFznUMRZZYwMxs > =CV8x > -----END PGP SIGNATURE----- > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 16:20:38 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 73DE23A69F4; Wed, 10 Dec 2008 16:20:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.9 X-Spam-Level: X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[AWL=-0.463, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWyHwvP3iyG8; Wed, 10 Dec 2008 16:20:37 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 950303A6C13; Wed, 10 Dec 2008 16:20:37 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAZDT-000CnA-KA for namedroppers-data0@psg.com; Thu, 11 Dec 2008 00:15:43 +0000 Received: from [168.150.236.43] (helo=wes.hardakers.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAZDP-000Cmf-55 for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 00:15:41 +0000 Received: from localhost (wlap.dyn.hardakers.net [127.0.0.1]) by wes.hardakers.net (Postfix) with ESMTP id B229F39A214; Wed, 10 Dec 2008 16:15:38 -0800 (PST) From: Wes Hardaker To: Jelte Jansen Cc: Peter Koch , IETF DNSEXT WG Subject: [dnsext] Re: implied NSEC3 support in rsasha256 Organization: Sparta References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210150817.GC30676@unknown.office.denic.de> <493FE3B6.5020807@NLnetLabs.nl> Date: Wed, 10 Dec 2008 16:15:38 -0800 In-Reply-To: <493FE3B6.5020807@NLnetLabs.nl> (Jelte Jansen's message of "Wed, 10 Dec 2008 16:43:50 +0100") Message-ID: User-Agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: >>>>> On Wed, 10 Dec 2008 16:43:50 +0100, Jelte Jansen said: JJ> in waiting for the chairs, i preemptively wrote this earlier today: I was one of the LC reviewers that took issue with that section. I think that text looks good and avoids both the cost of allocating a new type as well as mandating NSEC3. Simply recognizing it and discarding the results as unsigned seems like a good compromise so I'm all for the new wording-ish. I think marc's comments about what types of applications (servers vs validating clients) should be taken into consideration though. I don't see the need to do a new LC since this is still resolving the same issues from the last LC. Part of the problem with the previous text that was flagged by a few of us is that it wasn't explained. Had an explanation been in the text we probably would have still flagged it as problematic but with a different complaint. -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 10 19:44:14 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C58AC3A6BD5; Wed, 10 Dec 2008 19:44:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.495 X-Spam-Level: X-Spam-Status: No, score=-4.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1rrUn7Xxvqr; Wed, 10 Dec 2008 19:44:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 451993A6947; Wed, 10 Dec 2008 19:44:12 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAcMA-0000UW-LD for namedroppers-data0@psg.com; Thu, 11 Dec 2008 03:36:54 +0000 Received: from [65.201.175.9] (helo=cliffie.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAcM5-0000UE-1W for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 03:36:51 +0000 Received: from [192.168.1.14] (pool-71-191-135-64.washdc.fios.verizon.net [71.191.135.64]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by cliffie.verisignlabs.com (Postfix) with ESMTP id EB4811366E8; Wed, 10 Dec 2008 22:36:47 -0500 (EST) Cc: namedroppers@ops.ietf.org Message-Id: From: "Blacka, David" To: Andrew Sullivan In-Reply-To: <20081210151604.GE16811@shinkuro.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Date: Wed, 10 Dec 2008 22:36:47 -0500 References: <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210151604.GE16811@shinkuro.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Dec 10, 2008, at 10:16 AM, Andrew Sullivan wrote: > If you examine the discussion about this issue prior to the change, > you'll observe that the reasoning for it was simple: the single > identifier required that implementers not support one new feature > (SHA-2), but that they also accept a different feature (NSEC3). > > I think it is entirely fair to observe that validators that don't > support NSEC3 are going to be more or less useless in future. From a > process point of view, however, a naive implementer doesn't have a way > to learn that: RFC 5155 does not say that it updates any of the > DNSSECbis RFCs. Perhaps it should, but it doesn't today. Since, as far as I can recall, RFC 5155 didn't change anything in the previous RFCs, it didn't warrant a statement saying that it updated any. Which is why it doesn't. > Therefore, it seems to me that the objection against linking the > implementation of new algorithms with the implementation (or at least > recognition) of a new RRTYPE has considerable force in terms of the > protocol documents, even though the practical effect is blunted. The > responses to this so far have suggested that NSEC-only implementers > don't need to implement NSEC3; this is true, but they have to > _recognize_ it. That is is still a technical burden, and one that we > have nowhere else announced is necessary. Um, what? I'm not at all certain how you got the impression that "the objection against linking the implementation ... has considerable force in terms of the protocol documents". > I think it would be a good idea to tell people that future algorithm > assignments will not alias the identifiers. A good place to do that > would be in the dnssec-bis-updates document. We have an urgent need > to complete that document anyway, because that's where the discussion > about different trust anchors is supposed to go. OK, I guess. I'll admit that the intent that all future algorithms would imply understanding of NSEC3 (or, you know, the entire DNSSEC standard) wasn't captured in the NSEC3 RFC. I suppose that is, to some degree, my fault. I may have insisted that the document focus only on what NSEC3 was and how to implement it, rather than including instructions to the working group. However, I remember fairly clearly that our intent when working on NSEC3 was to have future algorithms imply support for both NSEC and NSEC3. And that we would handle this when we allocated the next algorithm. Which is now. > If we insist on unifying the identifiers for these algorithms in > draft-ietf-dnsext-dnssec-rsasha256, rather than using aliases, then in > my opinion we need text for the document that explains the decision in > considerably greater depth, since even (some) readers knowledgable in > this area found the link perplexing when they reviewed the document. Fair enough. Jelte's proposed text looks pretty good to me. > I therefore ask those currently objecting to the algorithm aliasing > whether they can live with the current arrangement, with the proviso > that we will do something about this in dnssec-bis-updates. (This is > option 3.) I also ask those who object to the current text, and who > cannot support option 3, to state explicitly that they'd rather delay > deployment of SHA-2 than live with this compromise. For the record, I strongly favor option #1. "Delay deployment"? This may delay *publication*. It is a bit of a stretch to say that we are delaying deployment. You could deploy now, if you so wished. If you need the imprimatur that getting the document through the glorious IETF process gives to deploy, I would suggest that you are in no rush. -- David Blacka Sr. Engineer Platform Product Development -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 06:08:26 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 529313A69E2; Thu, 11 Dec 2008 06:08:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.916 X-Spam-Level: X-Spam-Status: No, score=-103.916 tagged_above=-999 required=5 tests=[AWL=2.683, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-qIjGNt1iJH; Thu, 11 Dec 2008 06:08:25 -0800 (PST) Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id 8C3443A6A6F; Thu, 11 Dec 2008 06:08:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAm8M-0001d8-F4 for namedroppers-data0@psg.com; Thu, 11 Dec 2008 14:03:18 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAm8E-0001c8-Ha for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 14:03:16 +0000 Received: from crankycanuck.ca (CPE001c10952094-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.213]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 1F9152FE9647; Thu, 11 Dec 2008 14:03:09 +0000 (UTC) Date: Thu, 11 Dec 2008 09:03:06 -0500 From: Andrew Sullivan To: Cindy Morgan via RT Cc: namedroppers@ops.ietf.org Subject: [dnsext] Re: [rt.amsl.com #12130] Resolved: Publication request for draft-ietf-dnsext-dnssec-rsasha256-09.txt Message-ID: <20081211140306.GB26521@shinkuro.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Fri, Dec 05, 2008 at 11:53:30AM -0800, Cindy Morgan via RT wrote: > According to our records, your request has been resolved. If you have any > further questions or concerns, please respond to this message. Owing to further working group discussions, this publication request is withdrawn. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 06:08:26 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE4EE3A6A6F; Thu, 11 Dec 2008 06:08:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.558 X-Spam-Level: X-Spam-Status: No, score=-0.558 tagged_above=-999 required=5 tests=[AWL=-0.958, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wusu4L1LEzbr; Thu, 11 Dec 2008 06:08:26 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E7F113A6A2B; Thu, 11 Dec 2008 06:08:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAm6w-0001VM-Hq for namedroppers-data0@psg.com; Thu, 11 Dec 2008 14:01:50 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAm6s-0001Uq-4T for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 14:01:48 +0000 Received: from crankycanuck.ca (CPE001c10952094-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.213]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 597732FE9647 for ; Thu, 11 Dec 2008 14:01:44 +0000 (UTC) Date: Thu, 11 Dec 2008 09:01:42 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) Message-ID: <20081211140141.GA26521@shinkuro.com> References: <493FE3B6.5020807@NLnetLabs.nl> <200812102339.mBANdOf2071618@drugs.dv.isc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200812102339.mBANdOf2071618@drugs.dv.isc.org> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: Dear colleagues, Given the controversy, I've asked our AD not to proceed with IETF last call. Since some of those who previously asked for the -05 text to change appear to have withdrawn their objections to the single algorithm identifier, it appears we can go with some variation of Jelte's proposed text. Thanks for your quick action, Jelte. On Thu, Dec 11, 2008 at 10:39:24AM +1100, Mark Andrews wrote: > > 5.2. Support for NSEC3 Denial of Existence > > Authoritatives servers is SHOULD. This allow for NSEC only servers. > Validators is a MUST. A validator needs to be able to handle either > NSEC or NSEC3 record or it need to treat the zone as insecure. Mark, it would be helpful if you could provide a complete text for consideration if you want Jelte's proposed text changed. I'm not sure I understand the above correctly, but if I do it isn't plain to me that it entails anything different than what Jelte had. Best regards, A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From mail@3wtek.com Thu Dec 11 10:50:38 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A924428C1D4 for ; Thu, 11 Dec 2008 10:50:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.837 X-Spam-Level: X-Spam-Status: No, score=-14.837 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_DSL=1.129, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_HTML_IMG_ONLY=1.666, SARE_RECV_IP_083028=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-E6-9DQ7QYL for ; Thu, 11 Dec 2008 10:50:38 -0800 (PST) Received: from aigcredit.pl (unknown [94.29.34.228]) by core3.amsl.com (Postfix) with SMTP id 05DDE28C0E2 for ; Thu, 11 Dec 2008 10:50:35 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081211185036.05DDE28C0E2@core3.amsl.com> Date: Thu, 11 Dec 2008 10:50:35 -0800 (PST)
Visit site now!

From owner-namedroppers@ops.ietf.org Thu Dec 11 11:47:45 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAD273A6987; Thu, 11 Dec 2008 11:47:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRwbY7z4mlYb; Thu, 11 Dec 2008 11:47:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CFB6A3A697D; Thu, 11 Dec 2008 11:47:44 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LArOl-000ATU-It for namedroppers-data0@psg.com; Thu, 11 Dec 2008 19:40:35 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LArOg-000ARr-W9 for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 19:40:32 +0000 Received: from [10.31.200.152] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBBJeSYX014871; Thu, 11 Dec 2008 14:40:29 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: Date: Thu, 11 Dec 2008 14:40:17 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: [dnsext] one algorithm number or two Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: The issue of whether to assign just one algorithm number or two algorithm numbers for RSA/SHA-2 is a result of there being no unified DNS definition. I.e., you can't assume a DNS server fully implements RFC 1995, even if it is used to host the global public Internet's root zone. The situation is not unique to this draft. The document describing RSA/SHA-2 could elect to assign one number provided the specification require (MUST) compliance with RFC 5011 in all implementations (compliant with the new hash). But my preference is not to tie RSA/SHA-1 to NSEC3. It's known that I have been skeptical of NSEC3, to the irritation of a few people. There's no need to go into that again, not now and not here. Whether my skepticism is warranted or not, I feel that NSEC3 is still too immature to assume that it is an essential core element of DNS or DNSSEC. I know a lot of TLDs are planning on NSEC3. But as of today, none are publishing their production zones with NSEC3 records. Maybe they soon will, but I'm too old school to bet on the future. I don't like having two separate algorithm numbers. It makes more sense to use the one algorithm number route. But I think having two numbers is a safer bet on the future. Perhaps if NSEC3 has a proven track record, we can get by with assigning just one number. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 12:17:43 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C12473A6823; Thu, 11 Dec 2008 12:17:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.51 X-Spam-Level: X-Spam-Status: No, score=-0.51 tagged_above=-999 required=5 tests=[AWL=-0.910, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6Ym-xuIVqHz; Thu, 11 Dec 2008 12:17:43 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EF50D3A69A0; Thu, 11 Dec 2008 12:17:42 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAruH-000DwJ-1R for namedroppers-data0@psg.com; Thu, 11 Dec 2008 20:13:09 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAruB-000DuZ-81 for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 20:13:06 +0000 Received: from crankycanuck.ca (CPE001c10952094-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.211.213]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 2718C2FE9647 for ; Thu, 11 Dec 2008 20:13:02 +0000 (UTC) Date: Thu, 11 Dec 2008 15:13:00 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Re: [dnsext] one algorithm number or two Message-ID: <20081211201300.GA33394@shinkuro.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Thu, Dec 11, 2008 at 02:40:17PM -0500, Edward Lewis wrote: > But my preference is not to tie RSA/SHA-1 to NSEC3. It's known that I > have been skeptical of NSEC3, to the irritation of a few people. There's > no need to go into that again, not now and not here. Whether my > skepticism is warranted or not, I feel that NSEC3 is still too immature > to assume that it is an essential core element of DNS or DNSSEC. Does the above constitute an objection to the direction we've lately apparently been headed, which was to revert to one identifier? That is, you seem to be arguing against one identifier, and in favour of two. How strongly do you feel about it? A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 12:47:00 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EDAB3A68BF; Thu, 11 Dec 2008 12:47:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocQcN640idfs; Thu, 11 Dec 2008 12:46:59 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3A2393A657C; Thu, 11 Dec 2008 12:46:59 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAsMD-000G2W-KW for namedroppers-data0@psg.com; Thu, 11 Dec 2008 20:42:01 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAsM7-000G1F-RY for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 20:41:59 +0000 Received: from [10.31.200.152] (gatt.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBBKfsq0015338; Thu, 11 Dec 2008 15:41:55 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <20081211201300.GA33394@shinkuro.com> References: <20081211201300.GA33394@shinkuro.com> Date: Thu, 11 Dec 2008 15:41:00 -0500 To: Andrew Sullivan From: Edward Lewis Subject: Re: [dnsext] one algorithm number or two Cc: namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: At 15:13 -0500 12/11/08, Andrew Sullivan wrote: >On Thu, Dec 11, 2008 at 02:40:17PM -0500, Edward Lewis wrote: > >> But my preference is not to tie RSA/SHA-1 to NSEC3. It's known that I >> have been skeptical of NSEC3, to the irritation of a few people. There's >> no need to go into that again, not now and not here. Whether my >> skepticism is warranted or not, I feel that NSEC3 is still too immature >> to assume that it is an essential core element of DNS or DNSSEC. > >Does the above constitute an objection to the direction we've lately >apparently been headed, which was to revert to one identifier? That >is, you seem to be arguing against one identifier, and in favour of >two. How strongly do you feel about it? Against all sensibility, I think the wiser course is to use a second number again. I don't like the precedent (either) - that is, using one algorithm number per crypto algorithm/hash per version of negative answer in play - I mean when NSEC5 is out there, will we be assigning three per algorithm? I think until NSEC3 has an operational resume behind it can we start writing (non-negative answer) specs that assume NSEC3's implementation. The lack of experience (or that multiple proven interoperable full-release-level implementations exist) is why I lean to sticking with two numbers still. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 14:05:04 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8ACAF3A6872; Thu, 11 Dec 2008 14:05:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.411 X-Spam-Level: X-Spam-Status: No, score=-2.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nK81r9MoJvrL; Thu, 11 Dec 2008 14:05:03 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9584F3A66B4; Thu, 11 Dec 2008 14:05:03 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAtYy-000MSU-JG for namedroppers-data0@psg.com; Thu, 11 Dec 2008 21:59:16 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAtYt-000MS4-3z for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 21:59:13 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 1C11411401F; Thu, 11 Dec 2008 21:59:04 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 81D86E60B1; Thu, 11 Dec 2008 21:59:03 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBBLx0Dw090756; Fri, 12 Dec 2008 08:59:01 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> To: Edward Lewis Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] one algorithm number or two In-reply-to: Your message of "Thu, 11 Dec 2008 14:40:17 CDT." Date: Fri, 12 Dec 2008 08:59:00 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message , Edward Lewis writes: > The issue of whether to assign just one algorithm number or two > algorithm numbers for RSA/SHA-2 is a result of there being no unified > DNS definition. I.e., you can't assume a DNS server fully implements > RFC 1995, even if it is used to host the global public Internet's > root zone. The situation is not unique to this draft. > > The document describing RSA/SHA-2 could elect to assign one number > provided the specification require (MUST) compliance with RFC 5011 in > all implementations (compliant with the new hash). > > But my preference is not to tie RSA/SHA-1 to NSEC3. It's known that > I have been skeptical of NSEC3, to the irritation of a few people. > There's no need to go into that again, not now and not here. Whether > my skepticism is warranted or not, I feel that NSEC3 is still too > immature to assume that it is an essential core element of DNS or > DNSSEC. > > I know a lot of TLDs are planning on NSEC3. But as of today, none > are publishing their production zones with NSEC3 records. Maybe they > soon will, but I'm too old school to bet on the future. > > I don't like having two separate algorithm numbers. It makes more > sense to use the one algorithm number route. > > But I think having two numbers is a safer bet on the future. Perhaps > if NSEC3 has a proven track record, we can get by with assigning just > one number. We can always go back and assign a NSEC only alias later if we end up seeing operational problems with the single assignment. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 15:17:32 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 92E1B3A6AAC; Thu, 11 Dec 2008 15:17:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYH9t8v45s70; Thu, 11 Dec 2008 15:17:31 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BCB5A3A699C; Thu, 11 Dec 2008 15:17:31 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAugz-0003Sl-U7 for namedroppers-data0@psg.com; Thu, 11 Dec 2008 23:11:37 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAugv-0003RP-8A for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 23:11:35 +0000 Received: from [10.31.200.152] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBBNBTYr016286; Thu, 11 Dec 2008 18:11:30 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> References: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> Date: Thu, 11 Dec 2008 18:11:19 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: Re: [dnsext] one algorithm number or two Cc: Edward Lewis Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: At 8:59 +1100 12/12/08, Mark Andrews wrote: > We can always go back and assign a NSEC only alias later > if we end up seeing operational problems with the single > assignment. I have a hard time imagining the IETF effectively responding to an operational problem in a timely fashion. The question is, how confident are we that NSEC3 is "perfect" and will not be supplanted by something else, in the same manner that NSEC3 has supplanted NSEC (in many people's eyes)? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 15:44:58 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 634E13A6A98; Thu, 11 Dec 2008 15:44:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.419 X-Spam-Level: X-Spam-Status: No, score=-2.419 tagged_above=-999 required=5 tests=[AWL=0.180, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0jCU-oF2dEt; Thu, 11 Dec 2008 15:44:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 798FA3A6A48; Thu, 11 Dec 2008 15:44:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAv9L-0006NN-3L for namedroppers-data0@psg.com; Thu, 11 Dec 2008 23:40:55 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAv9E-0006Mn-4H for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 23:40:51 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id F350D11401E; Thu, 11 Dec 2008 23:40:40 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 7D1EEE60B3; Thu, 11 Dec 2008 23:40:40 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBBNecJq092256; Fri, 12 Dec 2008 10:40:38 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812112340.mBBNecJq092256@drugs.dv.isc.org> To: Edward Lewis Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] one algorithm number or two In-reply-to: Your message of "Thu, 11 Dec 2008 18:11:19 CDT." Date: Fri, 12 Dec 2008 10:40:38 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message , Edward Lewis writes: > At 8:59 +1100 12/12/08, Mark Andrews wrote: > > > We can always go back and assign a NSEC only alias later > > if we end up seeing operational problems with the single > > assignment. > > I have a hard time imagining the IETF effectively responding to an > operational problem in a timely fashion. > > The question is, how confident are we that NSEC3 is "perfect" and > will not be supplanted by something else, in the same manner that > NSEC3 has supplanted NSEC (in many people's eyes)? Ed, validators essentially have to accept what zone operators sign with. Having a second number for NSEC only does not change that. If there is a problem with NSEC3 then we need to tell people to sign with NSEC. Having a second number does not change that. Having a single number doesn't prevent zone operators from signing using NSEC. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 11 20:01:39 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 54C933A6774; Thu, 11 Dec 2008 20:01:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPU24+UHW0wk; Thu, 11 Dec 2008 20:01:38 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 752023A687D; Thu, 11 Dec 2008 20:01:38 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAz6N-000IRO-4R for namedroppers-data0@psg.com; Fri, 12 Dec 2008 03:54:07 +0000 Received: from [2001:470:1f04:392::2] (helo=balder-227.proper.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAz6G-000IPo-PR for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 03:54:03 +0000 Received: from [10.20.30.158] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mBC3rvea050581 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Dec 2008 20:53:59 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Thu, 11 Dec 2008 19:51:18 -0800 To: namedroppers@ops.ietf.org From: Paul Hoffman Subject: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3 Content-Type: text/plain; charset="us-ascii" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: The list traffic makes it sound like we all believe that NSEC3 is now really part of DNSSEC deployment. If so, draft-ietf-dnsext-dnssec-bis-updates should say so, given that we want that document to reflect reality. Humorously, that draft doesn't even *mention* NSEC3, despite the overlap in authors. Proposals for draft-ietf-dnsext-dnssec-bis-updates: - Add a new section 2.1 that describes NSEC3, says that it is expected to be used in many high-profile zones, and has been widely deployed in resolvers. Say explicitly that DNSSEC is now defined to include NSEC3, although it is expected that some resolvers will only handle NSEC until they are updated. - Update current sections 2.1, 2.3, 2.4, 2.5, and 4.2 to indicate "NSEC and/or NSEC3" as appropriate. - Change the status of the document to say that it updates 4033 as well. - Add a new sub-section at the end of section 3 that says that RSA-SHA256 is now part of DNSSEC - Add normative references to RFC 5155 and RFC-from-draft-ietf-dnsext-dnssec-rsasha256. Do folks agree with this method of letting the world know that NSEC3 is required for DNSSEC? --Paul Hoffman, Director --VPN Consortium -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 02:43:09 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E328A3A6982; Fri, 12 Dec 2008 02:43:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1Ic1rfOzCEs; Fri, 12 Dec 2008 02:43:09 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 065773A67F0; Fri, 12 Dec 2008 02:43:09 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB5QP-00055r-3m for namedroppers-data0@psg.com; Fri, 12 Dec 2008 10:39:13 +0000 Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB5QK-00054i-Gi for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 10:39:10 +0000 Received: from [192.168.100.15] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id 2E86BC2DA3; Fri, 12 Dec 2008 10:39:07 +0000 (GMT) Date: Fri, 12 Dec 2008 10:39:06 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Paul Hoffman , namedroppers@ops.ietf.org cc: Alex Bligh Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3 Message-ID: In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --On 11 December 2008 19:51:18 -0800 Paul Hoffman wrote: > If so, draft-ietf-dnsext-dnssec-bis-updates should say so, given that we > want that document to reflect reality. If we are taking the position that rsasha256 etc. should only get one algorithm number, it seems to me that this is argument must effectively be predicated on the belief that supporting NSEC3 in validators is required "in the real world" to exactly the same extent as supporting NSEC. Given the above draft sets out what is required "in the real world" (for the same value of "real world" as before), I think +1. Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 02:43:30 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A1AA3A6960; Fri, 12 Dec 2008 02:43:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYfE3DYywX8G; Fri, 12 Dec 2008 02:43:29 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 87CC43A691E; Fri, 12 Dec 2008 02:43:29 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB5M7-0004UL-Ed for namedroppers-data0@psg.com; Fri, 12 Dec 2008 10:34:47 +0000 Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB5M2-0004Th-OM for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 10:34:44 +0000 Received: from [192.168.100.15] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id 297C3C2DA3; Fri, 12 Dec 2008 10:34:40 +0000 (GMT) Date: Fri, 12 Dec 2008 10:34:39 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Edward Lewis , namedroppers@ops.ietf.org cc: Edward Lewis , Alex Bligh Subject: Re: [dnsext] one algorithm number or two Message-ID: <7724E74224D28CA2DA364148@Ximines.local> In-Reply-To: References: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --On 11 December 2008 18:11:19 -0500 Edward Lewis wrote: >> We can always go back and assign a NSEC only alias later >> if we end up seeing operational problems with the single >> assignment. > > I have a hard time imagining the IETF effectively responding to an > operational problem in a timely fashion. I have a hard time working out what kind of operational problem would require such action. Presumably a serious NSEC3 protocol flaw that made it less usable than NSEC3 (i.e. not merely in its non-enumerability qualities), COMBINED WITH an operational requirement to move to rsasha256. If there is a realistic possibility this might occur in a timescale quicker than it takes IETF to allocate an algorithm number, why aren't we making rsasha256 support mandatory anyway? > The question is, how confident are we that NSEC3 is "perfect" and will > not be supplanted by something else, in the same manner that NSEC3 has > supplanted NSEC (in many people's eyes)? No, I don't think that is the question. If NSEC3 is supplanted by something else, we would presumably need signalling of that for all algorithms. I think the question is "how confident are we that NSEC3 will not be supplanted by NSEC" as it's only NSEC to which it is being proposed that no algorithm number be allocated. Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 06:40:24 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1CAFD3A6B22; Fri, 12 Dec 2008 06:40:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.829 X-Spam-Level: X-Spam-Status: No, score=-3.829 tagged_above=-999 required=5 tests=[AWL=-1.179, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wx4EDsdjvLN; Fri, 12 Dec 2008 06:40:23 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0852D3A6B1B; Fri, 12 Dec 2008 06:40:23 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB95k-0003mB-G1 for namedroppers-data0@psg.com; Fri, 12 Dec 2008 14:34:08 +0000 Received: from [81.91.160.182] (helo=office.denic.de) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LB95c-0003lY-Q4 for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 14:34:02 +0000 Received: from unknown.office.denic.de ([10.122.65.4]) by office.denic.de with esmtp id 1LB95Y-0001pb-EJ; Fri, 12 Dec 2008 15:33:56 +0100 Received: by unknown.office.denic.de (Postfix, from userid 501) id 5CD1510BB78; Fri, 12 Dec 2008 15:33:55 +0100 (CET) Date: Fri, 12 Dec 2008 15:33:55 +0100 From: Peter Koch To: IETF DNSEXT WG Subject: Re: [dnsext] one algorithm number or two Message-ID: <20081212143355.GA34852@unknown.office.denic.de> References: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Thu, Dec 11, 2008 at 06:11:19PM -0500, Edward Lewis wrote: > The question is, how confident are we that NSEC3 is "perfect" and > will not be supplanted by something else, in the same manner that > NSEC3 has supplanted NSEC (in many people's eyes)? Ed, I don't think this is a fair question. As we've learned the signalling of NSEC3 in RFC 5155 actually means that either NSEC or NSEC3 could be used within the zone. So, the resolver doesn't know in advance which method it will see, it is just told to expect either one. An NSEC3-agnostic validator will likely treat the zone as insecure. An NSEC3-aware validator will find its way. Of course, there could be a third flavor that recognizes the signalling and the NSEC3 RR, but doesn't implement NSEC3 validation. The same holds for the sha256 aware validator, except that it won't know for sure in advance to treat the zone as insecure if it doesn't implement NSEC3. The one thing that is asked is that the resolver recognize the NSEC3 RR type. The detail that needs to be hashed out, though, is how much "recognition" is necessary. Is it sufficient to have "a" (validated) NSEC3 RR in the response to conclude that there's not going to be an NSEC RR (so as to prove the NSEC RR(s) ha{s,ve}n't been stripped of) or does the validator actually have to do the hashing -- which would probably half way of implementing NSEC3 already? This is independent of general deployment and independent of the actual use of NSEC3 in a particular zone. I'd assume there will be a number of zones where NSEC3 doesn't buy much and which will continue to use NSEC anyway. -Peter -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From ljcaaa.jwelzt@amberwave.com Fri Dec 12 07:31:24 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16B1D3A6821 for ; Fri, 12 Dec 2008 07:31:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.097 X-Spam-Level: X-Spam-Status: No, score=-11.097 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HTML_FONT_LOW_CONTRAST=0.124, HTML_IMAGE_ONLY_08=1.787, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7DxUzFUJKAm for ; Fri, 12 Dec 2008 07:31:23 -0800 (PST) Received: from 88-122-0-201.rev.libertysurf.net (88-122-0-201.rev.libertysurf.net [88.122.0.201]) by core3.amsl.com (Postfix) with SMTP id 5594428C123 for ; Fri, 12 Dec 2008 07:31:21 -0800 (PST) To: Subject: Delivery Status Notification From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081212153122.5594428C123@core3.amsl.com> Date: Fri, 12 Dec 2008 07:31:21 -0800 (PST)
Go to site!

Nicole Kidman new nudity



good organization, and he knew they were being run very well.Soros allocated his assets and how he used leverage.
 From owner-namedroppers@ops.ietf.org Fri Dec 12 08:29:05 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 537623A67F7; Fri, 12 Dec 2008 08:29:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.495 X-Spam-Level: X-Spam-Status: No, score=-4.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1dTyXErRYhB; Fri, 12 Dec 2008 08:29:04 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 363CB3A684C; Fri, 12 Dec 2008 08:29:03 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBAnC-000DgF-LT for namedroppers-data0@psg.com; Fri, 12 Dec 2008 16:23:06 +0000 Received: from [216.168.239.74] (helo=peregrine.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBAn7-000Dfl-AJ for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 16:23:03 +0000 Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by peregrine.verisign.com (8.13.6/8.13.4) with ESMTP id mBCGIUnG003689; Fri, 12 Dec 2008 11:18:30 -0500 Received: from dul1wnexmb02.vcorp.ad.vrsn.com ([10.170.12.135]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Dec 2008 16:23:00 +0000 Received: from dul1mcdblacka-l2.vcorp.ad.vrsn.com ([10.131.29.149]) by dul1wnexmb02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Dec 2008 11:22:59 -0500 Cc: namedroppers@ops.ietf.org Message-Id: From: "Blacka, David" To: Paul Hoffman In-Reply-To: Content-Type: multipart/signed; boundary=Apple-Mail-2--463816184; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3 Date: Fri, 12 Dec 2008 11:22:50 -0500 References: X-Mailer: Apple Mail (2.929.2) X-OriginalArrivalTime: 12 Dec 2008 16:22:59.0141 (UTC) FILETIME=[E5B2F750:01C95C75] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --Apple-Mail-2--463816184 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Dec 11, 2008, at 10:51 PM, Paul Hoffman wrote: > The list traffic makes it sound like we all believe that NSEC3 is > now really part of DNSSEC deployment. If so, draft-ietf-dnsext- > dnssec-bis-updates should say so, given that we want that document > to reflect reality. Humorously, that draft doesn't even *mention* > NSEC3, despite the overlap in authors. Heh, true. Actually, the working copy I have does mention NSEC3, but that is because it contains a clarification to 5155 that was discovered in Minneapolis (Roy posted the basic text that I added). So, the next version will also update 5155 (unless the WG objects, of course). > Proposals for draft-ietf-dnsext-dnssec-bis-updates: > > - Add a new section 2.1 that describes NSEC3, says that it is > expected to be used in many high-profile zones, and has been widely > deployed in resolvers. Say explicitly that DNSSEC is now defined to > include NSEC3, although it is expected that some resolvers will only > handle NSEC until they are updated. > > - Update current sections 2.1, 2.3, 2.4, 2.5, and 4.2 to indicate > "NSEC and/or NSEC3" as appropriate. > > - Change the status of the document to say that it updates 4033 as > well. > > - Add a new sub-section at the end of section 3 that says that RSA- > SHA256 is now part of DNSSEC > > - Add normative references to RFC 5155 and RFC-from-draft-ietf- > dnsext-dnssec-rsasha256. > > Do folks agree with this method of letting the world know that NSEC3 > is required for DNSSEC? I think I would be more inclined to add this sort of thing to a new section, personally. I don't really see it in the same vein as the other "Significant Concerns". Instead, these are updates to 4033 section 10, expanding the DNSSEC Security Document Family. But, I can be flexible. -- David Blacka Sr. Engineer Platform Product Development --Apple-Mail-2--463816184 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILiDCCA6Yw ggMPoAMCAQICEH3X7r/WzZMfuK2rvEU/cu0wDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJsaWMgUHJpbWFy eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMB4XDTk5MDIyNTAwMDAwMFoXDTEwMDIyNDIzNTk1OVowga0xFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BV c2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWty IChjKTk5MSYwJAYDVQQDEx1WZXJpU2lnbiBDbGFzcyAyIFBlcnNvbm5lbCBDQTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEApwRsD6Jyt0oGLvjXKSw0nYK8SJFKx6z56fy5WXixVcBTWLHPbxY7 wUnVy/RuzOHMy7XHLk6IqjTpttBbfD4VVzThGLz/3fWvZ1kgCuU96oiKQNKaiRMpqbbV26d+4ec3 JJP9lHRNeuQybUzoXBaXr92S2WaKFGbk6loDqD1f+wsCAwEAAaOBsDCBrTARBglghkgBhvhCAQEE BAMCAQYwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwRAYDVR0gBD0wOzA5BgtghkgBhvhF AQcXAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQt MCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTItZzIuY3JsMA0GCSqGSIb3DQEB BQUAA4GBAIXzal+G0hAh9ZD8nZblERpkPBge68HBmI164CmIERjG2K+h8b2fsRIO8nXfeMVpsEqb KFSYmbXNn1Ru3N4ttwqkBQsIl+KxKlSiAoS8r3jDe6DihQim1BmUBZ2KTlG5yLXm/jYVsbCz/29W cCR8JkbWabmRSXNXlwVR96j1fR+OMIIDwDCCAymgAwIBAgIQJM4uuUvWeFJE8ny741UjjTANBgkq hkiG9w0BAQUFADCBrTEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWdu IFRydXN0IE5ldHdvcmsxSTBHBgNVBAsTQFVzZSBpcyBzdWJqZWN0IHRvIHRlcm1zIGF0IGh0dHBz Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IgKGMpOTkxJjAkBgNVBAMTHVZlcmlTaWduIENsYXNz IDIgUGVyc29ubmVsIENBMB4XDTk5MDIyNTAwMDAwMFoXDTEwMDIyMzIzNTk1OVowgawxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkwRwYD VQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v cnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFzcyAyIEVtcGxveWVlIENBMIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAitGHYaLqMANVawg28Jf6GlQ1JB/ofZ3Iw3PT2Eb1kS3Z OO2U17Amcyrel1BN/yIcvXAAmAxYKrGkco+lufctfGDjtd/pfU4hIWHV/DtUyaQJnLsi+aK6cGFP hkai/QVk7Ao/plh2V7sWc0R88KUNl8BspvFjCCWxBBeVoI3+fwIDAQABo4HfMIHcMCkGA1UdEQQi MCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTExODARBglghkgBhvhCAQEEBAMCAQYwDwYD VR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAjAqMCgG CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDgGA1UdHwQxMC8wLaAroCmG J2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1ZTQ2xhc3MySW50LmNybDANBgkqhkiG9w0BAQUFAAOB gQCeSoqtvkYaD3UqytfJujxzt98F8JSg5xeeMi9CmuTNV9xDdBXOtkb0rnnwz89bXfQYKaoivC1X jULVUJ3FUcv0m4zX8zOI2Z1hFSI+mrA8fibJiaK67/zngCAN2HIur84vAwKDv6OR7eVcJiP5TCxk KZJhuzbpynYgHnkM44Z5cjCCBBYwggN/oAMCAQICEH/ky2MD0Ks+tybXzdJAD/EwDQYJKoZIhvcN AQEFBQAwgawxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3 dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFzcyAyIEVt cGxveWVlIENBMB4XDTA4MDMwMzAwMDAwMFoXDTA5MDMwMzIzNTk1OVowajERMA8GA1UEChMIVkVS SVNJR04xEDAOBgNVBAsTB1ZBLUVBU1QxEzARBgNVBAMTClJlY2lwaWVudHMxLjAsBgNVBAMTJWRh dmlkYiAoQmxhY2thIERhdmlkLCBWZXJpU2lnbiwgSW5jLikwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALf4yQLwzdrWeSe8hErx/kvENPF+K5/iHQcWFp4QZuGga+UeifgP6YNZdgTvzPmO4eZV ZADPq7tuQwvwsXtbSxqLjw7b8xpzyFDlG1LxrLdLDCUcEnWGtazaDaThrN/2VS72bfN6COSRB+Gj YjGO2CKeZ3OoaCnIUCoYistgQJabAgMBAAGjggF4MIIBdDAJBgNVHRMEAjAAMFkGA1UdHwRSMFAw TqBMoEqGSGh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1ZlcmlTaWduSW5jRXhjaGFuZ2VF bXBsb3llZXMvTGF0ZXN0Q1JMLmNybDALBgNVHQ8EBAMCBaAwHgYDVR0RBBcwFYETZGF2aWRiQHZl cmlzaWduLmNvbTCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYc aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJ bmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4g KGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggr BgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAmUg2DmlM+ixRWjnMTDWoPPaSa9S0cA8/n1cnjv7FS 4IMZqIdAcgWi/sTCoarffoH6FsXLmScTGTTWaCPZDL+ydxeQp25IW4kkOS3mNQrqnmZZYGVofvqg Ea9Yrn3aOm5X/2baHHR5d+vMdFGvZYh4vVwatnufLTU0oo6xRvwb8TGCA3UwggNxAgEBMIHBMIGs MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNp Z24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBD QQIQf+TLYwPQqz63JtfN0kAP8TAJBgUrDgMCGgUAoIICCTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMTIxNjIyNTFaMCMGCSqGSIb3DQEJBDEWBBSxqb3mlPX5 g2JZzDwjq3xe79DnPTCB0gYJKwYBBAGCNxAEMYHEMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwg SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1 YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEl MCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQQIQf+TLYwPQqz63JtfN0kAP8TCB 1AYLKoZIhvcNAQkQAgsxgcSggcEwgawxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkwRwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJt cyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJp U2lnbiBDbGFzcyAyIEVtcGxveWVlIENBAhB/5MtjA9CrPrcm183SQA/xMA0GCSqGSIb3DQEBAQUA BIGARYJQKNpdM/0za300JFddnC4BbF6SMWtlLz7DrI7idHqUs2ZwKuT7qjb38n8gIlYuyV+YOqBC kwCfc9hPJLkwssey9iR80LLLfvKDK++9GtKfegzFhHetDwU+e0DzLuTgMSEZdFQcO1kipqcranfj G9+ucq9uTCkDCVg05tea9jMAAAAAAAA= --Apple-Mail-2--463816184-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 08:34:57 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 644173A684C; Fri, 12 Dec 2008 08:34:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.437 X-Spam-Level: X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDEd-Pe++uKs; Fri, 12 Dec 2008 08:34:56 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 70D963A67F7; Fri, 12 Dec 2008 08:34:56 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBAv2-000EJl-QS for namedroppers-data0@psg.com; Fri, 12 Dec 2008 16:31:12 +0000 Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBAux-000EJJ-S1 for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 16:31:10 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mBCGV6bZ067963; Fri, 12 Dec 2008 11:31:06 -0500 (EST) (envelope-from weiler@tislabs.com) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mBCGV6ub067960; Fri, 12 Dec 2008 11:31:06 -0500 (EST) (envelope-from weiler@tislabs.com) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Fri, 12 Dec 2008 11:31:06 -0500 (EST) From: Samuel Weiler X-X-Sender: weiler@fledge.watson.org To: Paul Hoffman cc: namedroppers@ops.ietf.org Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3 In-Reply-To: Message-ID: References: User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Fri, 12 Dec 2008 11:31:06 -0500 (EST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Thu, 11 Dec 2008, Paul Hoffman wrote: > The list traffic makes it sound like we all believe that NSEC3 is now really part of DNSSEC deployment. If so, draft-ietf-dnsext-dnssec-bis-updates should say so, given that we want that document to reflect reality. Humorously, that draft doesn't even *mention* NSEC3, despite the overlap in authors. > > Proposals for draft-ietf-dnsext-dnssec-bis-updates: > > - Add a new section 2.1 that describes NSEC3, says that it is > expected to be used in many high-profile zones, and has been widely > deployed in resolvers. Say explicitly that DNSSEC is now defined to > include NSEC3, although it is expected that some resolvers will only > handle NSEC until they are updated. You might be amused to know that such text already exist in the doc's XML source, just commented out. In -04 and previous versions, this document proposed cataloging all known changes to 4033-5, including 4470 and NSEC3. Presumably 4955, 5011, and 4509 could be included now as well. I'm not recalling why we never included that text -- it may have been that someone objected to expanding the scope of bis-updates. As to whether we should including this, doc editor hat off: probably. Doc editor hat back on: rather than fold this into the existing section 2 or 3, I'm inclined to add a new section cataloging the changes made in other documents. > - Update current sections 2.1, 2.3, 2.4, 2.5, and 4.2 to indicate > "NSEC and/or NSEC3" as appropriate. Absolutely, except not in 2.5 (that error is specific to NSEC). > - Change the status of the document to say that it updates 4033 as well. Why? -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 08:44:14 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 263DB28C10B; Fri, 12 Dec 2008 08:44:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.437 X-Spam-Level: X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZjdAY-EKrGWZ; Fri, 12 Dec 2008 08:44:13 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 626173A68D6; Fri, 12 Dec 2008 08:44:13 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBB46-000F6r-Op for namedroppers-data0@psg.com; Fri, 12 Dec 2008 16:40:34 +0000 Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBB3x-000F4Z-Hw for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 16:40:31 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mBCGe8oI068416; Fri, 12 Dec 2008 11:40:09 -0500 (EST) (envelope-from weiler@tislabs.com) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mBCGe80p068413; Fri, 12 Dec 2008 11:40:08 -0500 (EST) (envelope-from weiler@tislabs.com) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Fri, 12 Dec 2008 11:40:08 -0500 (EST) From: Samuel Weiler X-X-Sender: weiler@fledge.watson.org To: Mark Andrews cc: IETF DNSEXT WG Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05) In-Reply-To: <200812102152.mBALqHVP077399@drugs.dv.isc.org> Message-ID: References: <200812102152.mBALqHVP077399@drugs.dv.isc.org> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Fri, 12 Dec 2008 11:40:09 -0500 (EST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: > Which unfortunately sets a precident. People won't go back > and look at this discussion. We need to send the right message, > in rfc's, for people adding new algorithms. Which Andrew has proposed doing in dnssec-bis-updates. Is that not sufficient? -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 09:13:20 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEAA93A683E; Fri, 12 Dec 2008 09:13:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.437 X-Spam-Level: X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHP6z-Ne21dR; Fri, 12 Dec 2008 09:13:20 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DC7033A67AE; Fri, 12 Dec 2008 09:13:19 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBBV0-000HXW-Gg for namedroppers-data0@psg.com; Fri, 12 Dec 2008 17:08:22 +0000 Received: from [65.122.17.41] (helo=fledge.watson.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBBUv-000HXD-P4 for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 17:08:20 +0000 Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.2) with ESMTP id mBCH88wZ070294; Fri, 12 Dec 2008 12:08:08 -0500 (EST) (envelope-from weiler@tislabs.com) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.2/Submit) with ESMTP id mBCH88GL070290; Fri, 12 Dec 2008 12:08:08 -0500 (EST) (envelope-from weiler@tislabs.com) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Fri, 12 Dec 2008 12:08:08 -0500 (EST) From: Samuel Weiler X-X-Sender: weiler@fledge.watson.org To: Peter Koch cc: IETF DNSEXT WG Subject: Re: [dnsext] one algorithm number or two In-Reply-To: <20081212143355.GA34852@unknown.office.denic.de> Message-ID: References: <200812112159.mBBLx0Dw090756@drugs.dv.isc.org> <20081212143355.GA34852@unknown.office.denic.de> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (fledge.watson.org [127.0.0.1]); Fri, 12 Dec 2008 12:08:08 -0500 (EST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: On Fri, 12 Dec 2008, Peter Koch wrote: > ... So, the resolver doesn't know in advance which method it will > see, it is just told to expect either one. An NSEC3-agnostic > validator will likely treat the zone as insecure. ... > The same holds for the sha256 aware validator, except that it won't > know for sure in advance to treat the zone as insecure if it doesn't > implement NSEC3. Indeed, it won't be able to make any determination about the _zone_ status at all, only about the status of particular answers. An NSEC3-agnostic resolver might well get positive answers from the NSEC3 zone and treat them as secure long before it sees a negative answere which it must treat as unsigned. Part of the zone appears secure, part unsigned. I'm having trouble thinking of another example of a validator not being able to make a "zone" status determination by examining the zone cut. The base specs routinely talk about the zone security status. Does it matter? Probably not. But it's the same sort of apparently academic difference that "DS is the first RR to appear only on the parent's side of a delegation" was. We thought that difference didn't matter. RFC4035 section 3.1.4.1 was the result. Maybe using two (four) algorithm numbers is the right path for now. If we don't leave both algorithm numbers, Jelte's text needs to be modified to specify "answers", not "zones", and should explicitly call this out as a difference from the base specs. (RFC4035 section 4.3 et. al.) -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 10:14:59 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 143F33A68B3; Fri, 12 Dec 2008 10:14:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PxnidQy4EHLQ; Fri, 12 Dec 2008 10:14:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8C74E3A6822; Fri, 12 Dec 2008 10:14:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBCRb-000PRT-Ho for namedroppers-data0@psg.com; Fri, 12 Dec 2008 18:08:55 +0000 Received: from [2001:470:1f04:392::2] (helo=balder-227.proper.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBCRP-000PQP-2O for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 18:08:48 +0000 Received: from [10.20.30.158] (sn81.proper.com [75.101.18.81]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mBCI8fJj097525 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Dec 2008 11:08:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Fri, 12 Dec 2008 10:08:23 -0800 To: Samuel Weiler From: Paul Hoffman Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3 Cc: namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: At 11:31 AM -0500 12/12/08, Samuel Weiler wrote: >As to whether we should including this, doc editor hat off: probably. Doc editor hat back on: rather than fold this into the existing section 2 or 3, I'm inclined to add a new section cataloging the changes made in other documents. I'm OK with that as well, but to a naive reader, that will not feel like "NSEC3 is a full member of the DNSSEC family". >>- Change the status of the document to say that it updates 4033 as well. > >Why? Because 4033 talks about the parts of DNSSEC, and we are adding a new part. Section 8 of 4033 is inherently being updated to say "NSEC and/or NSEC3" in many places. --Paul Hoffman, Director --VPN Consortium -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 12:43:49 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A42DA28C1E9; Fri, 12 Dec 2008 12:43:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.896 X-Spam-Level: X-Spam-Status: No, score=-2.896 tagged_above=-999 required=5 tests=[AWL=-2.401, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwPF295vaYu9; Fri, 12 Dec 2008 12:43:48 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id AC7F728C18D; Fri, 12 Dec 2008 12:43:48 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBEly-000Dh4-5M for namedroppers-data0@psg.com; Fri, 12 Dec 2008 20:38:06 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBElt-000DgN-Cv for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 20:38:03 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBCKc3Gf025867 for ; Fri, 12 Dec 2008 15:38:03 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mBCKc3RG025866 for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 15:38:03 -0500 (EST) (envelope-from namedroppers) Received: from [192.18.43.22] (helo=sca-ea-mail-4.sun.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LAupB-0004gO-Lt for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 23:20:10 +0000 Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id mBBNK5iV007507 for ; Thu, 11 Dec 2008 23:20:05 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id mBBNK49f035523 for ; Thu, 11 Dec 2008 16:20:04 -0700 (MST) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id mBBNBecJ007365 for ; Thu, 11 Dec 2008 17:11:40 -0600 (CST) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id mBBNBeCN007364 for namedroppers@ops.ietf.org; Thu, 11 Dec 2008 17:11:40 -0600 (CST) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Thu, 11 Dec 2008 17:11:39 -0600 From: Nicolas Williams To: namedroppers@ops.ietf.org Subject: [dnsext] IANA DNS params registry typo w.r.t. label types Message-ID: <20081211231138.GE2463@Sun.COM> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.7i X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] " Registry Name: DNS Label types Reference: [RFC5001] Registration Procedures: IETF standards action " http://www.iana.org/assignments/dns-parameters But RFC5001 doesn't even have the word "label" in it, and its IANA considerations section only mentions the allocation of an EDNS option code (3). Nico -- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 12 15:12:36 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 413ED3A68BC; Fri, 12 Dec 2008 15:12:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.426 X-Spam-Level: X-Spam-Status: No, score=-2.426 tagged_above=-999 required=5 tests=[AWL=0.173, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3YbEbHxumNW; Fri, 12 Dec 2008 15:12:35 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 42EB83A685E; Fri, 12 Dec 2008 15:12:35 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBH5b-000EPZ-7Q for namedroppers-data0@psg.com; Fri, 12 Dec 2008 23:06:31 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LBH5T-000EMA-2D for namedroppers@ops.ietf.org; Fri, 12 Dec 2008 23:06:27 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 7F95F114021; Fri, 12 Dec 2008 23:06:08 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 7EE75E60AF; Fri, 12 Dec 2008 23:06:07 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBCN63lX022459; Sat, 13 Dec 2008 10:06:03 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812122306.mBCN63lX022459@drugs.dv.isc.org> To: Samuel Weiler Cc: Peter Koch , IETF DNSEXT WG From: Mark Andrews Subject: Re: [dnsext] one algorithm number or two In-reply-to: Your message of "Fri, 12 Dec 2008 12:08:08 CDT." Date: Sat, 13 Dec 2008 10:06:03 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message , Samuel Weil er writes: > On Fri, 12 Dec 2008, Peter Koch wrote: > > > ... So, the resolver doesn't know in advance which method it will > > see, it is just told to expect either one. An NSEC3-agnostic > > validator will likely treat the zone as insecure. > ... > > The same holds for the sha256 aware validator, except that it won't > > know for sure in advance to treat the zone as insecure if it doesn't > > implement NSEC3. > > Indeed, it won't be able to make any determination about the _zone_ > status at all, only about the status of particular answers. The zone status is that is signed using the methods (plural) signaled by the algorithm number. > An > NSEC3-agnostic resolver might well get positive answers from the NSEC3 > zone and treat them as secure long before it sees a negative answere > which it must treat as unsigned. Part of the zone appears secure, > part unsigned. Stop talking rubbish. A validator either FULLY understands what a alogorithm number requires or it treats the zone as insecure. This is why we choose aliases 5 to 7 because there were validators deployed that understood what 5 meant. There are no validators that understand what TBA means. We have a green field with SHA256. > I'm having trouble thinking of another example of a validator not > being able to make a "zone" status determination by examining the zone > cut. Rubbish. > The base specs routinely talk about the zone security status. And that still stands. > Does it matter? Probably not. But it's the same sort of apparently > academic difference that "DS is the first RR to appear only on the > parent's side of a delegation" was. We thought that difference didn't > matter. RFC4035 section 3.1.4.1 was the result. Maybe using two > (four) algorithm numbers is the right path for now. > > If we don't leave both algorithm numbers, Jelte's text needs to be > modified to specify "answers", not "zones", and should explicitly call > this out as a difference from the base specs. (RFC4035 section 4.3 > et. al.) You just need to stop thinking "signed using NSEC" vs "signed using NSEC3" is what is being signalled because it isn't. Mark > > -- Sam > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From murshe@alibabaa.com Fri Dec 12 15:13:12 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B5EE3A691E for ; Fri, 12 Dec 2008 15:13:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.161 X-Spam-Level: X-Spam-Status: No, score=-17.161 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_FONT_LOW_CONTRAST=0.124, HTML_IMAGE_ONLY_08=1.787, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOI3JWo94WMD for ; Fri, 12 Dec 2008 15:13:12 -0800 (PST) Received: from altnoise.com (unknown [118.68.0.135]) by core3.amsl.com (Postfix) with SMTP id 086943A685E for ; Fri, 12 Dec 2008 15:13:07 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081212231309.086943A685E@core3.amsl.com> Date: Fri, 12 Dec 2008 15:13:07 -0800 (PST)
Go to site!

Give her furnace some heat



38 The Cellars of Budapestreligious roots. I grew up, Soros told acquaintances later in life, in
 From kirsty.jephcott@alexandra.co.uk Fri Dec 12 15:25:05 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82EA73A69EA for ; Fri, 12 Dec 2008 15:25:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.532 X-Spam-Level: X-Spam-Status: No, score=-12.532 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4SFnaF6Uvfh for ; Fri, 12 Dec 2008 15:25:04 -0800 (PST) Received: from afs.org (unknown [189.79.37.211]) by core3.amsl.com (Postfix) with SMTP id B71043A688F for ; Fri, 12 Dec 2008 15:25:03 -0800 (PST) To: Subject: Re: Order status From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081212232503.B71043A688F@core3.amsl.com> Date: Fri, 12 Dec 2008 15:25:03 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From koenwarmenbol@11.be Sat Dec 13 11:48:50 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DF643A69C4 for ; Sat, 13 Dec 2008 11:48:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.423 X-Spam-Level: X-Spam-Status: No, score=-12.423 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_RELAY_NODNS=1.451, HELO_EQ_CZ=0.445, HELO_IS_SMALL6=0.556, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTmE7QQFdM-5 for ; Sat, 13 Dec 2008 11:48:50 -0800 (PST) Received: from aero.cz (unknown [189.110.83.63]) by core3.amsl.com (Postfix) with SMTP id D8FF23A69A6 for ; Sat, 13 Dec 2008 11:48:48 -0800 (PST) To: Subject: Delivery Status Notification (Failure) From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081213194848.D8FF23A69A6@core3.amsl.com> Date: Sat, 13 Dec 2008 11:48:48 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From marie.ullatti@3mail.com Sun Dec 14 16:28:03 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCC9C3A6947 for ; Sun, 14 Dec 2008 16:28:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -39.848 X-Spam-Level: X-Spam-Status: No, score=-39.848 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_SPACE_RATIO=2.219, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zq2hC8yTwofb for ; Sun, 14 Dec 2008 16:28:03 -0800 (PST) Received: from adsl-55-197.tricom.net (adsl-55-197.tricom.net [190.94.55.197]) by core3.amsl.com (Postfix) with SMTP id 0A4F53A6903 for ; Sun, 14 Dec 2008 16:28:01 -0800 (PST) To: Subject: RE: Message From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081215002802.0A4F53A6903@core3.amsl.com> Date: Sun, 14 Dec 2008 16:28:01 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Mon Dec 15 11:57:57 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B56AA28C124; Mon, 15 Dec 2008 11:57:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.201 X-Spam-Level: X-Spam-Status: No, score=-3.201 tagged_above=-999 required=5 tests=[AWL=-3.007, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQeXVUgf0nnY; Mon, 15 Dec 2008 11:57:51 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E163928C117; Mon, 15 Dec 2008 11:57:50 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJQA-000DEn-68 for namedroppers-data0@psg.com; Mon, 15 Dec 2008 19:48:02 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJQ1-000DE9-GF for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 19:47:59 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBFJltAA056797 for ; Mon, 15 Dec 2008 14:47:55 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mBFJltQp056796 for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 14:47:55 -0500 (EST) (envelope-from namedroppers) Received: from [64.78.22.237] (helo=EXPFE100-2.exc.icann.org) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCIuC-000Bmb-NR for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 19:15:02 +0000 Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.233]) by EXPFE100-2.exc.icann.org ([64.78.22.237]) with mapi; Mon, 15 Dec 2008 11:15:00 -0800 From: Michelle Cotton To: =?utf-8?B?w5NsYWZ1ciBHdeKAum11bmRzc29uIC9ETlNFWFQgY2hhaXI=?= , "namedroppers@ops.ietf.org" Date: Mon, 15 Dec 2008 11:14:50 -0800 Subject: FW: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Topic: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Index: Aclcm49Kvrgat3GkTw65WrAo5N7TXQCTVAZ5AAAh0yM= Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_C56BECAA21269michellecottonicannorg_" MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] --_000_C56BECAA21269michellecottonicannorg_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T2xhZnVyL290aGVycy4uLg0KDQpQbGVhc2UgbGV0IHVzIGtub3cgaWYgdGhlcmUgaXMgc29tZXRo aW5nIHRoYXQgbmVlZHMgdG8gYmUgZml4ZWQgaGVyZS4NCg0KVGhhbmsgeW91LA0KDQpNaWNoZWxs ZSBDb3R0b24NCklBTkENCg0KDQotLS0tLS0gRm9yd2FyZGVkIE1lc3NhZ2UNCkZyb206IE5pY29s YXMgV2lsbGlhbXMgPE5pY29sYXMuV2lsbGlhbXNAc3VuLmNvbT4NCkRhdGU6IFRodSwgMTEgRGVj IDIwMDggMTU6MTE6MzkgLTA4MDANClRvOiA8bmFtZWRyb3BwZXJzQG9wcy5pZXRmLm9yZz4NClN1 YmplY3Q6IFtkbnNleHRdIElBTkEgRE5TIHBhcmFtcyByZWdpc3RyeSB0eXBvIHcuci50LiBsYWJl bCB0eXBlcw0KDQpbIE1vZGVyYXRvcnMgbm90ZTogUG9zdCB3YXMgbW9kZXJhdGVkLCBlaXRoZXIg YmVjYXVzZSBpdCB3YXMgcG9zdGVkIGJ5DQogICBhIG5vbi1zdWJzY3JpYmVyLCBvciBiZWNhdXNl IGl0IHdhcyBvdmVyIDIwSy4NCiAgIFdpdGggdGhlIG1hc3NpdmUgYW1vdW50IG9mIHNwYW0sIGl0 IGlzIGVhc3kgdG8gbWlzcyBhbmQgdGhlcmVmb3JlDQogICBkZWxldGUgcmVsZXZhbnQgcG9zdHMg Ynkgbm9uLXN1YnNjcmliZXJzLg0KICAgUGxlYXNlIGZpeCB5b3VyIHN1YnNjcmlwdGlvbiBhZGRy ZXNzZXMuIF0NCg0KIg0KUmVnaXN0cnkgTmFtZTogRE5TIExhYmVsIHR5cGVzDQpSZWZlcmVuY2U6 IFtSRkM1MDAxXQ0KUmVnaXN0cmF0aW9uIFByb2NlZHVyZXM6IElFVEYgc3RhbmRhcmRzIGFjdGlv bg0KIg0KDQpodHRwOi8vd3d3LmlhbmEub3JnL2Fzc2lnbm1lbnRzL2Rucy1wYXJhbWV0ZXJzDQoN CkJ1dCBSRkM1MDAxIGRvZXNuJ3QgZXZlbiBoYXZlIHRoZSB3b3JkICJsYWJlbCIgaW4gaXQsIGFu ZCBpdHMgSUFOQQ0KY29uc2lkZXJhdGlvbnMgc2VjdGlvbiBvbmx5IG1lbnRpb25zIHRoZSBhbGxv Y2F0aW9uIG9mIGFuIEVETlMgb3B0aW9uDQpjb2RlICgzKS4NCg0KTmljbw0KLS0NCg0KLS0NCnRv IHVuc3Vic2NyaWJlIHNlbmQgYSBtZXNzYWdlIHRvIG5hbWVkcm9wcGVycy1yZXF1ZXN0QG9wcy5p ZXRmLm9yZyB3aXRoDQp0aGUgd29yZCAndW5zdWJzY3JpYmUnIGluIGEgc2luZ2xlIGxpbmUgYXMg dGhlIG1lc3NhZ2UgdGV4dCBib2R5Lg0KYXJjaGl2ZTogPGh0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlz dHMvbmFtZWRyb3BwZXJzLz48aHR0cDovL29wcy5pZXRmLm9yZy9saXN0cy9uYW1lZHJvcHBlcnMv Pg0KDQoNCi0tLS0tLSBFbmQgb2YgRm9yd2FyZGVkIE1lc3NhZ2UNCg0KDQotLS0tLS0gRW5kIG9m IEZvcndhcmRlZCBNZXNzYWdlDQo= --_000_C56BECAA21269michellecottonicannorg_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PEhUTUw+DQo8SEVBRD4NCjxUSVRMRT5GVzogW2Ruc2V4dF0gSUFOQSBETlMgcGFyYW1zIHJlZ2lz dHJ5IHR5cG8gdy5yLnQuIGxhYmVsIHR5cGVzPC9USVRMRT4NCjwvSEVBRD4NCjxCT0RZPg0KPEZP TlQgU0laRT0iNCI+PEZPTlQgRkFDRT0iQ2FsaWJyaSwgVmVyZGFuYSwgSGVsdmV0aWNhLCBBcmlh bCI+PFNQQU4gU1RZTEU9J2ZvbnQtc2l6ZToxMXB0Jz5PbGFmdXIvb3RoZXJzLi4uPEJSPg0KPEJS Pg0KUGxlYXNlIGxldCB1cyBrbm93IGlmIHRoZXJlIGlzIHNvbWV0aGluZyB0aGF0IG5lZWRzIHRv IGJlIGZpeGVkIGhlcmUuPEJSPg0KPEJSPg0KVGhhbmsgeW91LDxCUj4NCjxCUj4NCk1pY2hlbGxl IENvdHRvbjxCUj4NCklBTkE8QlI+DQo8QlI+DQo8QlI+DQotLS0tLS0gRm9yd2FyZGVkIE1lc3Nh Z2U8QlI+DQo8Qj5Gcm9tOiA8L0I+Tmljb2xhcyBXaWxsaWFtcyAmbHQ7Tmljb2xhcy5XaWxsaWFt c0BzdW4uY29tJmd0OzxCUj4NCjxCPkRhdGU6IDwvQj5UaHUsIDExIERlYyAyMDA4IDE1OjExOjM5 IC0wODAwPEJSPg0KPEI+VG86IDwvQj4mbHQ7bmFtZWRyb3BwZXJzQG9wcy5pZXRmLm9yZyZndDs8 QlI+DQo8Qj5TdWJqZWN0OiA8L0I+W2Ruc2V4dF0gSUFOQSBETlMgcGFyYW1zIHJlZ2lzdHJ5IHR5 cG8gdy5yLnQuIGxhYmVsIHR5cGVzPEJSPg0KPEJSPg0KWyBNb2RlcmF0b3JzIG5vdGU6IFBvc3Qg d2FzIG1vZGVyYXRlZCwgZWl0aGVyIGJlY2F1c2UgaXQgd2FzIHBvc3RlZCBieTxCUj4NCiZuYnNw OyZuYnNwOyZuYnNwO2Egbm9uLXN1YnNjcmliZXIsIG9yIGJlY2F1c2UgaXQgd2FzIG92ZXIgMjBL LjxCUj4NCiZuYnNwOyZuYnNwOyZuYnNwO1dpdGggdGhlIG1hc3NpdmUgYW1vdW50IG9mIHNwYW0s IGl0IGlzIGVhc3kgdG8gbWlzcyBhbmQgdGhlcmVmb3JlPEJSPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7 ZGVsZXRlIHJlbGV2YW50IHBvc3RzIGJ5IG5vbi1zdWJzY3JpYmVycy48QlI+DQombmJzcDsmbmJz cDsmbmJzcDtQbGVhc2UgZml4IHlvdXIgc3Vic2NyaXB0aW9uIGFkZHJlc3Nlcy4gXTxCUj4NCjxC Uj4NCiZxdW90OzxCUj4NClJlZ2lzdHJ5IE5hbWU6IEROUyBMYWJlbCB0eXBlczxCUj4NClJlZmVy ZW5jZTogW1JGQzUwMDFdPEJSPg0KUmVnaXN0cmF0aW9uIFByb2NlZHVyZXM6IElFVEYgc3RhbmRh cmRzIGFjdGlvbjxCUj4NCiZxdW90OzxCUj4NCjxCUj4NCjxhIGhyZWY9Imh0dHA6Ly93d3cuaWFu YS5vcmcvYXNzaWdubWVudHMvZG5zLXBhcmFtZXRlcnMiPmh0dHA6Ly93d3cuaWFuYS5vcmcvYXNz aWdubWVudHMvZG5zLXBhcmFtZXRlcnM8L2E+PEJSPg0KPEJSPg0KQnV0IFJGQzUwMDEgZG9lc24n dCBldmVuIGhhdmUgdGhlIHdvcmQgJnF1b3Q7bGFiZWwmcXVvdDsgaW4gaXQsIGFuZCBpdHMgSUFO QTxCUj4NCmNvbnNpZGVyYXRpb25zIHNlY3Rpb24gb25seSBtZW50aW9ucyB0aGUgYWxsb2NhdGlv biBvZiBhbiBFRE5TIG9wdGlvbjxCUj4NCmNvZGUgKDMpLjxCUj4NCjxCUj4NCk5pY288QlI+DQot LTxCUj4NCjxCUj4NCi0tPEJSPg0KdG8gdW5zdWJzY3JpYmUgc2VuZCBhIG1lc3NhZ2UgdG8gbmFt ZWRyb3BwZXJzLXJlcXVlc3RAb3BzLmlldGYub3JnIHdpdGg8QlI+DQp0aGUgd29yZCAndW5zdWJz Y3JpYmUnIGluIGEgc2luZ2xlIGxpbmUgYXMgdGhlIG1lc3NhZ2UgdGV4dCBib2R5LjxCUj4NCmFy Y2hpdmU6IDxhIGhyZWY9Imh0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlzdHMvbmFtZWRyb3BwZXJzLyI+ Jmx0O2h0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlzdHMvbmFtZWRyb3BwZXJzLyZndDs8L2E+PEJSPg0K PEJSPg0KPEJSPg0KLS0tLS0tIEVuZCBvZiBGb3J3YXJkZWQgTWVzc2FnZTxCUj4NCjxCUj4NCjxC Uj4NCi0tLS0tLSBFbmQgb2YgRm9yd2FyZGVkIE1lc3NhZ2U8QlI+DQo8L1NQQU4+PC9GT05UPjwv Rk9OVD4NCjwvQk9EWT4NCjwvSFRNTD4NCg0K --_000_C56BECAA21269michellecottonicannorg_-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 15 11:59:25 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8799B28C122; Mon, 15 Dec 2008 11:59:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.201 X-Spam-Level: X-Spam-Status: No, score=-3.201 tagged_above=-999 required=5 tests=[AWL=-3.007, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xrtj7TJZH7M9; Mon, 15 Dec 2008 11:59:25 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1AE8628C117; Mon, 15 Dec 2008 11:59:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJQ0-000DE5-Cj for namedroppers-data0@psg.com; Mon, 15 Dec 2008 19:47:52 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJPu-000DDi-Ka for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 19:47:49 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBFJlm85056791 for ; Mon, 15 Dec 2008 14:47:48 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mBFJlmGn056790 for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 14:47:48 -0500 (EST) (envelope-from namedroppers) Received: from [64.78.22.237] (helo=EXPFE100-2.exc.icann.org) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCIuC-000Bmb-NR for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 19:15:02 +0000 Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.233]) by EXPFE100-2.exc.icann.org ([64.78.22.237]) with mapi; Mon, 15 Dec 2008 11:15:00 -0800 From: Michelle Cotton To: =?utf-8?B?w5NsYWZ1ciBHdeKAum11bmRzc29uIC9ETlNFWFQgY2hhaXI=?= , "namedroppers@ops.ietf.org" Date: Mon, 15 Dec 2008 11:14:50 -0800 Subject: FW: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Topic: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Index: Aclcm49Kvrgat3GkTw65WrAo5N7TXQCTVAZ5AAAh0yM= Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_C56BECAA21269michellecottonicannorg_" MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] --_000_C56BECAA21269michellecottonicannorg_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T2xhZnVyL290aGVycy4uLg0KDQpQbGVhc2UgbGV0IHVzIGtub3cgaWYgdGhlcmUgaXMgc29tZXRo aW5nIHRoYXQgbmVlZHMgdG8gYmUgZml4ZWQgaGVyZS4NCg0KVGhhbmsgeW91LA0KDQpNaWNoZWxs ZSBDb3R0b24NCklBTkENCg0KDQotLS0tLS0gRm9yd2FyZGVkIE1lc3NhZ2UNCkZyb206IE5pY29s YXMgV2lsbGlhbXMgPE5pY29sYXMuV2lsbGlhbXNAc3VuLmNvbT4NCkRhdGU6IFRodSwgMTEgRGVj IDIwMDggMTU6MTE6MzkgLTA4MDANClRvOiA8bmFtZWRyb3BwZXJzQG9wcy5pZXRmLm9yZz4NClN1 YmplY3Q6IFtkbnNleHRdIElBTkEgRE5TIHBhcmFtcyByZWdpc3RyeSB0eXBvIHcuci50LiBsYWJl bCB0eXBlcw0KDQpbIE1vZGVyYXRvcnMgbm90ZTogUG9zdCB3YXMgbW9kZXJhdGVkLCBlaXRoZXIg YmVjYXVzZSBpdCB3YXMgcG9zdGVkIGJ5DQogICBhIG5vbi1zdWJzY3JpYmVyLCBvciBiZWNhdXNl IGl0IHdhcyBvdmVyIDIwSy4NCiAgIFdpdGggdGhlIG1hc3NpdmUgYW1vdW50IG9mIHNwYW0sIGl0 IGlzIGVhc3kgdG8gbWlzcyBhbmQgdGhlcmVmb3JlDQogICBkZWxldGUgcmVsZXZhbnQgcG9zdHMg Ynkgbm9uLXN1YnNjcmliZXJzLg0KICAgUGxlYXNlIGZpeCB5b3VyIHN1YnNjcmlwdGlvbiBhZGRy ZXNzZXMuIF0NCg0KIg0KUmVnaXN0cnkgTmFtZTogRE5TIExhYmVsIHR5cGVzDQpSZWZlcmVuY2U6 IFtSRkM1MDAxXQ0KUmVnaXN0cmF0aW9uIFByb2NlZHVyZXM6IElFVEYgc3RhbmRhcmRzIGFjdGlv bg0KIg0KDQpodHRwOi8vd3d3LmlhbmEub3JnL2Fzc2lnbm1lbnRzL2Rucy1wYXJhbWV0ZXJzDQoN CkJ1dCBSRkM1MDAxIGRvZXNuJ3QgZXZlbiBoYXZlIHRoZSB3b3JkICJsYWJlbCIgaW4gaXQsIGFu ZCBpdHMgSUFOQQ0KY29uc2lkZXJhdGlvbnMgc2VjdGlvbiBvbmx5IG1lbnRpb25zIHRoZSBhbGxv Y2F0aW9uIG9mIGFuIEVETlMgb3B0aW9uDQpjb2RlICgzKS4NCg0KTmljbw0KLS0NCg0KLS0NCnRv IHVuc3Vic2NyaWJlIHNlbmQgYSBtZXNzYWdlIHRvIG5hbWVkcm9wcGVycy1yZXF1ZXN0QG9wcy5p ZXRmLm9yZyB3aXRoDQp0aGUgd29yZCAndW5zdWJzY3JpYmUnIGluIGEgc2luZ2xlIGxpbmUgYXMg dGhlIG1lc3NhZ2UgdGV4dCBib2R5Lg0KYXJjaGl2ZTogPGh0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlz dHMvbmFtZWRyb3BwZXJzLz48aHR0cDovL29wcy5pZXRmLm9yZy9saXN0cy9uYW1lZHJvcHBlcnMv Pg0KDQoNCi0tLS0tLSBFbmQgb2YgRm9yd2FyZGVkIE1lc3NhZ2UNCg0KDQotLS0tLS0gRW5kIG9m IEZvcndhcmRlZCBNZXNzYWdlDQo= --_000_C56BECAA21269michellecottonicannorg_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PEhUTUw+DQo8SEVBRD4NCjxUSVRMRT5GVzogW2Ruc2V4dF0gSUFOQSBETlMgcGFyYW1zIHJlZ2lz dHJ5IHR5cG8gdy5yLnQuIGxhYmVsIHR5cGVzPC9USVRMRT4NCjwvSEVBRD4NCjxCT0RZPg0KPEZP TlQgU0laRT0iNCI+PEZPTlQgRkFDRT0iQ2FsaWJyaSwgVmVyZGFuYSwgSGVsdmV0aWNhLCBBcmlh bCI+PFNQQU4gU1RZTEU9J2ZvbnQtc2l6ZToxMXB0Jz5PbGFmdXIvb3RoZXJzLi4uPEJSPg0KPEJS Pg0KUGxlYXNlIGxldCB1cyBrbm93IGlmIHRoZXJlIGlzIHNvbWV0aGluZyB0aGF0IG5lZWRzIHRv IGJlIGZpeGVkIGhlcmUuPEJSPg0KPEJSPg0KVGhhbmsgeW91LDxCUj4NCjxCUj4NCk1pY2hlbGxl IENvdHRvbjxCUj4NCklBTkE8QlI+DQo8QlI+DQo8QlI+DQotLS0tLS0gRm9yd2FyZGVkIE1lc3Nh Z2U8QlI+DQo8Qj5Gcm9tOiA8L0I+Tmljb2xhcyBXaWxsaWFtcyAmbHQ7Tmljb2xhcy5XaWxsaWFt c0BzdW4uY29tJmd0OzxCUj4NCjxCPkRhdGU6IDwvQj5UaHUsIDExIERlYyAyMDA4IDE1OjExOjM5 IC0wODAwPEJSPg0KPEI+VG86IDwvQj4mbHQ7bmFtZWRyb3BwZXJzQG9wcy5pZXRmLm9yZyZndDs8 QlI+DQo8Qj5TdWJqZWN0OiA8L0I+W2Ruc2V4dF0gSUFOQSBETlMgcGFyYW1zIHJlZ2lzdHJ5IHR5 cG8gdy5yLnQuIGxhYmVsIHR5cGVzPEJSPg0KPEJSPg0KWyBNb2RlcmF0b3JzIG5vdGU6IFBvc3Qg d2FzIG1vZGVyYXRlZCwgZWl0aGVyIGJlY2F1c2UgaXQgd2FzIHBvc3RlZCBieTxCUj4NCiZuYnNw OyZuYnNwOyZuYnNwO2Egbm9uLXN1YnNjcmliZXIsIG9yIGJlY2F1c2UgaXQgd2FzIG92ZXIgMjBL LjxCUj4NCiZuYnNwOyZuYnNwOyZuYnNwO1dpdGggdGhlIG1hc3NpdmUgYW1vdW50IG9mIHNwYW0s IGl0IGlzIGVhc3kgdG8gbWlzcyBhbmQgdGhlcmVmb3JlPEJSPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7 ZGVsZXRlIHJlbGV2YW50IHBvc3RzIGJ5IG5vbi1zdWJzY3JpYmVycy48QlI+DQombmJzcDsmbmJz cDsmbmJzcDtQbGVhc2UgZml4IHlvdXIgc3Vic2NyaXB0aW9uIGFkZHJlc3Nlcy4gXTxCUj4NCjxC Uj4NCiZxdW90OzxCUj4NClJlZ2lzdHJ5IE5hbWU6IEROUyBMYWJlbCB0eXBlczxCUj4NClJlZmVy ZW5jZTogW1JGQzUwMDFdPEJSPg0KUmVnaXN0cmF0aW9uIFByb2NlZHVyZXM6IElFVEYgc3RhbmRh cmRzIGFjdGlvbjxCUj4NCiZxdW90OzxCUj4NCjxCUj4NCjxhIGhyZWY9Imh0dHA6Ly93d3cuaWFu YS5vcmcvYXNzaWdubWVudHMvZG5zLXBhcmFtZXRlcnMiPmh0dHA6Ly93d3cuaWFuYS5vcmcvYXNz aWdubWVudHMvZG5zLXBhcmFtZXRlcnM8L2E+PEJSPg0KPEJSPg0KQnV0IFJGQzUwMDEgZG9lc24n dCBldmVuIGhhdmUgdGhlIHdvcmQgJnF1b3Q7bGFiZWwmcXVvdDsgaW4gaXQsIGFuZCBpdHMgSUFO QTxCUj4NCmNvbnNpZGVyYXRpb25zIHNlY3Rpb24gb25seSBtZW50aW9ucyB0aGUgYWxsb2NhdGlv biBvZiBhbiBFRE5TIG9wdGlvbjxCUj4NCmNvZGUgKDMpLjxCUj4NCjxCUj4NCk5pY288QlI+DQot LTxCUj4NCjxCUj4NCi0tPEJSPg0KdG8gdW5zdWJzY3JpYmUgc2VuZCBhIG1lc3NhZ2UgdG8gbmFt ZWRyb3BwZXJzLXJlcXVlc3RAb3BzLmlldGYub3JnIHdpdGg8QlI+DQp0aGUgd29yZCAndW5zdWJz Y3JpYmUnIGluIGEgc2luZ2xlIGxpbmUgYXMgdGhlIG1lc3NhZ2UgdGV4dCBib2R5LjxCUj4NCmFy Y2hpdmU6IDxhIGhyZWY9Imh0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlzdHMvbmFtZWRyb3BwZXJzLyI+ Jmx0O2h0dHA6Ly9vcHMuaWV0Zi5vcmcvbGlzdHMvbmFtZWRyb3BwZXJzLyZndDs8L2E+PEJSPg0K PEJSPg0KPEJSPg0KLS0tLS0tIEVuZCBvZiBGb3J3YXJkZWQgTWVzc2FnZTxCUj4NCjxCUj4NCjxC Uj4NCi0tLS0tLSBFbmQgb2YgRm9yd2FyZGVkIE1lc3NhZ2U8QlI+DQo8L1NQQU4+PC9GT05UPjwv Rk9OVD4NCjwvQk9EWT4NCjwvSFRNTD4NCg0K --_000_C56BECAA21269michellecottonicannorg_-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 15 12:19:35 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41FC028C122; Mon, 15 Dec 2008 12:19:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.372 X-Spam-Level: X-Spam-Status: No, score=-102.372 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G1VJEm+PJSlE; Mon, 15 Dec 2008 12:19:34 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5053528C0FE; Mon, 15 Dec 2008 12:19:34 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJqI-000Evf-FT for namedroppers-data0@psg.com; Mon, 15 Dec 2008 20:15:02 +0000 Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCJqC-000Ev8-BW for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 20:14:58 +0000 Received: by core3.amsl.com (Postfix, from userid 0) id 6B0D428C0FE; Mon, 15 Dec 2008 12:15:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Cc: namedroppers@ops.ietf.org Subject: [dnsext] I-D Action:draft-ietf-dnsext-forgery-resilience-10.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20081215201501.6B0D428C0FE@core3.amsl.com> Date: Mon, 15 Dec 2008 12:15:01 -0800 (PST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Measures for making DNS more resilient against forged answers Author(s) : B. Hubert, R. Mook Filename : draft-ietf-dnsext-forgery-resilience-10.txt Pages : 26 Date : 2008-12-15 The current Internet climate poses serious threats to the Domain Name System. In the interim period before the DNS protocol can be secured more fully, measures can already be taken to harden the DNS to make 'spoofing' a recursing nameserver many orders of magnitude harder. Even a cryptographically secured DNS benefits from having the ability to discard bogus responses quickly, as this potentially saves large amounts of computation. By describing certain behaviour that has previously not been standardised, this document sets out how to make the DNS more resilient against accepting incorrect responses. This document updates RFC 2181. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-10.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-dnsext-forgery-resilience-10.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2008-12-15121407.I-D@ietf.org> --NextPart-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 15 12:59:29 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E60B33A68BB; Mon, 15 Dec 2008 12:59:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyDWQRETwU1p; Mon, 15 Dec 2008 12:59:29 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 13A3C3A67F7; Mon, 15 Dec 2008 12:59:29 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCKSj-000HnD-7S for namedroppers-data0@psg.com; Mon, 15 Dec 2008 20:54:45 +0000 Received: from [2002:425c:4242:0:210:5aff:fe86:1f54] (helo=cyteen.hactrn.net) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCKSd-000HlJ-20 for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 20:54:41 +0000 Received: from thrintun.hactrn.net (thrintun.hactrn.net [IPv6:2002:425c:4242:0:219:d1ff:fe12:5d30]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "thrintun.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by cyteen.hactrn.net (Postfix) with ESMTPS id A8FB328464; Mon, 15 Dec 2008 20:54:36 +0000 (UTC) Received: from thrintun.hactrn.net (localhost [IPv6:::1]) by thrintun.hactrn.net (Postfix) with ESMTP id 5E99022836; Mon, 15 Dec 2008 15:54:36 -0500 (EST) Date: Mon, 15 Dec 2008 15:54:36 -0500 From: Rob Austein To: namedroppers@ops.ietf.org cc: Michelle Cotton Subject: Re: FW: [dnsext] IANA DNS params registry typo w.r.t. label types In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Message-Id: <20081215205436.5E99022836@thrintun.hactrn.net> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: > From: Nicolas Williams > Date: Thu, 11 Dec 2008 15:11:39 -0800 > > Registry Name: DNS Label types > Reference: [RFC5001] > Registration Procedures: IETF standards action > > But RFC5001 doesn't even have the word "label" in it, and its IANA > considerations section only mentions the allocation of an EDNS > option code (3). Michelle can confirm or deny this, but as I understand it the "reference" tags in IANA registries sometimes refers to the document that last caused an update, whether the document in question actually mentioned the registry in question or not. That is, sometimes it's less of a "reference" in the normal sense and more of a "fingerprint". Several nitpicky errors discovered during publication of RFC 5001 caused IANA to conduct its last cleanup of several EDNS-related registries, thus RFC 5001's fingerprint ended up on those registries. I don't claim that this makes sense, exactly, but it appears to be what what happens. If someone wants to go through all of the DNS parameter registries, check all the references, and suggest corrections where appropriate, I'm sure IANA would be grateful. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From monstrancesmooch@accura.co.uk Mon Dec 15 22:00:40 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 39D3A3A6A1A for ; Mon, 15 Dec 2008 22:00:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -27.142 X-Spam-Level: X-Spam-Status: No, score=-27.142 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, HELO_EQ_BR=0.955, HELO_MISMATCH_BR=2.4, HOST_MISMATCH_NET=0.311, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MItqbLJ03QLF for ; Mon, 15 Dec 2008 22:00:39 -0800 (PST) Received: from accortour.com.br (pool-71-185-224-62.phlapa.fios.verizon.net [71.185.224.62]) by core3.amsl.com (Postfix) with SMTP id B8F2528C0D6 for ; Mon, 15 Dec 2008 22:00:37 -0800 (PST) To: Subject: Re: Order status From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081216060038.B8F2528C0D6@core3.amsl.com> Date: Mon, 15 Dec 2008 22:00:37 -0800 (PST) Having trouble viewing this email? Click here to view as a webpage. From owner-namedroppers@ops.ietf.org Tue Dec 16 02:22:59 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BFE43A6A5F; Tue, 16 Dec 2008 02:22:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHiYudQgF5qN; Tue, 16 Dec 2008 02:22:58 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6E78C3A67AD; Tue, 16 Dec 2008 02:22:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCWur-000CcL-Nn for namedroppers-data0@psg.com; Tue, 16 Dec 2008 10:12:37 +0000 Received: from [2001:7b8:206:1::1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCWul-000Cbd-6C for namedroppers@ops.ietf.org; Tue, 16 Dec 2008 10:12:34 +0000 Received: from mirre.nlnetlabs.nl (mirre.nlnetlabs.nl [IPv6:2001:7b8:206:1:219:d1ff:fe0b:89f4]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id mBGACPEr038186 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 16 Dec 2008 11:12:26 +0100 (CET) (envelope-from jelte@NLnetLabs.nl) Message-ID: <49477F09.90009@NLnetLabs.nl> Date: Tue, 16 Dec 2008 11:12:25 +0100 From: Jelte Jansen User-Agent: Thunderbird 2.0.0.18 (X11/20081208) MIME-Version: 1.0 To: namedroppers@ops.ietf.org Subject: [dnsext] RSA/SHA2 new NSEC3 text proposal X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Tue, 16 Dec 2008 11:12:26 +0100 (CET) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok, i've refined the text a bit, and made two possible versions of 5.2.2 for the validator part, see below. There is the scary variant of my previous text, with a little explanation on why it's a bad idea, and the version like Mark proposed, which is safe and secure (but more of a burden on people who for whatever reason would think that you don't need nsec3 validating code). 5.2. Support for NSEC3 Denial of Existence Note that these algorithms have no aliases to signal NSEC3 denial of existence. The aliases mechanism used in RFC5155 was to protect implementations predating that RFC from encountering records they could not know about. Implementations that support RSA/SHA-2 algorithms SHOULD also implement NSEC3 denial of existence [RFC5155]. 5.2.1. NSEC3 in Authoritative servers An authoritative server that does not implement NSEC3 can still serve zones that use RSA/SHA2 with NSEC. And one of these: 5.2.2. NSEC3 in Validators If a validator chooses not to support NSEC3, it MUST recognize NSEC3 Resource Records and treat any zone that uses those as unsigned, after verifying their signatures. This does, however, make you insecure for negative answers within the zone, and is not recommended. OR 5.2.2. NSEC3 in Validators A DNSSEC Validator that implements RSA/SHA2 MUST be able to handle both NSEC and NSEC3 negative answers. If the validator is not able to handle both, it MUST treat a zone signed with RSA/SHA256 or RSA/SHA512 as insecure. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklHfwcACgkQ4nZCKsdOncWe3ACgg3px4rifKO34/rV8v89A3KPq qwYAn33fPuZJHczShYHLnLqsp1sp844l =NkKF -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 16 03:28:32 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E267F3A6A2E; Tue, 16 Dec 2008 03:28:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lI9B2hEiprvd; Tue, 16 Dec 2008 03:28:32 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D5F723A683A; Tue, 16 Dec 2008 03:28:31 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCY0p-000Gqd-FG for namedroppers-data0@psg.com; Tue, 16 Dec 2008 11:22:51 +0000 Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCY0k-000GqC-BJ for namedroppers@ops.ietf.org; Tue, 16 Dec 2008 11:22:48 +0000 Received: from [192.168.100.15] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id 89B75C2DB1; Tue, 16 Dec 2008 11:22:41 +0000 (GMT) Date: Tue, 16 Dec 2008 11:22:40 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Jelte Jansen , namedroppers@ops.ietf.org cc: Alex Bligh Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal Message-ID: <6C3EE91F4FC65000BFBF7F55@Ximines.local> In-Reply-To: <49477F09.90009@NLnetLabs.nl> References: <49477F09.90009@NLnetLabs.nl> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: --On 16 December 2008 11:12:25 +0100 Jelte Jansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Ok, i've refined the text a bit, and made two possible versions of 5.2.2 > for the validator part, see below. > > There is the scary variant of my previous text, with a little > explanation on why it's a bad idea, and the version like Mark proposed, > which is safe and secure (but more of a burden on people who for > whatever reason would think that you don't need nsec3 validating code). > Some language nits follow whilst I think about the substance > 5.2. Support for NSEC3 Denial of Existence > > Note that these algorithms have no aliases to signal NSEC3 denial of > existence. The aliases mechanism used in RFC5155 was to protect > implementations predating that RFC from encountering records they > could not know about. > > Implementations that support RSA/SHA-2 algorithms SHOULD also > implement NSEC3 denial of existence [RFC5155]. Fine if we go with the first alternative, but if we go with the second, it's a MUST for validators, in which case this sentence would be better under 5.2.1 (else I think we have a MUST and a SHOULD for the same thing). > 5.2.1. NSEC3 in Authoritative servers > > An authoritative server that does not implement NSEC3 can still serve > zones that use RSA/SHA2 with NSEC. Should that "can" be "MAY"? > And one of these: > > 5.2.2. NSEC3 in Validators > > If a validator chooses not to support NSEC3, it MUST recognize NSEC3 > Resource Records and treat any zone that uses those as unsigned, > after verifying their signatures. This does, however, make you > insecure for negative answers within the zone, and is not > recommended. I think this should read "This does, however, mean the validator will respond insecurely for". I am presuming the "and is not recommended" really refers to the same recommendation that "Implementations that support RSA/SHA-2 algorithms SHOULD also support NSEC3 denial of existence" above, as opposed to being a separate standalone recommendation for validators only; if so, I think the wording could be improved by "and it is for this reason that lack of support for NSEC3 is not recommended". IE I think the whole sentence should read: This does, however, mean the validator will respond insecurely for negative answers within the zone and it is for this reason that lack of support for NSEC3 is not recommended. > OR > > 5.2.2. NSEC3 in Validators > > A DNSSEC Validator that implements RSA/SHA2 MUST be able to > handle both NSEC and NSEC3 negative answers. If the validator is > not able to handle both, it MUST treat a zone signed with > RSA/SHA256 or RSA/SHA512 as insecure. I think there is a logical error here, if the requirement is that it MUST handle *both* NSEC and NSEC3, the final sentence should surely read "If the validator is unable to handle *either*. To my knowledge, a validator that is unable to handle both is not a DNSSEC validator at all. The last sentence might be improved as "it MUST treat a zone signed with RSA/SHA256 or RSA/SHA512 as signed with an unknown algorithm, and thus as insecure". There should be a reference to RFC5155 as per your first alternative. Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From k_bouchard5@agora.bungi.com Tue Dec 16 04:15:05 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C7623A6A63 for ; Tue, 16 Dec 2008 04:15:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.153 X-Spam-Level: X-Spam-Status: No, score=-0.153 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_DYNAMIC=1.144, HELO_EQ_IP_ADDR=1.119, HTML_FONT_LOW_CONTRAST=0.124, HTML_IMAGE_ONLY_08=1.787, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_WEOFFER=0.3, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFh6AUnbaPGp for ; Tue, 16 Dec 2008 04:15:04 -0800 (PST) Received: from 140.73.221.87.dynamic.jazztel.es (188.217.217.87.dynamic.jazztel.es [87.217.217.188]) by core3.amsl.com (Postfix) with SMTP id 53ACF3A6808 for ; Tue, 16 Dec 2008 04:15:02 -0800 (PST) To: Subject: Delivery Status Notification From: MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081216121503.53ACF3A6808@core3.amsl.com> Date: Tue, 16 Dec 2008 04:15:02 -0800 (PST)
Check it now!

What we offer can't be found in any other place, so don't miss it!


warm and melt the moon's interior for billions of years,Thursday and Friday.
insurance coverage.entered. As political leaders approached the area, they From owner-namedroppers@ops.ietf.org Tue Dec 16 05:16:40 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A76863A688A; Tue, 16 Dec 2008 05:16:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.432 X-Spam-Level: X-Spam-Status: No, score=-2.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id prJMyW0rd-Qq; Tue, 16 Dec 2008 05:16:39 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4908B3A6883; Tue, 16 Dec 2008 05:16:36 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCZhj-000Noy-PB for namedroppers-data0@psg.com; Tue, 16 Dec 2008 13:11:15 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCZhd-000NoH-GG for namedroppers@ops.ietf.org; Tue, 16 Dec 2008 13:11:12 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 295D8114088; Tue, 16 Dec 2008 13:11:06 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 77A96E606A; Tue, 16 Dec 2008 13:11:06 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBGDB4Pb081463; Wed, 17 Dec 2008 00:11:04 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812161311.mBGDB4Pb081463@drugs.dv.isc.org> To: Jelte Jansen Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal In-reply-to: Your message of "Tue, 16 Dec 2008 11:12:25 BST." <49477F09.90009@NLnetLabs.nl> Date: Wed, 17 Dec 2008 00:11:04 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: In message <49477F09.90009@NLnetLabs.nl>, Jelte Jansen writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Ok, i've refined the text a bit, and made two possible versions of 5.2.2 > for the validator part, see below. > > There is the scary variant of my previous text, with a little > explanation on why it's a bad idea, and the version like Mark proposed, > which is safe and secure (but more of a burden on people who for > whatever reason would think that you don't need nsec3 validating code). > > 5.2. Support for NSEC3 Denial of Existence > > Note that these algorithms have no aliases to signal NSEC3 denial of > existence. The aliases mechanism used in RFC5155 was to protect > implementations predating that RFC from encountering records they > could not know about. > > Implementations that support RSA/SHA-2 algorithms SHOULD also > implement NSEC3 denial of existence [RFC5155]. > > 5.2.1. NSEC3 in Authoritative servers > > An authoritative server that does not implement NSEC3 can still serve > zones that use RSA/SHA2 with NSEC. > > 5.2.2. NSEC3 in Validators > > A DNSSEC Validator that implements RSA/SHA2 MUST be able to > handle both NSEC and NSEC3 negative answers. If the validator is > not able to handle both, it MUST treat a zone signed with > RSA/SHA256 or RSA/SHA512 as insecure. This version of 5.2.2 reflects what is being signaled. > Jelte -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 16 07:47:46 2008 Return-Path: X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 301723A695B; Tue, 16 Dec 2008 07:47:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.117 X-Spam-Level: X-Spam-Status: No, score=-3.117 tagged_above=-999 required=5 tests=[AWL=-2.623, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsKnmzOFuFQH; Tue, 16 Dec 2008 07:47:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 124023A67AC; Tue, 16 Dec 2008 07:47:45 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCc0O-0008Zj-VJ for namedroppers-data0@psg.com; Tue, 16 Dec 2008 15:38:40 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCc0J-0008Y6-Fa for namedroppers@ops.ietf.org; Tue, 16 Dec 2008 15:38:38 +0000 Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBGFca1A065074 for ; Tue, 16 Dec 2008 10:38:36 -0500 (EST) (envelope-from namedroppers@stora.ogud.com) Received: (from namedroppers@localhost) by stora.ogud.com (8.14.2/8.14.2/Submit) id mBGFca8r065073 for namedroppers@ops.ietf.org; Tue, 16 Dec 2008 10:38:36 -0500 (EST) (envelope-from namedroppers) Received: from [64.78.22.237] (helo=EXPFE100-2.exc.icann.org) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LCKha-000JFZ-QJ for namedroppers@ops.ietf.org; Mon, 15 Dec 2008 21:10:08 +0000 Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.233]) by EXPFE100-2.exc.icann.org ([64.78.22.237]) with mapi; Mon, 15 Dec 2008 13:10:06 -0800 From: Michelle Cotton To: Rob Austein , "namedroppers@ops.ietf.org" Date: Mon, 15 Dec 2008 13:09:58 -0800 Subject: Re: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Topic: [dnsext] IANA DNS params registry typo w.r.t. label types Thread-Index: Acle92crZS0zL7ugS2G7+j2JqlxZGQAAhUAZ Message-ID: In-Reply-To: <20081215205436.5E99022836@thrintun.hactrn.net> Accept-Language: en-US Content-Language: en X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_C56C07A621299michellecottonicannorg_" MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] --_000_C56C07A621299michellecottonicannorg_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Yes... IANA would be grateful for any appropriate corrections. Thank you Rob. Michelle Cotton IANA On 12/15/08 12:54 PM, "Rob Austein" wrote: > From: Nicolas Williams > Date: Thu, 11 Dec 2008 15:11:39 -0800 > > Registry Name: DNS Label types > Reference: [RFC5001] > Registration Procedures: IETF standards action > > But RFC5001 doesn't even have the word "label" in it, and its IANA > considerations section only mentions the allocation of an EDNS > option code (3). Michelle can confirm or deny this, but as I understand it the "reference" tags in IANA registries sometimes refers to the document that last caused an update, whether the document in question actually mentioned the registry in question or not. That is, sometimes it's less of a "reference" in the normal sense and more of a "fingerprint". Several nitpicky errors discovered during publication of RFC 5001 caused IANA to conduct its last cleanup of several EDNS-related registries, thus RFC 5001's fingerprint ended up on those registries. I don't claim that this makes sense, exactly, but it appears to be what what happens. If someone wants to go through all of the DNS parameter registries, check all the references, and suggest corrections where appropriate, I'm sure IANA would be grateful. --_000_C56C07A621299michellecottonicannorg_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Re: [dnsext] IANA DNS params registry typo w.r.t. label types</TITLE= > </HEAD> <BODY> <FONT SIZE=3D"4"><FONT FACE=3D"Calibri, Verdana, Helvetica, Arial"><SPAN ST= YLE=3D'font-size:11pt'>Yes... IANA would be grateful for any appropriate co= rrections.<BR> <BR> Thank you Rob.<BR> <BR> Michelle Cotton<BR> IANA<BR> <BR> <BR> On 12/15/08 12:54 PM, "Rob Austein" <sra@isc.org> wrote:<BR= > <BR> </SPAN></FONT></FONT><BLOCKQUOTE><FONT SIZE=3D"4"><FONT FACE=3D"Calibri, Ve= rdana, Helvetica, Arial"><SPAN STYLE=3D'font-size:11pt'>> From: Nicolas = Williams <Nicolas.Williams@sun.com><BR> > Date: Thu, 11 Dec 2008 15:11:39 -0800<BR> ><BR> > Registry Name: DNS Label types<BR> > Reference: [RFC5001]<BR> > Registration Procedures: IETF standards action<BR> ><BR> > But RFC5001 doesn't even have the word "label" in it, and it= s IANA<BR> > considerations section only mentions the allocation of an EDNS<BR> > option code (3).<BR> <BR> Michelle can confirm or deny this, but as I understand it the<BR> "reference" tags in IANA registries sometimes refers to the docum= ent<BR> that last caused an update, whether the document in question actually<BR> mentioned the registry in question or not.  That is, sometimes it's<BR= > less of a "reference" in the normal sense and more of a "fin= gerprint".<BR> Several nitpicky errors discovered during publication of RFC 5001<BR> caused IANA to conduct its last cleanup of several EDNS-related<BR> registries, thus RFC 5001's fingerprint ended up on those registries.<BR> <BR> I don't claim that this makes sense, exactly, but it appears to be<BR> what what happens.  If someone wants to go through all of the DNS<BR> parameter registries, check all the references, and suggest<BR> corrections where appropriate, I'm sure IANA would be grateful.<BR> <BR> </SPAN></FONT></FONT></BLOCKQUOTE> </BODY> </HTML> --_000_C56C07A621299michellecottonicannorg_-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From mvelasquez@alsasa.com Tue Dec 16 17:53:40 2008 Return-Path: <mvelasquez@alsasa.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFB053A68C1 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 16 Dec 2008 17:53:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.528 X-Spam-Level: X-Spam-Status: No, score=-9.528 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DYNAMIC=1.144, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJRqr7YoLsq2 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 16 Dec 2008 17:53:40 -0800 (PST) Received: from 82-42-178-137.cable.ubr06.know.blueyonder.co.uk (82-42-178-137.cable.ubr06.know.blueyonder.co.uk [82.42.178.137]) by core3.amsl.com (Postfix) with SMTP id A5E023A676A for <dnsext-archive@ietf.org>; Tue, 16 Dec 2008 17:53:39 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Your order From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081217015339.A5E023A676A@core3.amsl.com> Date: Tue, 16 Dec 2008 17:53:39 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1250"> </HEAD> <BODY><a href="http://dealwills.com/" target="_blank"> <img src="http://images.dealwills.com/cv1.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From owner-namedroppers@ops.ietf.org Wed Dec 17 05:34:33 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BA5028C1DC; Wed, 17 Dec 2008 05:34:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.048 X-Spam-Level: X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o+7Xy7AzaIfW; Wed, 17 Dec 2008 05:34:18 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9B7B928C1EE; Wed, 17 Dec 2008 05:33:55 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LCwJp-000MA5-NE for namedroppers-data0@psg.com; Wed, 17 Dec 2008 13:20:05 +0000 Received: from [129.6.16.227] (helo=smtp.nist.gov) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <scottr@nist.gov>) id 1LCwJj-000M8C-Kw for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 13:20:02 +0000 Received: from 98-140.antd.nist.gov (98-140.antd.nist.gov [129.6.140.98]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id mBHDJrX4016868 for <namedroppers@ops.ietf.org>; Wed, 17 Dec 2008 08:19:53 -0500 Message-ID: <4948FC79.9060708@nist.gov> Date: Wed, 17 Dec 2008 08:19:53 -0500 From: Scott Rose <scottr@nist.gov> Organization: NIST User-Agent: Thunderbird 2.0.0.6 (X11/20070728) MIME-Version: 1.0 To: namedroppers@ops.ietf.org Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal References: <49477F09.90009@NLnetLabs.nl> In-Reply-To: <49477F09.90009@NLnetLabs.nl> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: scottr@nist.gov Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Jelte Jansen wrote: > > Ok, i've refined the text a bit, and made two possible versions of 5.2.2 > for the validator part, see below. > > > 5.2. Support for NSEC3 Denial of Existence > > Note that these algorithms have no aliases to signal NSEC3 denial of > existence. The aliases mechanism used in RFC5155 was to protect > implementations predating that RFC from encountering records they > could not know about. > > Implementations that support RSA/SHA-2 algorithms SHOULD also > implement NSEC3 denial of existence [RFC5155]. > I agree with Alex that if we go with option 2 below, that SHOULD would have to be changed to MUST to keep it consistent. > 5.2.1. NSEC3 in Authoritative servers > > An authoritative server that does not implement NSEC3 can still serve > zones that use RSA/SHA2 with NSEC. > I think the can could be changed to a MAY without a problem. Looking at RFC 2119 it seems correct. > > > And one of these: > > 5.2.2. NSEC3 in Validators > > If a validator chooses not to support NSEC3, it MUST recognize NSEC3 > Resource Records and treat any zone that uses those as unsigned, > after verifying their signatures. This does, however, make you > insecure for negative answers within the zone, and is not > recommended. > > OR > > 5.2.2. NSEC3 in Validators > > A DNSSEC Validator that implements RSA/SHA2 MUST be able to > handle both NSEC and NSEC3 negative answers. If the validator is > not able to handle both, it MUST treat a zone signed with > RSA/SHA256 or RSA/SHA512 as insecure. > > In the second option, should the validator treat the zone as insecure or unsigned? I'm wondering to myself if that really makes a difference. Scott > Jelte -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> -- ---------------------------------------- Scott Rose Computer Scientist NIST ph: +1 301-975-8439 scott.rose@nist.gov http://www-x.antd.nist.gov/dnssec http://www.dnsops.gov/ ----------------------------------------- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 17 07:36:28 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 029BD3A6825; Wed, 17 Dec 2008 07:36:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZcYBPpkGONzQ; Wed, 17 Dec 2008 07:36:27 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1DE6E3A6452; Wed, 17 Dec 2008 07:36:27 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LCyMi-0006yl-J0 for namedroppers-data0@psg.com; Wed, 17 Dec 2008 15:31:12 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LCyMY-0006xy-Nj for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 15:31:10 +0000 Received: from [10.31.200.207] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBHFV017075460; Wed, 17 Dec 2008 10:31:00 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240800c56ec8c9f56f@[192.168.1.103]> In-Reply-To: <4948FC79.9060708@nist.gov> References: <49477F09.90009@NLnetLabs.nl> <4948FC79.9060708@nist.gov> Date: Wed, 17 Dec 2008 10:25:29 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> At 8:19 -0500 12/17/08, Scott Rose wrote: >> Implementations that support RSA/SHA-2 algorithms SHOULD also >> implement NSEC3 denial of existence [RFC5155]. >> > >I agree with Alex that if we go with option 2 below, that SHOULD would >have to be changed to MUST to keep it consistent. The problem with that is the scope of the requirement. Why would an authoritative name server implementation have to comply with RFC 5155 because it wants to use RSA/SHA-2(56)? (Assuming there is no requirement for RFC 5155 in the intended market for the server.) I could see "Implementations of DNSSEC validators MUST" - provided we have defined what a "DNSSEC validator" is. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 17 08:01:24 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B2003A68D3; Wed, 17 Dec 2008 08:01:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UACZzQj1wqsG; Wed, 17 Dec 2008 08:01:23 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EC5133A6B09; Wed, 17 Dec 2008 08:01:04 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LCylk-0009fS-AH for namedroppers-data0@psg.com; Wed, 17 Dec 2008 15:57:04 +0000 Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <alex@alex.org.uk>) id 1LCylf-0009eq-4b for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 15:57:01 +0000 Received: from [192.168.100.15] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id BF06FC2DB2; Wed, 17 Dec 2008 15:56:55 +0000 (GMT) Date: Wed, 17 Dec 2008 15:56:52 +0000 From: Alex Bligh <alex@alex.org.uk> Reply-To: Alex Bligh <alex@alex.org.uk> To: Edward Lewis <Ed.Lewis@neustar.biz>, namedroppers@ops.ietf.org cc: ed.lewis@neustar.biz, Alex Bligh <alex@alex.org.uk> Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal Message-ID: <B15CD1C6EAE6F9EE62F531E0@Ximines.local> In-Reply-To: <a06240800c56ec8c9f56f@[192.168.1.103]> References: <49477F09.90009@NLnetLabs.nl> <4948FC79.9060708@nist.gov> <a06240800c56ec8c9f56f@[192.168.1.103]> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> --On 17 December 2008 10:25:29 -0500 Edward Lewis <Ed.Lewis@neustar.biz> wrote: >>> Implementations that support RSA/SHA-2 algorithms SHOULD also >>> implement NSEC3 denial of existence [RFC5155]. >>> >> >> I agree with Alex that if we go with option 2 below, that SHOULD would >> have to be changed to MUST to keep it consistent. > > The problem with that is the scope of the requirement. Why would an > authoritative name server implementation have to comply with RFC 5155 > because it wants to use RSA/SHA-2(56)? (Assuming there is no requirement > for RFC 5155 in the intended market for the server.) > > I could see "Implementations of DNSSEC validators MUST" - provided we > have defined what a "DNSSEC validator" is. My proposal, in the event we go with option 2, was to move the 'SHOULD' recommendation from 5.2 (servers and validators) to 5.2.1 (servers) , as 5.2.2 (validators) already contains a 'MUST' for this. This was to address the confusion of there being a SHOULD and a MUST for the same thing for validators. Or are you arguing that in option 2 there should not even be a "SHOULD" for servers? Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 17 08:06:55 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B25C03A6B03; Wed, 17 Dec 2008 08:06:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7LQ7d5sIE3N; Wed, 17 Dec 2008 08:06:55 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EAB473A6B02; Wed, 17 Dec 2008 08:06:54 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LCyrq-000A6c-89 for namedroppers-data0@psg.com; Wed, 17 Dec 2008 16:03:22 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LCyri-000A5u-6y for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 16:03:16 +0000 Received: from [10.31.200.207] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBHG3B8d075771; Wed, 17 Dec 2008 11:03:11 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240804c56ed21823d5@[10.31.200.207]> In-Reply-To: <B15CD1C6EAE6F9EE62F531E0@Ximines.local> References: <49477F09.90009@NLnetLabs.nl> <4948FC79.9060708@nist.gov> <a06240800c56ec8c9f56f@[192.168.1.103]> <B15CD1C6EAE6F9EE62F531E0@Ximines.local> Date: Wed, 17 Dec 2008 11:03:03 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal Cc: Edward Lewis <Ed.Lewis@neustar.biz> Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> At 15:56 +0000 12/17/08, Alex Bligh wrote: >Or are you arguing that in option 2 there should not even be a "SHOULD" >for servers? Yeah, I suppose. For a "general purpose implementation" I would use "RECOMMENDED" (that a server doing implementing RSA/SHA-2[56] also implement NSEC3). For a turn-key implementation why does RSA/SHA-2(56) depend on NSEC3? I don't see a link between the two. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 17 10:23:57 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7A0728C1EA; Wed, 17 Dec 2008 10:23:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.048 X-Spam-Level: X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IgTjYY-rqLVX; Wed, 17 Dec 2008 10:23:55 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 99D5628C1DF; Wed, 17 Dec 2008 10:23:55 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LD0xl-000MTB-K1 for namedroppers-data0@psg.com; Wed, 17 Dec 2008 18:17:37 +0000 Received: from [129.6.16.227] (helo=smtp.nist.gov) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <scottr@nist.gov>) id 1LD0xW-000MQ1-SJ for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 18:17:29 +0000 Received: from 98-140.antd.nist.gov (98-140.antd.nist.gov [129.6.140.98]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id mBHIHKxC002711 for <namedroppers@ops.ietf.org>; Wed, 17 Dec 2008 13:17:20 -0500 Message-ID: <4949422C.7080303@nist.gov> Date: Wed, 17 Dec 2008 13:17:16 -0500 From: Scott Rose <scottr@nist.gov> Organization: NIST User-Agent: Thunderbird 2.0.0.6 (X11/20070728) MIME-Version: 1.0 To: namedroppers@ops.ietf.org Subject: Re: [dnsext] RSA/SHA2 new NSEC3 text proposal References: <49477F09.90009@NLnetLabs.nl> <4948FC79.9060708@nist.gov> <a06240800c56ec8c9f56f@[192.168.1.103]> In-Reply-To: <a06240800c56ec8c9f56f@[192.168.1.103]> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-NIST-MailScanner: Found to be clean X-NIST-MailScanner-From: scottr@nist.gov Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Edward Lewis wrote: > At 8:19 -0500 12/17/08, Scott Rose wrote: > >>> Implementations that support RSA/SHA-2 algorithms SHOULD also >>> implement NSEC3 denial of existence [RFC5155]. >>> >> >> I agree with Alex that if we go with option 2 below, that SHOULD would >> have to be changed to MUST to keep it consistent. > > The problem with that is the scope of the requirement. Why would an > authoritative name server implementation have to comply with RFC 5155 > because it wants to use RSA/SHA-2(56)? (Assuming there is no > requirement for RFC 5155 in the intended market for the server.) > > I could see "Implementations of DNSSEC validators MUST" - provided we > have defined what a "DNSSEC validator" is. I always assumed "validator" as used in RFC 4033. But I see your point about "implementations" be too broad. Perhaps having that statement only refer to validator implementations? Scott -- ---------------------------------------- Scott Rose Computer Scientist NIST ph: +1 301-975-8439 scott.rose@nist.gov http://www-x.antd.nist.gov/dnssec http://www.dnsops.gov/ ----------------------------------------- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 17 10:28:57 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA02F28C1E0; Wed, 17 Dec 2008 10:28:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xXEvpJtN0p1X; Wed, 17 Dec 2008 10:28:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 23C2828C1BD; Wed, 17 Dec 2008 10:28:56 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LD14X-000NFw-Ik for namedroppers-data0@psg.com; Wed, 17 Dec 2008 18:24:37 +0000 Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <wwwrun@core3.amsl.com>) id 1LD13z-000NBh-FS for namedroppers@ops.ietf.org; Wed, 17 Dec 2008 18:24:10 +0000 Received: by core3.amsl.com (Postfix, from userid 30) id 7399728C1E8; Wed, 17 Dec 2008 10:23:59 -0800 (PST) X-idtracker: yes From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, dnsext mailing list <namedroppers@ops.ietf.org>, dnsext chair <dnsext-chairs@tools.ietf.org> Subject: [dnsext] Protocol Action: 'Measures for making DNS more resilient against forged answers' to Proposed Standard Message-Id: <20081217182400.7399728C1E8@core3.amsl.com> Date: Wed, 17 Dec 2008 10:24:00 -0800 (PST) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> The IESG has approved the following document: - 'Measures for making DNS more resilient against forged answers ' <draft-ietf-dnsext-forgery-resilience-10.txt> as a Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact persons are Mark Townsley and Jari Arkko. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-10.txt - Technical Summary DNS uses UDP for most of its query resolution process, to protect against forged UDP replies DNS has relied on a Query-ID field that is 16 bits long. The size of this field was adequate when network connections were slower than is common today. The document documents measures to extend the effective Query-ID by using all available UDP ports, different source address (when possible) and using different authorative servers. All of the measures documented in the document, have been in use in certain implementations for a long time, and recently been almost universally deployed in all major implementations. - Working Group Summary There is a broad consensus that this important document be published. - Protocol Quality The techniques described in the document have been implemented and are in use use by number of implementations, with no interoperabilty issues. The only issues observed have been related to inability to allocate large number of open ports on certain operating systems, and firewalls/IDS not expecting the use of random ports by DNS resolvers. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From jeremys@abeer.com Wed Dec 17 18:26:39 2008 Return-Path: <jeremys@abeer.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C48973A6B4F for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 17 Dec 2008 18:26:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -23.332 X-Spam-Level: X-Spam-Status: No, score=-23.332 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6UGknAefVmyU for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 17 Dec 2008 18:26:39 -0800 (PST) Received: from 20minutos.es (unknown [190.178.73.65]) by core3.amsl.com (Postfix) with SMTP id 77FBB3A6959 for <dnsext-archive@ietf.org>; Wed, 17 Dec 2008 18:26:37 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: RE: Your inquiry From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081218022638.77FBB3A6959@core3.amsl.com> Date: Wed, 17 Dec 2008 18:26:37 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY><table> <tr><td><a href="http://hisspread.com/"> <img src="http://hisspread.com/dsygne.gif" border="0" alt="Go to site!"></a> </td></tr></table></BODY></HTML> From owner-namedroppers@ops.ietf.org Thu Dec 18 08:31:25 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6B663A6983; Thu, 18 Dec 2008 08:31:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.466 X-Spam-Level: X-Spam-Status: No, score=-0.466 tagged_above=-999 required=5 tests=[AWL=-0.866, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9BxPLtK3zf9; Thu, 18 Dec 2008 08:31:25 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1DB173A6955; Thu, 18 Dec 2008 08:31:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDLdQ-000Bpk-Tu for namedroppers-data0@psg.com; Thu, 18 Dec 2008 16:22:00 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDLdM-000BpP-9o for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 16:21:58 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 078DE2FE964B for <namedroppers@ops.ietf.org>; Thu, 18 Dec 2008 16:21:54 +0000 (UTC) Date: Thu, 18 Dec 2008 11:21:50 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: [dnsext] Disposition of request for assignment: ASSET (IANA #164632) Message-ID: <20081218162150.GK1337@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, After due consideration under the procedures of RFC 5395, the request for the assignment of the ASSET RRTYPE is rejected. Best regards, Andrew Sullivan -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 08:36:00 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 87BBC3A691A; Thu, 18 Dec 2008 08:36:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.427 X-Spam-Level: X-Spam-Status: No, score=-0.427 tagged_above=-999 required=5 tests=[AWL=-0.827, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n8UiGJ5Sn1jz; Thu, 18 Dec 2008 08:35:59 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BCC393A6933; Thu, 18 Dec 2008 08:35:59 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDLjz-000CJR-AF for namedroppers-data0@psg.com; Thu, 18 Dec 2008 16:28:47 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDLjv-000CIy-DF for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 16:28:45 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 6B8532FE97ED for <namedroppers@ops.ietf.org>; Thu, 18 Dec 2008 16:28:42 +0000 (UTC) Date: Thu, 18 Dec 2008 11:28:40 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: [dnsext] Disposition of request for assignment: NEGATIVE (IANA #186451) Message-ID: <20081218162840.GN1337@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, After due consideration under the terms of RFC 5395, the request for the RRTYPE assignment NEGATIVE has been rejected. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 09:40:59 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 089613A6AB7; Thu, 18 Dec 2008 09:40:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.495 X-Spam-Level: X-Spam-Status: No, score=-4.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJHxRbW3kIGW; Thu, 18 Dec 2008 09:40:58 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 307733A6B23; Thu, 18 Dec 2008 09:40:58 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDMmx-000HlY-Of for namedroppers-data0@psg.com; Thu, 18 Dec 2008 17:35:55 +0000 Received: from [65.201.175.9] (helo=cliffie.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <mlarson@verisign.com>) id 1LDMmt-000Hl3-Fb for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 17:35:53 +0000 Received: from monsoon.verisignlabs.com (scooter.bo.labs.vrsn.com [172.25.170.10]) by cliffie.verisignlabs.com (Postfix) with ESMTP id E0C5813671B; Thu, 18 Dec 2008 12:35:47 -0500 (EST) Received: from dul1mcmlarson-l1.labs.vrsn.com (dul1mcmlarson-l1.labs.vrsn.com [10.131.244.205]) by monsoon.verisignlabs.com (Postfix) with ESMTP id D9FFB2422F0; Thu, 18 Dec 2008 12:35:47 -0500 (EST) Date: Thu, 18 Dec 2008 12:35:45 -0500 From: Matt Larson <mlarson@verisign.com> To: Andrew Sullivan <ajs@shinkuro.com> Cc: namedroppers@ops.ietf.org Subject: [dnsext] ASSET and NEGATIVE RRTYPE requests Message-ID: <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Andrew, On Thu, 18 Dec 2008, Andrew Sullivan wrote: > After due consideration under the procedures of RFC 5395, the > request for the assignment of the ASSET RRTYPE is rejected. On Thu, 18 Dec 2008, Andrew Sullivan wrote: > After due consideration under the terms of RFC 5395, the request for > the RRTYPE assignment NEGATIVE has been rejected. Who were the designated Experts for these reviews? While Section 3.1.1 of RFC 5395 does not require it, I think the Working Group would benefit from understanding the reasoning for rejecting these two requests. This clarification will help future requesters to understand the criteria. Thanks, Matt -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 10:08:54 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D6F33A6A4B; Thu, 18 Dec 2008 10:08:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.391 X-Spam-Level: X-Spam-Status: No, score=-0.391 tagged_above=-999 required=5 tests=[AWL=-0.791, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwYf9xsykBtF; Thu, 18 Dec 2008 10:08:53 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6A6553A6984; Thu, 18 Dec 2008 10:08:53 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDNEl-000JXZ-HO for namedroppers-data0@psg.com; Thu, 18 Dec 2008 18:04:39 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDNEd-000JWu-Ks for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 18:04:33 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 91CA62FE964B; Thu, 18 Dec 2008 18:04:30 +0000 (UTC) Date: Thu, 18 Dec 2008 13:04:29 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: Matt Larson <mlarson@verisign.com> Cc: namedroppers@ops.ietf.org Subject: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests Message-ID: <20081218180428.GR1337@shinkuro.com> References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> On Thu, Dec 18, 2008 at 12:35:45PM -0500, Matt Larson wrote: > Andrew, > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > After due consideration under the procedures of RFC 5395, the > > request for the assignment of the ASSET RRTYPE is rejected. > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > After due consideration under the terms of RFC 5395, the request for > > the RRTYPE assignment NEGATIVE has been rejected. > > Who were the designated Experts for these reviews? Sorry, I likely should have covered this in my notes, but I thought I'd mentioned it when we started those evaluations. It's been a long time, however, so better to repeat. We initiated both of those while the RFC was still 2929bis (i.e. it hadn't been finalized yet). The IESG appointed two experts: Roy Arends and Frederico Neves. They also appointed me chair of the panel of experts, which means that I'm officially an expert too. (You all may stop laughing now ;-) In order to get as much experience with the procedures as possible, and in order to check each other's work, we decided we should all evaluate these cases, in order to see that things are working. (We are in fact taking the same strategy with the open reviews of requests from Jim Reid.) For paperwork purposes, I think this means that I'm the designated expert, because I handled the communication with IANA. But in fact we all reviewed them. I anticipate in future that IANA will pick an expert who will not be me, and I'll just be around to ensure the smooth functioning of things. (Depending on the volume of requests we get, we may also go looking for additional experts for the pool.) > While Section 3.1.1 of RFC 5395 does not require it, I think the > Working Group would benefit from understanding the reasoning for > rejecting these two requests. This clarification will help future > requesters to understand the criteria. In the NEGATIVE case, during the namedroppers discussion period, someone suggested a different strategy which did not depend on the assignment. Stuart Cheshire asked us to put the request "on hold" while he investigated that option, but he tells me he hasn't had time to look at it properly. The six weeks maximum is long since past, so for administrative reasons we have to reject the request. A similar request could be made in future, however, and we would not treat this rejection as a precedent. In the ASSET case, there were some more serious problems. Of special concern is that the existing I-D that defines the RRTYPE has a fallback mechanism to TXT. This seemed to violate RFC 5395 section 3.1.2, rule 2. We had some questions as well about some assumptions in the I-D and whether the documentation was complete enough. I asked for some clarification some time ago, but I haven't received anything. Partly because I've been delinquent, this has been hanging on, but at IANA's nudging I had to conclude that we weren't going to hear anything back, so the request has to be rejected. Does this clear things up? Best, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 11:09:02 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A437B3A6BA4; Thu, 18 Dec 2008 11:09:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.495 X-Spam-Level: X-Spam-Status: No, score=-4.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4enFvbranEU; Thu, 18 Dec 2008 11:09:02 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CC9BF3A6B49; Thu, 18 Dec 2008 11:09:01 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDO9k-000PJU-Ci for namedroppers-data0@psg.com; Thu, 18 Dec 2008 19:03:32 +0000 Received: from [65.201.175.9] (helo=cliffie.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <mlarson@verisign.com>) id 1LDO9g-000PIO-5f for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 19:03:29 +0000 Received: from monsoon.verisignlabs.com (scooter.bo.labs.vrsn.com [172.25.170.10]) by cliffie.verisignlabs.com (Postfix) with ESMTP id 45CF513671B; Thu, 18 Dec 2008 14:03:27 -0500 (EST) Received: from dul1mcmlarson-l1.labs.vrsn.com (dul1mcmlarson-l1.labs.vrsn.com [10.131.244.205]) by monsoon.verisignlabs.com (Postfix) with ESMTP id 3ED0B2422F0; Thu, 18 Dec 2008 14:03:27 -0500 (EST) Date: Thu, 18 Dec 2008 14:03:24 -0500 From: Matt Larson <mlarson@verisign.com> To: Andrew Sullivan <ajs@shinkuro.com> Cc: namedroppers@ops.ietf.org Subject: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests Message-ID: <20081218190324.GE1475@dul1mcmlarson-l1.labs.vrsn.com> References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081218180428.GR1337@shinkuro.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> On Thu, 18 Dec 2008, Andrew Sullivan wrote: > Does this clear things up? Yes, thanks! I engaged the Not-So-Wayback Machine and found your note about the 2929bis process (with Roy and Frederico) and the discussion that ensued around the ASSET and NEGATIVE requests. I'm not surprised by these rejections given the mailing list discussion, but my question was if there was any more to the rejections than that, and it sounds like no. Thanks, Matt -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 15:46:33 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DAB1028C10E; Thu, 18 Dec 2008 15:46:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.664 X-Spam-Level: X-Spam-Status: No, score=0.664 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVAwrJwjjEe3; Thu, 18 Dec 2008 15:46:32 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BEA4D3A692F; Thu, 18 Dec 2008 15:45:47 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDSRq-000HvB-6P for namedroppers-data0@psg.com; Thu, 18 Dec 2008 23:38:30 +0000 Received: from [209.86.89.68] (helo=elasmtp-masked.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDSRi-000Huk-3Y for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 23:38:24 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=aK1MpLKnUqWvrCXz//N/dFFOghoDOvWGrGlMQBiPNIgCS/TmxaJ5DIgJWBFiAgS9; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.103.5] (helo=ix.netcom.com) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDSRG-0005JE-6C; Thu, 18 Dec 2008 18:38:19 -0500 Message-ID: <4949A6DC.98111DE1@ix.netcom.com> Date: Wed, 17 Dec 2008 17:26:53 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Matt Larson <mlarson@verisign.com> CC: Andrew Sullivan <ajs@shinkuro.com>, namedroppers@ops.ietf.org Subject: Re: [dnsext] ASSET and NEGATIVE RRTYPE requests References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688f9f914aef380ff4be0a96acc2312125c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.103.5 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Matt, Andrew and all, Good question, and seconded! Matt Larson wrote: > Andrew, > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > After due consideration under the procedures of RFC 5395, the > > request for the assignment of the ASSET RRTYPE is rejected. > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > After due consideration under the terms of RFC 5395, the request for > > the RRTYPE assignment NEGATIVE has been rejected. > > Who were the designated Experts for these reviews? > > While Section 3.1.1 of RFC 5395 does not require it, I think the > Working Group would benefit from understanding the reasoning for > rejecting these two requests. This clarification will help future > requesters to understand the criteria. > > Thanks, > > Matt > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Thu Dec 18 15:47:08 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF9F73A692F; Thu, 18 Dec 2008 15:47:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.628 X-Spam-Level: X-Spam-Status: No, score=0.628 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zZxVhob0WIG; Thu, 18 Dec 2008 15:47:07 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4B1003A687F; Thu, 18 Dec 2008 15:47:07 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDSW9-000I97-NR for namedroppers-data0@psg.com; Thu, 18 Dec 2008 23:42:57 +0000 Received: from [209.86.89.70] (helo=elasmtp-banded.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDSW4-000I8q-OX for namedroppers@ops.ietf.org; Thu, 18 Dec 2008 23:42:55 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=lsVp2gUaCsXy6z2uCBSOY9F0gPN4/siJaxvK0aGxWM1lGEnpzoj5u5/vOZ1yxJhw; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.103.5] (helo=ix.netcom.com) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDSW1-0006qh-2G; Thu, 18 Dec 2008 18:42:50 -0500 Message-ID: <4949A84D.BCFDB9E0@ix.netcom.com> Date: Wed, 17 Dec 2008 17:33:01 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Sullivan <ajs@shinkuro.com> CC: Matt Larson <mlarson@verisign.com>, namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688945c4a5c183e69683d79cf6cbbebda3c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.103.5 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Andrew and all, So than essentially the rejection is due to lack of a review. That's ok, but weak. Perhaps keeping this "On Hold" would have been a better decision? Andrew Sullivan wrote: > On Thu, Dec 18, 2008 at 12:35:45PM -0500, Matt Larson wrote: > > Andrew, > > > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > > After due consideration under the procedures of RFC 5395, the > > > request for the assignment of the ASSET RRTYPE is rejected. > > > > On Thu, 18 Dec 2008, Andrew Sullivan wrote: > > > After due consideration under the terms of RFC 5395, the request for > > > the RRTYPE assignment NEGATIVE has been rejected. > > > > Who were the designated Experts for these reviews? > > Sorry, I likely should have covered this in my notes, but I thought > I'd mentioned it when we started those evaluations. It's been a long > time, however, so better to repeat. We initiated both of those while > the RFC was still 2929bis (i.e. it hadn't been finalized yet). > > The IESG appointed two experts: Roy Arends and Frederico Neves. They > also appointed me chair of the panel of experts, which means that I'm > officially an expert too. (You all may stop laughing now ;-) > > In order to get as much experience with the procedures as possible, > and in order to check each other's work, we decided we should all > evaluate these cases, in order to see that things are working. (We > are in fact taking the same strategy with the open reviews of requests > from Jim Reid.) For paperwork purposes, I think this means that I'm > the designated expert, because I handled the communication with IANA. > But in fact we all reviewed them. I anticipate in future that IANA > will pick an expert who will not be me, and I'll just be around to > ensure the smooth functioning of things. (Depending on the volume of > requests we get, we may also go looking for additional experts for the > pool.) > > > While Section 3.1.1 of RFC 5395 does not require it, I think the > > Working Group would benefit from understanding the reasoning for > > rejecting these two requests. This clarification will help future > > requesters to understand the criteria. > > In the NEGATIVE case, during the namedroppers discussion period, > someone suggested a different strategy which did not depend on the > assignment. Stuart Cheshire asked us to put the request "on hold" > while he investigated that option, but he tells me he hasn't had time > to look at it properly. The six weeks maximum is long since past, so > for administrative reasons we have to reject the request. A similar > request could be made in future, however, and we would not treat this > rejection as a precedent. > > In the ASSET case, there were some more serious problems. Of special > concern is that the existing I-D that defines the RRTYPE has a > fallback mechanism to TXT. This seemed to violate RFC 5395 section > 3.1.2, rule 2. We had some questions as well about some assumptions > in the I-D and whether the documentation was complete enough. I > asked for some clarification some time ago, but I haven't received > anything. Partly because I've been delinquent, this has been hanging > on, but at IANA's nudging I had to conclude that we weren't going to > hear anything back, so the request has to be rejected. > > Does this clear things up? > > Best, > > Andrew > > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From jlrd@accessvt.com Thu Dec 18 19:03:32 2008 Return-Path: <jlrd@accessvt.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24DE93A67F7 for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 18 Dec 2008 19:03:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -44.02 X-Spam-Level: X-Spam-Status: No, score=-44.02 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xVbC1py0+yrs for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 18 Dec 2008 19:03:32 -0800 (PST) Received: from amcham-china.org.cn (unknown [189.81.152.195]) by core3.amsl.com (Postfix) with SMTP id 6E5EA3A67D9 for <dnsext-archive@ietf.org>; Thu, 18 Dec 2008 19:03:28 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Get smashing love power From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081219030330.6E5EA3A67D9@core3.amsl.com> Date: Thu, 18 Dec 2008 19:03:28 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1250"> </HEAD> <BODY><a href="http://pleasestick.com/" target="_blank"> <img src="http://pleasestick.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From owner-namedroppers@ops.ietf.org Fri Dec 19 00:52:32 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5D933A69D3; Fri, 19 Dec 2008 00:52:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.949 X-Spam-Level: X-Spam-Status: No, score=-4.949 tagged_above=-999 required=5 tests=[AWL=-1.650, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_UK=1.749, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KB+7aXwUCqCa; Fri, 19 Dec 2008 00:52:32 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DCF373A69DB; Fri, 19 Dec 2008 00:52:31 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDayU-0002H5-MF for namedroppers-data0@psg.com; Fri, 19 Dec 2008 08:44:46 +0000 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <Ray.Bellis@nominet.org.uk>) id 1LDayL-0002GN-1m for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 08:44:42 +0000 DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Subject: MIME-Version:X-Mailer:Message-ID:From:Date:X-MIMETrack: Content-Type; b=uGjqFzr9b6r0441E6awsdN1gf0eSsT2lfuq8cDwlPBc68iuPtLbuGUcM TKaa9hDQWb0FE1a3kjqggilDDhMkzY1zFtfpNGtQ6v51qz/eaQ8OmCtIk ayFVgraf6lp/X+X; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1229676277; x=1261212277; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray.Bellis@nominet.org.uk|Subject:=20Re:=20[dnse xt]=20Re:=20ASSET=20and=20NEGATIVE=20RRTYPE=20requests |Date:=20Fri,=2019=20Dec=202008=2008:44:34=20+0000 |Message-ID:=20<OF53876212.2E1ED291-ON80257524.002FDCF1-8 0257524.0030068D@nominet.org.uk>|To:=20namedroppers@ops.i etf.org|MIME-Version:=201.0|In-Reply-To:=20<4949A84D.BCFD B9E0@ix.netcom.com>|References:=20<20081218162840.GN1337@ crankycanuck.ca>=20<20081218162150.GK1337@shinkuro.com> =20<20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> =20<20081218180428.GR1337@shinkuro.com>=20<4949A84D.BCFDB 9E0@ix.netcom.com>; bh=dPdwX64QYUcjcIZ0/LegdXfNTdmS/WqWojQoVi48vws=; b=RV5hRG/uO9zDumiYeOwTJ85occtVDhlLlgiLkDau37ZJWLIQVX//CVRP xsCByA6m4llDGYT7a5hqIoUX58l6ykX6tMaLnAtIso0F+nTIWTC7OXxpW B4LMKMTEk2rsChi; X-IronPort-AV: E=Sophos;i="4.36,248,1228089600"; d="scan'208";a="7465030" Received: from notes1.nominet.org.uk ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 19 Dec 2008 08:44:35 +0000 In-Reply-To: <4949A84D.BCFDB9E0@ix.netcom.com> References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> To: namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests MIME-Version: 1.0 X-Mailer: Lotus Notes Build V85_M2_08202008 August 20, 2008 Message-ID: <OF53876212.2E1ED291-ON80257524.002FDCF1-80257524.0030068D@nominet.org.uk> From: Ray.Bellis@nominet.org.uk Date: Fri, 19 Dec 2008 08:44:34 +0000 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 19/12/2008 08:44:34 AM, Serialize complete at 19/12/2008 08:44:34 AM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> > "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> > > So than essentially the rejection is due to lack of a review. > That's ok, but weak. Perhaps keeping this "On Hold" would > have been a better decision? My reading of Andrew's note is that the rejections are due to a lack of follow up *by the requestors* themselves. Ray -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 02:06:35 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A77573A688E; Fri, 19 Dec 2008 02:06:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.61 X-Spam-Level: X-Spam-Status: No, score=0.61 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IqsEvabGWaL; Fri, 19 Dec 2008 02:06:34 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9FFA43A6882; Fri, 19 Dec 2008 02:06:34 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDc9k-0006Y2-P1 for namedroppers-data0@psg.com; Fri, 19 Dec 2008 10:00:28 +0000 Received: from [209.86.89.67] (helo=elasmtp-scoter.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDc9Z-0006WX-5t for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 10:00:26 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=d8/R/qU+EPy8RkMTh2T9vHlKpD243FmxHRyA5xaRHeVNi3VrDw5NYLOTAfNKcrgo; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.100.19] (helo=ix.netcom.com) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDc9X-0007fX-6S; Fri, 19 Dec 2008 05:00:15 -0500 Message-ID: <494A3913.7AE10478@ix.netcom.com> Date: Thu, 18 Dec 2008 03:50:44 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Ray.Bellis@nominet.org.uk CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> <OF53876212.2E1ED291-ON80257524.002FDCF1-80257524.0030068D@nominet.org.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e519606887d16bc221a4ab51da5f81fbaa60f0ce0350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.100.19 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Ray and all, Ray.Bellis@nominet.org.uk wrote: > > "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> > > > > So than essentially the rejection is due to lack of a review. > > That's ok, but weak. Perhaps keeping this "On Hold" would > > have been a better decision? > > My reading of Andrew's note is that the rejections are due to a lack of > follow up *by the requestors* themselves. Wellm yes that too! Still a review irrespective of the requestors lack of follow up would seem to be in order.... In either or both respects, rejection seems to me anyway to be premature... > > > Ray > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From nielle@ama-assn.org Fri Dec 19 06:59:53 2008 Return-Path: <nielle@ama-assn.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED6013A6A05 for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 19 Dec 2008 06:59:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.849 X-Spam-Level: X-Spam-Status: No, score=-14.849 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DYNAMIC=1.144, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_MESSAGE=0.001, MANGLED_OFF=2.3, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iqyfs6s1gp5C for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 19 Dec 2008 06:59:53 -0800 (PST) Received: from net173.181.94-138.dynamic.omskdom.ru (net147.181.94-25.dynamic.omskdom.ru [94.181.147.25]) by core3.amsl.com (Postfix) with SMTP id D209D3A6911 for <dnsext-archive@ietf.org>; Fri, 19 Dec 2008 06:59:51 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Dear dnsext-archive, Dec 88% 0FF From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081219145951.D209D3A6911@core3.amsl.com> Date: Fri, 19 Dec 2008 06:59:51 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> </HEAD> <BODY>Dear Customer!<br> Lovers package at discount price!<br> Discount price store: ID 27367<br> <a href="http://beprobable.com/">http://beprobable.com/</a><br><br> Pfizer is a licensee of the TRUSTe Privacy Program.<br> © 2001-2008 Pfizer Inc. All rights reserved.</BODY></HTML> From owner-namedroppers@ops.ietf.org Fri Dec 19 07:32:44 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 86EB43A69F9; Fri, 19 Dec 2008 07:32:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.388 X-Spam-Level: X-Spam-Status: No, score=-0.388 tagged_above=-999 required=5 tests=[AWL=-0.788, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TlHRpa42wXOd; Fri, 19 Dec 2008 07:32:43 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 922693A69F6; Fri, 19 Dec 2008 07:32:43 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDhEY-0006xs-S1 for namedroppers-data0@psg.com; Fri, 19 Dec 2008 15:25:46 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDhEU-0006xR-4N for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 15:25:44 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 0F9DA2FE964B for <namedroppers@ops.ietf.org>; Fri, 19 Dec 2008 15:25:41 +0000 (UTC) Date: Fri, 19 Dec 2008 10:25:39 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests Message-ID: <20081219152539.GC3792@shinkuro.com> References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4949A84D.BCFDB9E0@ix.netcom.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Hi, On Wed, Dec 17, 2008 at 05:33:01PM -0800, Jeffrey A. Williams wrote: > Andrew and all, > > So than essentially the rejection is due to lack of a review. > That's ok, but weak. Perhaps keeping this "On Hold" would > have been a better decision? Do you mean for the case of the request for NEGATIVE, or the request for ASSET? If the former, no, it was not for lack of review, but in fact due to an explicit request on the part of the original requester, which came out of comments posted by people who had reviewed the request. If the latter, then it was also not for lack of review; rather, it was due to the review uncovering that the request did not meet the conditions for RRTYPE assignment under the expert review procedure. Note that there is no "on hold" status. Because we were early in the application of these procedures, and because RFC 5395 had not yet actually been published, it seemed ok to me to be a little more cautious, which translated into taking longer than the procedures officially allow. But the RFC is quite clear that the public comment period is between 3 and 6 weeks, after which the expert is supposed to render its decision fairly quickly. If the expert does not promptly render a decision, IANA is directed to mark the request rejected, so the procedure defaults to "no". My note was really just a formal recognition of that state of affairs. There isn't anything that prevents people from submitting a new request that is substantially the same, while having addressed the remarks. Also, please remember that the RFC 5395 procedures are supposed to be low-barrier RRTYPE assignments for relatively uncontroversial cases. If you need an RRTYPE assignment that requires special care, unusual rules, or anything of that sort, then the right thing to do is RRTYPE assignment by standards action; this requires deeper review, because the last call mechanism is used and consensus has to be declared. Expert review doesn't depend on those things; on the other hand, it is more likely to result in rejection if there is anything slightly unusual about the request. Is that clearer? A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 08:13:46 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 09E113A68DC; Fri, 19 Dec 2008 08:13:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.513 X-Spam-Level: X-Spam-Status: No, score=-1.513 tagged_above=-999 required=5 tests=[AWL=-1.018, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DdOsLhUxAFWQ; Fri, 19 Dec 2008 08:13:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id EB61B3A6819; Fri, 19 Dec 2008 08:13:44 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDhsV-000AMk-BE for namedroppers-data0@psg.com; Fri, 19 Dec 2008 16:07:03 +0000 Received: from [209.85.132.241] (helo=an-out-0708.google.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <d3e3e3@gmail.com>) id 1LDhsO-000AMH-SJ for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 16:07:00 +0000 Received: by an-out-0708.google.com with SMTP id d14so338298and.26 for <namedroppers@ops.ietf.org>; Fri, 19 Dec 2008 08:06:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=YiATgNeZ9wGGfLV8pv0EN3swTebBTvwRv1pjppZ+aC0=; b=fh8wcd4Tj9o6MqaJyMB444sEYej7nmyHCJWOooZh5mC244J/VXUyIFTTOt6SaIXVgx PYWBFe6tSdLkP+EOT4MvoJyiQAwYL5ZMW3/7p8+9VZCdx4aq1eLBdvCEgHyRJ4LmeWon qTJyk3FLQj28r6kJC9LMWtCQQLzneQ65cOAFw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=e4qco+mM+pZNgKCilJ/Qtbf5k1GMF9hrjUCOKY+ZyTjCej5JZWTu2TZRK88ugTC+Mm qdZB/jB/RJoByJrEsIod0PyKPxCH23G80IDhFKaUMW/YQGdpXhaF10jt0APeQs9MuRfS NRlcDHK/9TRwT9PHXRNt206K40vmqTH9aZWLg= Received: by 10.100.143.12 with SMTP id q12mr2313653and.22.1229702816331; Fri, 19 Dec 2008 08:06:56 -0800 (PST) Received: by 10.100.41.1 with HTTP; Fri, 19 Dec 2008 08:06:56 -0800 (PST) Message-ID: <1028365c0812190806lc73880ma168955abab02b8f@mail.gmail.com> Date: Fri, 19 Dec 2008 11:06:56 -0500 From: "Donald Eastlake" <d3e3e3@gmail.com> To: namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests In-Reply-To: <20081219152539.GC3792@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> <20081219152539.GC3792@shinkuro.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> On Fri, Dec 19, 2008 at 10:25 AM, Andrew Sullivan <ajs@shinkuro.com> wrote: > > Hi, > > On Wed, Dec 17, 2008 at 05:33:01PM -0800, Jeffrey A. Williams wrote: > > Andrew and all, > > > > So than essentially the rejection is due to lack of a review. > > That's ok, but weak. Perhaps keeping this "On Hold" would > > have been a better decision? > > ... > > Note that there is no "on hold" status. Because we were early in the > application of these procedures, and because RFC 5395 had not yet > actually been published, it seemed ok to me to be a little more > cautious, which translated into taking longer than the procedures > officially allow. But the RFC is quite clear that the public comment > period is between 3 and 6 weeks, after which the expert is supposed to > render its decision fairly quickly. If the expert does not promptly > render a decision, IANA is directed to mark the request rejected, so > the procedure defaults to "no". My note was really just a formal > recognition of that state of affairs. I'd like to emphasize this. The procedure is supposed to clean and simple. I didn't want a muddle of applications whose decision deadline keeps getting pushed out due to tweaks and re-cycling or put "on hold". It is no big deal to get rejected. Quite possibly in some cases it will be faster to get rejected, submit a changed application, and hopefully get approved than to keep diddling an application which is nominally in process... > There isn't anything that prevents people from submitting a new > request that is substantially the same, while having addressed the > remarks. RFC 5395 specifically points out that people can informally post their application template early to get community feedback. If they do that and adjust their application and submit beased on positive community feedback, one would hope that most will be approved by an appointed Expert. On the other hand, if people don't ask for or don't take into account community feedback or submit anyway even if their are lots of objections, maybe most will be rejected... Thanks, Donald > Also, please remember that the RFC 5395 procedures are supposed to > be low-barrier RRTYPE assignments for relatively uncontroversial > cases. If you need an RRTYPE assignment that requires special care, > unusual rules, or anything of that sort, then the right thing to do is > RRTYPE assignment by standards action; this requires deeper review, > because the last call mechanism is used and consensus has to be > declared. Expert review doesn't depend on those things; on the other > hand, it is more likely to result in rejection if there is anything > slightly unusual about the request. > > Is that clearer? > > A > > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. ============================= Donald E. Eastlake 3rd +1-508-634-2066 (home) 155 Beaver Street Milford, MA 01757 USA d3e3e3@gmail.com -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 08:35:52 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9F7928C12B; Fri, 19 Dec 2008 08:35:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.233 X-Spam-Level: X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[AWL=-1.039, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W--2NgF2p+l6; Fri, 19 Dec 2008 08:35:51 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6CBDF3A67E9; Fri, 19 Dec 2008 08:35:51 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDiEo-000CES-Oo for namedroppers-data0@psg.com; Fri, 19 Dec 2008 16:30:06 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ogud@ogud.com>) id 1LDiEi-000CDa-6z for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 16:30:03 +0000 Received: from Puki.ogud.com (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBJGU16j096647 for <namedroppers@ops.ietf.org>; Fri, 19 Dec 2008 11:30:01 -0500 (EST) (envelope-from ogud@ogud.com) Message-Id: <200812191630.mBJGU16j096647@stora.ogud.com> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 19 Dec 2008 10:55:20 -0500 To: namedroppers@ops.ietf.org From: =?iso-8859-1?Q?=D3lafur?= =?iso-8859-1?Q?_Gu=F0mundsson?= /DNSEXT chair <ogud@ogud.com> Subject: [dnsext] DNSEXT List Policy Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=====================_7320966==.ALT" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> --=====================_7320966==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Periodic posting, updated 19/Dec/2008. (new note well statement) List Purpose: namedroppers at ops.ietf.org is the mailing list for the IETF DNSEXT (DNS EXTensions) working group. See <http://www.ietf.org/html.charters/dnsext-charter.html> for the WG charter. Messages should be on topics appropriate to the DNSEXT WG, which are various discussion of the DNS protocols or administrivia of the WG itself. - Specific items that are not appropriate for posting Calls for papers, announcements of events not directly relevant to the DNS protocols, etc. are not appropriate. Discussion of problems with particular implementations, announcements of releases, sites' misconfiguration, pleas for help with specific implementations, etc. should be done on mailing lists for the particular implementations. There is a working group for DNS operational practice, DNSOP, whose charter can be found at <http://www.ietf.org/html.charters/dnsop-charter.html>. Items relevant to the DNSOP charter are to be discussed on the DNSOP mailing list. Discussion about the quality of implementations is outside the scope of this list. Moderation: Moderator: DNSEXT chair(s) unless otherwise announced on mailing list. Moderation is based on "subscriber-only with spam filter". To counter a certain class of spam mails, messages over 20000 characters, originating from list subscribers, will be held for moderations. Questions or concerns related to the acceptance or rejection of specific messages to the namedroppers mailing list should first be discussed with the WG chair, with follow up appeals using the normal appeals process of RFC 2026 (i.e. follow up with area directors, then IESG, etc.). Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: - the IETF plenary session, - any IETF working group or portion thereof, - the IESG or any member thereof on behalf of the IESG, - the IAB or any member thereof on behalf of the IAB, - any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, - the RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details. A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public. --=====================_7320966==.ALT Content-Type: text/html; charset="us-ascii" <html> <body> <font size=3><br> Periodic posting, updated 19/Dec/2008. (new note well statement)<br><br> List Purpose:<br><br>   namedroppers at ops.ietf.org is the mailing list for the IETF DNSEXT<br>   (DNS EXTensions) working group.<br><br>   See <<a href="http://www.ietf.org/html.charters/dnsext-charter.html" eudora="autourl"> http://www.ietf.org/html.charters/dnsext-charter.html</a>> for the<br>   WG charter.  Messages should be on topics appropriate to the DNSEXT<br>   WG, which are various discussion of the DNS protocols or<br>   administrivia of the WG itself.<br><br> - Specific items that are not appropriate for posting<br><br>   Calls for papers, announcements of events not directly relevant to<br>   the DNS protocols, etc. are not appropriate.<br><br>   Discussion of problems with particular implementations,<br>   announcements of releases, sites' misconfiguration, pleas for help<br>   with specific implementations, etc.  should be done on mailing lists<br>   for the particular implementations.<br><br>   There is a working group for DNS operational practice, DNSOP, whose<br>   charter can be found at<br>   <<a href="http://www.ietf.org/html.charters/dnsop-charter.html" eudora="autourl"> http://www.ietf.org/html.charters/dnsop-charter.html</a>>. Items<br>   relevant to the DNSOP charter are to be discussed on the DNSOP<br>   mailing list.<br><br>   Discussion about the quality of implementations is outside the scope<br>   of this list.<br><br> Moderation:<br><br>   Moderator: DNSEXT chair(s) unless otherwise announced on mailing list.<br><br>   Moderation is based on "subscriber-only with spam filter". To<br>   counter a certain class of spam mails, messages over 20000<br>   characters, originating from list subscribers, will be held for<br>   moderations.<br><br>   Questions or concerns related to the acceptance or rejection of<br>   specific messages to the namedroppers mailing list should first be<br>   discussed with the WG chair, with follow up appeals using the normal<br>   appeals process of RFC 2026 (i.e. follow up with area directors, then<br>   IESG, etc.).<br><br> Note Well<br><br> Any submission to the IETF intended by the Contributor for publication as all <br> or part of an IETF Internet-Draft or RFC and any statement made within the context <br> of an IETF activity is considered an "IETF Contribution". Such statements include <br> oral statements in IETF sessions, as well as written and electronic communications <br> made at any time or place, which are addressed to:<br> <x-tab>        </x-tab>- the IETF plenary session,<br> <x-tab>        </x-tab>- any IETF working group or portion thereof,<br> <x-tab>        </x-tab>- the IESG or any member thereof on behalf of the IESG,<br> <x-tab>        </x-tab>- the IAB or any member thereof on behalf of the IAB,<br> <x-tab>        </x-tab>- any IETF mailing list, including the IETF list itself, any working group <br> <x-tab>        </x-tab>  or design team list, or any other list functioning under IETF auspices,<br> <x-tab>        </x-tab>- the RFC Editor or the Internet-Drafts function<br><br> All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated <br> by RFC 4879).<br><br> Statements made outside of an IETF session, mailing list or other function, <br> that are clearly not intended to be input to an IETF activity, group or function, <br> are not IETF Contributions in the context of this notice. Please consult <br> RFC 5378 and RFC 3979 for details.<br><br> A participant in any IETF activity is deemed to accept all IETF rules of process, <br> as documented in Best Current Practices RFCs and IESG Statements.<br><br> A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.<br><br> </font></body> </html> --=====================_7320966==.ALT-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 10:32:10 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 44A2A3A6842; Fri, 19 Dec 2008 10:32:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.4 X-Spam-Level: X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AmHvK75t3gE; Fri, 19 Dec 2008 10:32:09 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2A3B83A67E9; Fri, 19 Dec 2008 10:32:09 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDk1m-000MsD-5a for namedroppers-data0@psg.com; Fri, 19 Dec 2008 18:24:46 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDk1f-000MrW-FQ for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 18:24:42 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 235D02FE964B for <namedroppers@ops.ietf.org>; Fri, 19 Dec 2008 18:24:38 +0000 (UTC) Date: Fri, 19 Dec 2008 13:24:36 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: Some remarks about new governing rules (Re: [dnsext] DNSEXT List Policy) Message-ID: <20081219182436.GA4592@shinkuro.com> References: <200812191630.mBJGU16j096647@stora.ogud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200812191630.mBJGU16j096647@stora.ogud.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, On Fri, Dec 19, 2008 at 10:55:20AM -0500, Ólafur Guðmundsson /DNSEXT chair wrote: > All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 > (updated > by RFC 4879). We, the chairs, draw to your attention the above change to the policies historically governing IETF contributions. The rules under RFC 5378 are different from the rights in contributions rules under which we have been working. We urge that participants in the working group read RFC 5378 before making any contribution. RFC 5378 makes claims about what agreements individuals are deemed to have made by virtue of their actions. We urge participants to determine whether they fall into the class of such individuals. We also draw to your attention the Non-Exclusive License agreement that the IETF Trust has on its web pages: http://trustee.ietf.org/docs/Contributor_Non-Exclusive_License_RFC5378.pdf. If you have ever contributed to the Working Group, we ask you to sign that agreement and returned it to the IETF Trust. We think "contributed" means any contribution of any kind: posting to the mailing list, speaking at the mic or even in the hallways to others at IETF meetings about Working Group topics, or anything else. It is not restricted to being author of text included in a published RFC. RFC 5378 defines "Contribution" this way: a. "Contribution": any submission to the IETF intended by the Contributor for publication as all or part of an Internet-Draft or RFC (except for RFC Editor Contributions described in Section 4 below) and any statement made within the context of an IETF activity. Such statements include oral statements in IETF sessions as well as written and electronic communications, made at any time or place, that are addressed to: o the IETF plenary session, o any IETF working group or portion thereof, o any Birds of a Feather (BOF) session, o the IESG, or any member thereof on behalf of the IESG, o the IAB, or any member thereof on behalf of the IAB, o any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, o the RFC Editor or the Internet-Drafts function (except for RFC Editor Contributions, as described in Section 4 below). Statements made outside of an IETF session, mailing list, or other function, that are clearly not intended to be input to an IETF activity, group, or function are not IETF Contributions in the context of this document. b. "Contributor": an individual submitting a Contribution. RFC 5378 also requires Contributors (in the meaning of the document) to agree that they have received the necessary permissions on everything in their Contribution from anyone else with a right in any of that Contribution. (This is an imprecise way of saying it, and you are encouraged to consult RFC 5378 for the specifics.) In this working group, we deal with a protocol that has a long history, and with lots of old text. The most practical way for Contributors to be able to assert that their Contribution can all be covered by RFC 5378 is if such Contributors can prove that anything in a Contribution has already been covered by RFC 5378. So, refusing to sign does not affect anything you say or do in the context of the working group henceforth, but we think it will make easier the task of incorporating old text in newer documents. It is possible that the IESG will adopt a different procedure in the future, and that the rules will change. Unless and until that happens, however, we believe it would be of benefit to your colleagues (both in this working group and across the IETF) if you were willing to sign the IETF Trust Non-exclusive License agreement. Once it is signed, it can be sent to IETF Trust 1775 Wiehle Ave Reston, VA 201905108 c/o IETF Administrative Director Facsimile: 703.326.9881 The IAD has also stated (in http://www.ietf.org/mail-archive/web/ietf/current/msg54646.html) that he's willing to take signed PDFs by email (<iad@ietf.org>). We note in passing that we chairs have both signed the agreement. In closing, we also remind participants that the new IETF policies are not the output of this working group, and that this working group is not really the right venue to comment on whether the IETF policy is the right one. We also do not have the expertise to determine whether the chairs are right to think that everyone signing the agreement will be the best answer for the working group. Since we chairs aren't lawyers, we don't really know; but it looks like the best answer to us. Because of this, we ask that participants refrain from debating the merits of the IETF policy or the agreement on the working group list. It is of course appropriate to discuss the operation of the working group and the behaviour of the chairs, but please keep in mind that we are merely making a request based on our best judgement, and not making claims of fact about what is or is not covered under the new rules. Participants will have to decide for themselves whether they should sign the agreement, and their own determinations as to whether they meet the definition of Contributor of RFC 5378, and the terms governing such Contributions. Best regards, Ólafur and Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 10:48:26 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 95C923A68A2; Fri, 19 Dec 2008 10:48:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.372 X-Spam-Level: X-Spam-Status: No, score=-0.372 tagged_above=-999 required=5 tests=[AWL=-0.772, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ftGgLjmLOTbP; Fri, 19 Dec 2008 10:48:26 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C69473A684A; Fri, 19 Dec 2008 10:48:25 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDkKP-000OSQ-Vb for namedroppers-data0@psg.com; Fri, 19 Dec 2008 18:44:01 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LDkKL-000OS2-7C for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 18:43:59 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 397432FE964B for <namedroppers@ops.ietf.org>; Fri, 19 Dec 2008 18:43:56 +0000 (UTC) Date: Fri, 19 Dec 2008 13:43:54 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: Re: Some remarks about new governing rules (Re: [dnsext] DNSEXT List Policy) Message-ID: <20081219184354.GE4592@shinkuro.com> References: <200812191630.mBJGU16j096647@stora.ogud.com> <20081219182436.GA4592@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081219182436.GA4592@shinkuro.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, On Fri, Dec 19, 2008 at 01:24:36PM -0500, Andrew Sullivan wrote: > We also draw to your attention the Non-Exclusive License agreement > that the IETF Trust has on its web pages: > http://trustee.ietf.org/docs/Contributor_Non-Exclusive_License_RFC5378.pdf. Apparently, we spoke too soon. The IAD has just posted a message that the above form has been taken down, and that something new is apparently on its way. Best regards, Andrew (for the Chairs) -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 13:20:28 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 021D828C0E8; Fri, 19 Dec 2008 13:20:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.958 X-Spam-Level: * X-Spam-Status: No, score=1.958 tagged_above=-999 required=5 tests=[AWL=-0.292, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, GB_I_LETTER=-2, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQW2LogxJkMY; Fri, 19 Dec 2008 13:20:27 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id F18C23A69FC; Fri, 19 Dec 2008 13:20:26 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDmeS-000B6s-CJ for namedroppers-data0@psg.com; Fri, 19 Dec 2008 21:12:52 +0000 Received: from [213.178.172.147] (helo=WOTAN.TR-Sys.de) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <A.Hoenes@tr-sys.de>) id 1LDmeM-000B6B-6j for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 21:12:49 +0000 Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA065291063; Fri, 19 Dec 2008 22:11:03 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id WAA10038; Fri, 19 Dec 2008 22:11:02 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= <ah@tr-sys.de> Message-Id: <200812192111.WAA10038@TR-Sys.de> Subject: Re: [dnsext] EDNS0 options open issues To: ogud@ogud.com Date: Fri, 19 Dec 2008 22:11:02 +0100 (MEZ) Cc: namedroppers@ops.ietf.org X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Folks, I try to revive an almost non-existing discussion Olafur had started. At Thu, 20 Nov 2008 08:04:14 -0500 , <ogud@ogud.com> wrote: > ... > > Q1: How do we mark Ignorable vs Required options ? > (see Section 4.4.2 of EDNS0-bis) > The possibilities include: > a) - Continue to define all options as ignorable > b) - Set an ENDS0 flag (affects all options in message) > c) - define a range of option numbers for required options > d) - steal a bit from the option number to be set when > support for that option is required by recipient. [letter tags added above for reference below -- A.H.] > Q1-1: If we allow required options does that mean we need to go to > a new EDNS version number? > > Q2: We are starting to see requests for EDNS options that are > mostly "local scope" for MDNS/Bonjour should these be treated > differently? > > Q3: What should the registration criteria for new ENDS0 Options be? > Currently it is Standards track. RRtypes are Expert review. > (Section 7 of ENDS0-bis) > > Feel free to add more open questions. > > Olafur (A) Starting with the last point ... Looking at other protocols with related issues, an additional dimension for splitting the option number space might be the 'transparency' behavior: One idea for Forgery_Resilience++ was an EDNS0 option (containing additional entropy) to be echoed by the DNS server in the response unchanged. Other applications where some state/cookie information would be needed back by the querier can be envisioned. To allow the introduction of such options in the future without causing the need to update DNS server software in such case, a 'transparently pass back' flag bit could be defined. Combined with 'Ignorable'/'Required', this would split the EDNS option space into 4 distinct classes. (B) Back to the original questions Q1) I'm in favor of d) -- this method should be easy to implement and there are a couple of precedents for doing so (various Routing, Signaling, and AAA protocols, among others) -- and do d) again for the proposal above, if accepted. b) is inflexible and IMO not worth the effort. c) is comprised in d) but -- in its general form -- more complicated. Q1-1) IMO, introduction of this classification deserves a clear cut, i.e., one-shot inrement in the EDNS version. Otherwise, backwards compatibility issues will like cause a nightmare for protocol design and implementers. Support of any new EDNS option in a resolver needs an update of the resolver software anyway; thus, requiring this single step will not be detrimental for resolver software. For server software, support of new behavior will necessitate an update for new 'Required' options anyway; thus the same arguments apply in this case. The more 'generic' behavior can be defined (cf. (A) above), the more useful will be (the first) such update even for other option class(es). Q2) The underlying hypothesis for this question seems to be questionable. Independently, I do not see a specific need to make that distinction now. (PoV might have to be reconsidered if use case come up demonstrating real need.) Q3) This question should be addressed when the new framework is defined and has sufficient consensus to proceed. I.e., if the consensus for Q1 ends up with answer a), that indeed should happen soon, but I expect that this will not be the case. Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 14:12:51 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4082C28C130; Fri, 19 Dec 2008 14:12:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.977 X-Spam-Level: ** X-Spam-Status: No, score=2.977 tagged_above=-999 required=5 tests=[AWL=-1.273, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KCngF1mxWyh5; Fri, 19 Dec 2008 14:12:50 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 524D428C0EE; Fri, 19 Dec 2008 14:12:50 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDnVm-000Ebs-AB for namedroppers-data0@psg.com; Fri, 19 Dec 2008 22:07:58 +0000 Received: from [213.178.172.147] (helo=WOTAN.TR-Sys.de) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <A.Hoenes@tr-sys.de>) id 1LDnVc-000Eb9-My for namedroppers@ops.ietf.org; Fri, 19 Dec 2008 22:07:52 +0000 Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA065514372; Fri, 19 Dec 2008 23:06:13 +0100 Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id XAA10140; Fri, 19 Dec 2008 23:06:12 +0100 (MEZ) From: Alfred =?hp-roman8?B?SM5uZXM=?= <ah@tr-sys.de> Message-Id: <200812192206.XAA10140@TR-Sys.de> Subject: [dnsext] RFC 5378, the IETF Trust, and consequences on DNSEXT To: namedroppers@ops.ietf.org Date: Fri, 19 Dec 2008 23:06:12 +0100 (MEZ) X-Mailer: ELM [$Revision: 1.17.214.3 $] Mime-Version: 1.0 Content-Type: text/plain; charset=hp-roman8 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Folks, if you are not (yet) aware of the legal mess that has come over us ... It looks like the unexpected exegesis of the text in RFC 5378 -- unexpected even to its authors and IPR WG participants -- now executed by the IETF Trust might have severe consequences for all future maintenance work on DNS as well. There is a lengthy thread on the IETF main list -- too annoying (at least for me) to follow in detail. However, if you want to quickly get a rough idea of what's going on, I recommend reading John C Klensin's recent posting to the ietf-smtp mailing list regarding future work on another 'old' protocol, SMTP, archived at: <http://www.imc.org/ietf-smtp/mail-archive/msg05398.html> If these issues cannot be resolved in a manner the IETF is/was used to operate over decades, I fear that the BCP 78 update might severely impede all future work in the IETF on preexisting protocols, and it looks like this turns into a giant economic stimulus program for attorneys and legal/IPR advisors. :-( Kind regards, Alfred. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Fri Dec 19 20:39:59 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA24E3A68C1; Fri, 19 Dec 2008 20:39:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.599 X-Spam-Level: X-Spam-Status: No, score=0.599 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4IJ42CZ3qaV; Fri, 19 Dec 2008 20:39:57 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8916C3A676A; Fri, 19 Dec 2008 20:39:55 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LDtVc-000Aw3-7q for namedroppers-data0@psg.com; Sat, 20 Dec 2008 04:32:12 +0000 Received: from [209.86.89.66] (helo=elasmtp-spurfowl.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDtVW-000AvO-R2 for namedroppers@ops.ietf.org; Sat, 20 Dec 2008 04:32:09 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=F8Empr/zENAvqMpdFXaK/wYlGzjYuQsCCX8fndOm/5sToPncG9Xyt7hKqKmJbSys; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.100.123] (helo=ix.netcom.com) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LDtVS-00085F-55; Fri, 19 Dec 2008 23:32:03 -0500 Message-ID: <494B3D9D.2F2D0BE3@ix.netcom.com> Date: Thu, 18 Dec 2008 22:22:22 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Sullivan <ajs@shinkuro.com> CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> <20081219152539.GC3792@shinkuro.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688890a2dd87f2d23c8e9ebe8a5a2c1cba4350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.100.123 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Andrew and all Ok, and much clearer thank you. Maybe the RRTYPE conditions need review, or revision, I'll do my own review of that myself, which I haven't done in awhile. Glad to now hear/read that there actually was a review under ASSET. That wasn't clear before regarding the requester. My understanding was that the requester did not respond to questions regarding their request and thus the request was rejected on that basis. So what was the actual reason the request was rejected after the review, do you happen to know? Andrew Sullivan wrote: > Hi, > > On Wed, Dec 17, 2008 at 05:33:01PM -0800, Jeffrey A. Williams wrote: > > Andrew and all, > > > > So than essentially the rejection is due to lack of a review. > > That's ok, but weak. Perhaps keeping this "On Hold" would > > have been a better decision? > > Do you mean for the case of the request for NEGATIVE, or the request > for ASSET? > > If the former, no, it was not for lack of review, but in fact due to > an explicit request on the part of the original requester, which came > out of comments posted by people who had reviewed the request. > > If the latter, then it was also not for lack of review; rather, it was > due to the review uncovering that the request did not meet the > conditions for RRTYPE assignment under the expert review procedure. > > Note that there is no "on hold" status. Because we were early in the > application of these procedures, and because RFC 5395 had not yet > actually been published, it seemed ok to me to be a little more > cautious, which translated into taking longer than the procedures > officially allow. But the RFC is quite clear that the public comment > period is between 3 and 6 weeks, after which the expert is supposed to > render its decision fairly quickly. If the expert does not promptly > render a decision, IANA is directed to mark the request rejected, so > the procedure defaults to "no". My note was really just a formal > recognition of that state of affairs. > > There isn't anything that prevents people from submitting a new > request that is substantially the same, while having addressed the > remarks. > > Also, please remember that the RFC 5395 procedures are supposed to > be low-barrier RRTYPE assignments for relatively uncontroversial > cases. If you need an RRTYPE assignment that requires special care, > unusual rules, or anything of that sort, then the right thing to do is > RRTYPE assignment by standards action; this requires deeper review, > because the last call mechanism is used and consensus has to be > declared. Expert review doesn't depend on those things; on the other > hand, it is more likely to result in rejection if there is anything > slightly unusual about the request. > > Is that clearer? > > A > > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From koonce4@alltel.net Sat Dec 20 00:00:58 2008 Return-Path: <koonce4@alltel.net> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CB573A68EB for <ietfarch-dnsext-archive@core3.amsl.com>; Sat, 20 Dec 2008 00:00:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -21.174 X-Spam-Level: X-Spam-Status: No, score=-21.174 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbExatR2sjrX for <ietfarch-dnsext-archive@core3.amsl.com>; Sat, 20 Dec 2008 00:00:57 -0800 (PST) Received: from dyn.casa1-25-233-12-196.wanamaroc.com (dyn.casa1-25-233-12-196.wanamaroc.com [196.12.233.25]) by core3.amsl.com (Postfix) with SMTP id 437A23A6862 for <dnsext-archive@ietf.org>; Sat, 20 Dec 2008 00:00:55 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Discount price store: ID 03884 From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081220080056.437A23A6862@core3.amsl.com> Date: Sat, 20 Dec 2008 00:00:55 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=Windows-1252"> </HEAD> <BODY>Dear Customer!<br> Lovers package at discount price!<br> Discount price store: ID 36538<br> <a href="http://keepbasic.com/">http://keepbasic.com/</a><br><br> Pfizer is a licensee of the TRUSTe Privacy Program.<br> © 2001-2008 Pfizer Inc. All rights reserved.</BODY></HTML> From owner-namedroppers@ops.ietf.org Sat Dec 20 13:30:36 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6B823A6922; Sat, 20 Dec 2008 13:30:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.4 X-Spam-Level: X-Spam-Status: No, score=0.4 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oW4cZsYrclHs; Sat, 20 Dec 2008 13:30:35 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A35663A6781; Sat, 20 Dec 2008 13:30:35 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LE9H2-000FPA-MZ for namedroppers-data0@psg.com; Sat, 20 Dec 2008 21:22:12 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LE9Gx-000FOl-9P for namedroppers@ops.ietf.org; Sat, 20 Dec 2008 21:22:10 +0000 Received: from [10.140.167.173] (unknown [24.114.233.10]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id A034B2FE964B; Sat, 20 Dec 2008 21:21:58 +0000 (UTC) From: Andrew Sullivan <ajs@shinkuro.com> To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> In-Reply-To: <494B3D9D.2F2D0BE3@ix.netcom.com> X-Mailer: iPhone Mail (5G77) Subject: Re: [dnsext] Re: ASSET and NEGATIVE RRTYPE requests References: <20081218162840.GN1337@crankycanuck.ca> <20081218162150.GK1337@shinkuro.com> <20081218173545.GD1475@dul1mcmlarson-l1.labs.vrsn.com> <20081218180428.GR1337@shinkuro.com> <4949A84D.BCFDB9E0@ix.netcom.com> <20081219152539.GC3792@shinkuro.com> <494B3D9D.2F2D0BE3@ix.netcom.com> Message-Id: <C015232E-512F-44EB-BDA2-B7C03D5A7CA7@shinkuro.com> Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (iPhone Mail 5G77) Date: Sat, 20 Dec 2008 16:21:47 -0500 Cc: "namedroppers@ops.ietf.org" <namedroppers@ops.ietf.org> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Please re-read my original explanation. Best, Andrew Sullivan ajs@shinkuro.com On 19-Dec-08, at 1:22, "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> wrote: > Andrew and all > > Ok, and much clearer thank you. Maybe the RRTYPE conditions > need review, or revision, I'll do my own review of that myself, which > I haven't done in awhile. > > Glad to now hear/read that there actually was a review under ASSET. > That wasn't clear before regarding the requester. My understanding > was that the requester did not respond to questions regarding their > request and thus the request was rejected on that basis. So what > was the actual reason the request was rejected after the review, do > you happen to know? > > Andrew Sullivan wrote: > >> Hi, >> >> On Wed, Dec 17, 2008 at 05:33:01PM -0800, Jeffrey A. Williams wrote: >>> Andrew and all, >>> >>> So than essentially the rejection is due to lack of a review. >>> That's ok, but weak. Perhaps keeping this "On Hold" would >>> have been a better decision? >> >> Do you mean for the case of the request for NEGATIVE, or the request >> for ASSET? >> >> If the former, no, it was not for lack of review, but in fact due to >> an explicit request on the part of the original requester, which came >> out of comments posted by people who had reviewed the request. >> >> If the latter, then it was also not for lack of review; rather, it >> was >> due to the review uncovering that the request did not meet the >> conditions for RRTYPE assignment under the expert review procedure. >> >> Note that there is no "on hold" status. Because we were early in the >> application of these procedures, and because RFC 5395 had not yet >> actually been published, it seemed ok to me to be a little more >> cautious, which translated into taking longer than the procedures >> officially allow. But the RFC is quite clear that the public comment >> period is between 3 and 6 weeks, after which the expert is supposed >> to >> render its decision fairly quickly. If the expert does not promptly >> render a decision, IANA is directed to mark the request rejected, so >> the procedure defaults to "no". My note was really just a formal >> recognition of that state of affairs. >> >> There isn't anything that prevents people from submitting a new >> request that is substantially the same, while having addressed the >> remarks. >> >> Also, please remember that the RFC 5395 procedures are supposed to >> be low-barrier RRTYPE assignments for relatively uncontroversial >> cases. If you need an RRTYPE assignment that requires special care, >> unusual rules, or anything of that sort, then the right thing to do >> is >> RRTYPE assignment by standards action; this requires deeper review, >> because the last call mechanism is used and consensus has to be >> declared. Expert review doesn't depend on those things; on the other >> hand, it is more likely to result in rejection if there is anything >> slightly unusual about the request. >> >> Is that clearer? >> >> A >> >> -- >> Andrew Sullivan >> ajs@shinkuro.com >> Shinkuro, Inc. >> >> -- >> to unsubscribe send a message to namedroppers-request@ops.ietf.org >> with >> the word 'unsubscribe' in a single line as the message text body. >> archive: <http://ops.ietf.org/lists/namedroppers/> > > Regards, > > Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) > "Obedience of the law is the greatest freedom" - > Abraham Lincoln > "YES WE CAN!" Barack ( Berry ) Obama > > "Credit should go with the performance of duty and not with what is > very often the accident of glory" - Theodore Roosevelt > > "If the probability be called P; the injury, L; and the burden, B; > liability depends upon whether B is less than L multiplied by > P: i.e., whether B is less than PL." > United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] > =============================================================== > Updated 1/26/04 > CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. > div. of Information Network Eng. INEG. INC. > ABA member in good standing member ID 01257402 E-Mail > jwkckid1@ix.netcom.com > My Phone: 214-244-4827 > > > > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org > with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From mcneil@ags.school.nz Sun Dec 21 03:04:34 2008 Return-Path: <mcneil@ags.school.nz> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7084A3A68DE for <ietfarch-dnsext-archive@core3.amsl.com>; Sun, 21 Dec 2008 03:04:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.208 X-Spam-Level: X-Spam-Status: No, score=-22.208 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id weH5JG3dK+bv for <ietfarch-dnsext-archive@core3.amsl.com>; Sun, 21 Dec 2008 03:04:33 -0800 (PST) Received: from pool-72-89-85-207.nycmny.fios.verizon.net (pool-72-89-85-207.nycmny.fios.verizon.net [72.89.85.207]) by core3.amsl.com (Postfix) with SMTP id F1CDD3A68B5 for <dnsext-archive@ietf.org>; Sun, 21 Dec 2008 03:04:32 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Here you'll find a very useful health care info From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081221110432.F1CDD3A68B5@core3.amsl.com> Date: Sun, 21 Dec 2008 03:04:32 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY><a href="http://hugesix.com/" target="_blank"> <img src="http://hugesix.com/verty56.jpg" border=0 alt="Enjoy the convenience of having your treatments delivered directly to your door!"></a></BODY></HTML> From maycatriona.may@aerarann.com Mon Dec 22 00:54:12 2008 Return-Path: <maycatriona.may@aerarann.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 83D143A686C for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 22 Dec 2008 00:54:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.565 X-Spam-Level: X-Spam-Status: No, score=-13.565 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GOkO13aVv5Ih for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 22 Dec 2008 00:54:06 -0800 (PST) Received: from athedsl-4372154.home.otenet.gr (athedsl-4372154.home.otenet.gr [79.130.38.170]) by core3.amsl.com (Postfix) with SMTP id 3D7A13A68D5 for <dnsext-archive@ietf.org>; Mon, 22 Dec 2008 00:54:03 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Swanky items for your impeccable style! From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081222085405.3D7A13A68D5@core3.amsl.com> Date: Mon, 22 Dec 2008 00:54:03 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=Windows-1252"> </HEAD> <BODY><a href="http://oncetell.com/" target="_blank"> <img src="http://images.oncetell.com/summer2008_sale.gif" border=0 alt="Feel yourself like in bed of roses with this elegant jewelry!"></a></BODY></HTML> From marasullivanmercator@amicitia-reizen.nl Mon Dec 22 11:50:51 2008 Return-Path: <marasullivanmercator@amicitia-reizen.nl> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0937F3A68CE for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 22 Dec 2008 11:50:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.869 X-Spam-Level: X-Spam-Status: No, score=-7.869 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_CHARTER=2.175, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HOST_EQ_CHARTER=1.295, HOST_EQ_DHCP=1.295, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGFwEKipwUeO for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 22 Dec 2008 11:50:45 -0800 (PST) Received: from 75-136-129-043.dhcp.gnvl.sc.charter.com (75-136-129-043.dhcp.gnvl.sc.charter.com [75.136.129.43]) by core3.amsl.com (Postfix) with SMTP id 9211C3A6917 for <dnsext-archive@ietf.org>; Mon, 22 Dec 2008 11:50:43 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Can't find you, darling From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081222195044.9211C3A6917@core3.amsl.com> Date: Mon, 22 Dec 2008 11:50:43 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=Windows-1252"> </HEAD> <BODY><a href="http://locateinstant.com/" target="_blank"> <img src="http://locateinstant.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From ljohnson@alternativeclaims.com Tue Dec 23 04:32:28 2008 Return-Path: <ljohnson@alternativeclaims.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2551128C159 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 04:32:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.545 X-Spam-Level: X-Spam-Status: No, score=-30.545 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DYNAMIC=1.144, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_SBL=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COK+HWl58qn2 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 04:32:26 -0800 (PST) Received: from h196.108.130.174.dynamic.ip.windstream.net (h196.108.130.174.dynamic.ip.windstream.net [174.130.108.196]) by core3.amsl.com (Postfix) with SMTP id 0089D3A6B07 for <dnsext-archive@ietf.org>; Tue, 23 Dec 2008 04:32:25 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: The last step to your ultimate happiness From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081223123226.0089D3A6B07@core3.amsl.com> Date: Tue, 23 Dec 2008 04:32:25 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> </HEAD> <BODY><a href="http://truetill.com/" target="_blank"> <img src="http://images.truetill.com/pe1.jpg" border=0 alt="Make it get bigger, go for it!"></a></BODY></HTML> From owner-namedroppers@ops.ietf.org Tue Dec 23 08:08:42 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 598363A6801; Tue, 23 Dec 2008 08:08:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.346 X-Spam-Level: X-Spam-Status: No, score=-0.346 tagged_above=-999 required=5 tests=[AWL=-0.746, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hEb0H800IBXM; Tue, 23 Dec 2008 08:08:41 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 814863A67F5; Tue, 23 Dec 2008 08:08:41 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LF9gU-0003EC-Qk for namedroppers-data0@psg.com; Tue, 23 Dec 2008 16:00:38 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LF9gP-0003Dl-RT for namedroppers@ops.ietf.org; Tue, 23 Dec 2008 16:00:36 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 74D662FE964B for <namedroppers@ops.ietf.org>; Tue, 23 Dec 2008 16:00:32 +0000 (UTC) Date: Tue, 23 Dec 2008 11:00:30 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: [dnsext] San Francisco IETF meeting Message-ID: <20081223160030.GD9869@shinkuro.com> Reply-To: dnsext-chairs@tools.ietf.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, The request period for meeting slots for the IETF meeting in San Francisco is open. As far as we are aware, there is currently no open working group business that would warrant a meeting slot. Therefore, we are currently planning _not_ to request a meeting slot. If you have business you think needs time in a meeting, please propose it to us as soon as possible. You can send your proposal to dnsext-chairs@tools.ietf.org. Please note that we will not consider scheduling a meeting to discuss any topic for which there is no existing draft, or about which there has been no discussion on the mailing list. Best regards, Andrew and Olafur -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From lxivxddj@amb.com Tue Dec 23 14:28:44 2008 Return-Path: <lxivxddj@amb.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21A6528C190 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 14:28:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.266 X-Spam-Level: X-Spam-Status: No, score=-22.266 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NAGocK6MtJDc for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 14:28:43 -0800 (PST) Received: from allianz.es (unknown [85.96.79.244]) by core3.amsl.com (Postfix) with SMTP id 4B5B028C18C for <dnsext-archive@ietf.org>; Tue, 23 Dec 2008 14:28:41 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Where are you, man? From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081223222842.4B5B028C18C@core3.amsl.com> Date: Tue, 23 Dec 2008 14:28:41 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=Windows-1252"> </HEAD> <BODY><a href="http://slipintegrity.com/" target="_blank"> <img src="http://slipintegrity.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From mmsmith1@alston.com Tue Dec 23 15:08:31 2008 Return-Path: <mmsmith1@alston.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C0C33A6B31 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 15:08:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -28.712 X-Spam-Level: X-Spam-Status: No, score=-28.712 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qw6j6QiHN-h8 for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 23 Dec 2008 15:08:31 -0800 (PST) Received: from rrcs-71-43-189-2.se.biz.rr.com (rrcs-71-43-189-2.se.biz.rr.com [71.43.189.2]) by core3.amsl.com (Postfix) with SMTP id 8C8063A67F2 for <dnsext-archive@ietf.org>; Tue, 23 Dec 2008 15:08:30 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: I need you, urgently! From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081223230830.8C8063A67F2@core3.amsl.com> Date: Tue, 23 Dec 2008 15:08:30 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY><a href="http://integritymotion.com/" target="_blank"> <img src="http://integritymotion.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From owner-namedroppers@ops.ietf.org Wed Dec 24 12:44:12 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 597ED3A6846; Wed, 24 Dec 2008 12:44:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.347 X-Spam-Level: X-Spam-Status: No, score=-0.347 tagged_above=-999 required=5 tests=[AWL=-0.747, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xT2g1igFVWNE; Wed, 24 Dec 2008 12:44:11 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6DF273A682A; Wed, 24 Dec 2008 12:44:11 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LFaS8-000MCA-7L for namedroppers-data0@psg.com; Wed, 24 Dec 2008 20:35:36 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LFaS3-000MBb-E0 for namedroppers@ops.ietf.org; Wed, 24 Dec 2008 20:35:33 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 39C142FE97EB; Wed, 24 Dec 2008 20:35:27 +0000 (UTC) Date: Wed, 24 Dec 2008 15:35:25 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Cc: dns-rrtype-applications@ietf.org Subject: [dnsext] [IANA #206165] Resut of expert review for RRTYPE request: ZS (NINFO) Message-ID: <20081224203525.GA27296@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, Jim Reid submitted a request for a DNS RRTYPE parameter assignment on 2008-11-17 under the terms of RFC 5395. The requested mnemonic was "ZS". Having confirmed the correctness of the template, I posted the completed template to the namedroppers@ops.ietf.org list on 2008-11-21. You can find that posting at http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02237.html. That posting began a three week comment period. In that posting, I noted that all the experts in the pool would work on this request, in minor variance to the RFC, in an effort to increase the experience with the procedures. I anticipate that will change in future. Several comments were posted. In light of the comments, Jim Reid requested that the mnemonic be adjusted to NI or NINFO. The experts find that the request is entirely in keeping with section 3.1.2 of RFC 5395, and therefore the requested RRTYPE assignment is accepted. Because the requester gave us leeway during the comment period in deciding the mnemonic, we have decided that NINFO should be the mnemonic. There were several substantive comments on the draft draft-reid-dnsext-zs-01.txt. We encourage the continued work on that draft, but the comments did not affect our determination about the conformance of the request to section 3.1.2 of RFC 5395. We thank participants on the namedroppers list for their review and comments. Best regards, Andrew (for the experts) -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 24 15:09:39 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 909223A691A; Wed, 24 Dec 2008 15:09:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.347 X-Spam-Level: X-Spam-Status: No, score=-0.347 tagged_above=-999 required=5 tests=[AWL=-0.747, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBvp3HGJ2Veh; Wed, 24 Dec 2008 15:09:38 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 9299E3A679F; Wed, 24 Dec 2008 15:09:38 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LFcl1-0004ee-96 for namedroppers-data0@psg.com; Wed, 24 Dec 2008 23:03:15 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LFckv-0004eM-3c for namedroppers@ops.ietf.org; Wed, 24 Dec 2008 23:03:12 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 03D442FE97EB; Wed, 24 Dec 2008 23:03:07 +0000 (UTC) Date: Wed, 24 Dec 2008 18:03:06 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Cc: dns-rrtype-applications@ietf.org Subject: [dnsext] [dns-rrtype-applications] [IANA #206166] Resut of expert review for RRTYPE request: RKEY Message-ID: <20081224230306.GB27296@shinkuro.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline List-Id: List to send new DNS RRtype template applications <dns-rrtype-applications.ietf.org> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Dear colleagues, Jim Reid submitted a request for a DNS RRTYPE parameter assignment on 2008-11-17 under the terms of RFC 5395. The requested mnemonic was "RKEY". Having confirmed the correctness of the template, I posted the completed template to the namedroppers@ops.ietf.org list on 2008-11-21. You can find that posting at http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02238.html. That posting began a three week comment period. In that posting, I noted that all the experts in the pool would work on this request, in minor variance to the RFC, in an effort to increase the experience with the procedures. I anticipate that will change in future. Several comments were posted. The experts find that the request is entirely in keeping with section 3.1.2 of RFC 5395, and therefore the requested RRTYPE assignment is accepted. There were several substantive comments on the draft draft-reid-dnsext-rkey-00.txt. We encourage the continued work on that draft, but the substantive comments did not affect our determination about the conformance of the request to section 3.1.2 of RFC 5395. We thank participants on the namedroppers list for their review and comments. Best regards, Andrew (for the experts) -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 24 15:47:43 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0283C3A697E; Wed, 24 Dec 2008 15:47:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.432 X-Spam-Level: X-Spam-Status: No, score=0.432 tagged_above=-999 required=5 tests=[AWL=-0.123, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbFT6Yj8dKNh; Wed, 24 Dec 2008 15:47:42 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 11E5A3A679F; Wed, 24 Dec 2008 15:47:42 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LFdLO-0006oo-5X for namedroppers-data0@psg.com; Wed, 24 Dec 2008 23:40:50 +0000 Received: from [209.86.89.67] (helo=elasmtp-scoter.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LFdLJ-0006oG-3g for namedroppers@ops.ietf.org; Wed, 24 Dec 2008 23:40:47 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=ODlnG+8pIgFL2Gg6okKLOmX+VIeBumspHkEhzHdcW0io632CgVbdNgmvuuN0UuA6; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.103.176] (helo=ix.netcom.com) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LFdLH-00023e-E0; Wed, 24 Dec 2008 18:40:44 -0500 Message-ID: <495190D7.58895AE1@ix.netcom.com> Date: Tue, 23 Dec 2008 17:31:04 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Sullivan <ajs@shinkuro.com> CC: namedroppers@ops.ietf.org, dns-rrtype-applications@ietf.org Subject: Re: [dnsext] [IANA #206165] Resut of expert review for RRTYPE request: ZS(NINFO) References: <20081224203525.GA27296@shinkuro.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e5196068837aabe69bfc5238d35d4865e9d2ebbb1350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.103.176 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Andrew and all, Thanks expert! But isn't this kinda like shutting the barn door after all the horse's are out? Than perhaps that's the process? Andrew Sullivan wrote: > Dear colleagues, > > Jim Reid submitted a request for a DNS RRTYPE parameter assignment > on 2008-11-17 under the terms of RFC 5395. The requested mnemonic was > "ZS". > > Having confirmed the correctness of the template, I posted the > completed template to the namedroppers@ops.ietf.org list on > 2008-11-21. You can find that posting at > http://ops.ietf.org/lists/namedroppers/namedroppers.2008/msg02237.html. > That posting began a three week comment period. In that posting, I > noted that all the experts in the pool would work on this request, in > minor variance to the RFC, in an effort to increase the experience > with the procedures. I anticipate that will change in future. > > Several comments were posted. In light of the comments, Jim Reid > requested that the mnemonic be adjusted to NI or NINFO. > > The experts find that the request is entirely in keeping with section > 3.1.2 of RFC 5395, and therefore the requested RRTYPE assignment is > accepted. Because the requester gave us leeway during the comment > period in deciding the mnemonic, we have decided that NINFO should be > the mnemonic. > > There were several substantive comments on the draft > draft-reid-dnsext-zs-01.txt. We encourage the continued work on that > draft, but the comments did not affect our determination about the > conformance of the request to section 3.1.2 of RFC 5395. > > We thank participants on the namedroppers list for their review and > comments. > > Best regards, > > Andrew (for the experts) > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 24 20:27:02 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD4903A682F; Wed, 24 Dec 2008 20:27:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.325 X-Spam-Level: X-Spam-Status: No, score=-0.325 tagged_above=-999 required=5 tests=[AWL=-0.725, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8Ks8EjBgzmt; Wed, 24 Dec 2008 20:26:58 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C313D3A679C; Wed, 24 Dec 2008 20:26:57 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LFhg8-000Lnh-Jc for namedroppers-data0@psg.com; Thu, 25 Dec 2008 04:18:32 +0000 Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1LFhg3-000LnM-LD for namedroppers@ops.ietf.org; Thu, 25 Dec 2008 04:18:30 +0000 Received: from crankycanuck.ca (CPE00212980eb9c-CM001adea9c5a6.cpe.net.cable.rogers.com [99.236.217.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 366F12FE97EB for <namedroppers@ops.ietf.org>; Thu, 25 Dec 2008 04:18:24 +0000 (UTC) Date: Wed, 24 Dec 2008 23:18:21 -0500 From: Andrew Sullivan <ajs@shinkuro.com> To: namedroppers@ops.ietf.org Subject: Re: [dnsext] [IANA #206165] Resut of expert review for RRTYPE request: ZS(NINFO) Message-ID: <20081225041821.GC27296@shinkuro.com> References: <20081224203525.GA27296@shinkuro.com> <495190D7.58895AE1@ix.netcom.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <495190D7.58895AE1@ix.netcom.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> On Tue, Dec 23, 2008 at 05:31:04PM -0800, Jeffrey A. Williams wrote: > Andrew and all, > > Thanks expert! But isn't this kinda like shutting the barn door > after all the horse's are out? Than perhaps that's the process? I confess I haven't the foggiest idea what the above means, but if you are unsure about this process, please read RFC 5395, which explains it in detail. Best regards, A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Wed Dec 24 23:46:24 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B5F83A67F7; Wed, 24 Dec 2008 23:46:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.447 X-Spam-Level: X-Spam-Status: No, score=0.447 tagged_above=-999 required=5 tests=[AWL=-0.108, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNiZlfF9-YEG; Wed, 24 Dec 2008 23:46:23 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4D5813A63D2; Wed, 24 Dec 2008 23:46:23 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LFkoh-0006Qi-54 for namedroppers-data0@psg.com; Thu, 25 Dec 2008 07:39:35 +0000 Received: from [209.86.89.70] (helo=elasmtp-banded.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1LFkoT-0006PU-Db for namedroppers@ops.ietf.org; Thu, 25 Dec 2008 07:39:32 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=dn2cezfTEZsex7z3YW5lLR9SDEPhbqCp+04ckz42N6mMmu/eDAQVGPJftLBCMuiW; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [4.227.98.80] (helo=ix.netcom.com) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1LFkoR-0003M0-Cf; Thu, 25 Dec 2008 02:39:20 -0500 Message-ID: <495200FD.74829D7F@ix.netcom.com> Date: Wed, 24 Dec 2008 01:29:33 -0800 From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Organization: IDNS and Spokesman for INEGroup X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Sullivan <ajs@shinkuro.com> CC: namedroppers@ops.ietf.org Subject: Re: [dnsext] [IANA #206165] Resut of expert review for RRTYPErequest: ZS(NINFO) References: <20081224203525.GA27296@shinkuro.com> <495190D7.58895AE1@ix.netcom.com> <20081225041821.GC27296@shinkuro.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688aabcb5aa271fa2afc88dbbea61f3272a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 4.227.98.80 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Andrew and all, Well I had before my below post already done what you are now suggesting. Thanks anyway. I am also sorry you are confused. My point was that your previous remarks gave me the impression that the action was after the fact or reactionary, rather than proactive in nature. Andrew Sullivan wrote: > On Tue, Dec 23, 2008 at 05:31:04PM -0800, Jeffrey A. Williams wrote: > > Andrew and all, > > > > Thanks expert! But isn't this kinda like shutting the barn door > > after all the horse's are out? Than perhaps that's the process? > > I confess I haven't the foggiest idea what the above means, but if you > are unsure about this process, please read RFC 5395, which explains it > in detail. > > Best regards, > > A > > -- > Andrew Sullivan > ajs@shinkuro.com > Shinkuro, Inc. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From majordomo@alshater.net Thu Dec 25 05:03:54 2008 Return-Path: <majordomo@alshater.net> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CA283A68AA for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 25 Dec 2008 05:03:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -39.551 X-Spam-Level: X-Spam-Status: No, score=-39.551 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLzQ1rzgkp4u for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 25 Dec 2008 05:03:53 -0800 (PST) Received: from host252-77-dynamic.20-87-r.retail.telecomitalia.it (host252-77-dynamic.20-87-r.retail.telecomitalia.it [87.20.77.252]) by core3.amsl.com (Postfix) with SMTP id 8EBE43A6774 for <dnsext-archive@ietf.org>; Thu, 25 Dec 2008 05:03:51 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Returned mail: unreachable recipients From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081225130352.8EBE43A6774@core3.amsl.com> Date: Thu, 25 Dec 2008 05:03:51 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> </HEAD> <BODY><a href="http://achievementrain.com/" target="_blank"> <img src="http://achievementrain.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From obite@agiliti.com Thu Dec 25 09:55:50 2008 Return-Path: <obite@agiliti.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D28E23A6A2F for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 25 Dec 2008 09:55:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -38.015 X-Spam-Level: X-Spam-Status: No, score=-38.015 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmmAxHmyT96G for <ietfarch-dnsext-archive@core3.amsl.com>; Thu, 25 Dec 2008 09:55:50 -0800 (PST) Received: from wifi2-traf1.networx-bg.com (wifi2-traf1.networx-bg.com [212.25.58.112]) by core3.amsl.com (Postfix) with SMTP id 228E23A6A20 for <dnsext-archive@ietf.org>; Thu, 25 Dec 2008 09:55:48 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Undelivered Mail Returned to Sender From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081225175549.228E23A6A20@core3.amsl.com> Date: Thu, 25 Dec 2008 09:55:48 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY><a href="http://independencenote.com/" target="_blank"> <img src="http://independencenote.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From oliverkendall@acsnet.net Fri Dec 26 11:38:56 2008 Return-Path: <oliverkendall@acsnet.net> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BDE323A69D8 for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 26 Dec 2008 11:38:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.867 X-Spam-Level: X-Spam-Status: No, score=-11.867 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvOg0YZM-9dr for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 26 Dec 2008 11:38:56 -0800 (PST) Received: from telemig.telemigcelular.com.br (telemig.telemigcelular.com.br [200.192.225.10]) by core3.amsl.com (Postfix) with SMTP id D2C823A67A1 for <dnsext-archive@ietf.org>; Fri, 26 Dec 2008 11:38:52 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Get it longer, fuller, and stronger! From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081226193854.D2C823A67A1@core3.amsl.com> Date: Fri, 26 Dec 2008 11:38:52 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1250"> </HEAD> <BODY><a href="http://clueside.com/" target="_blank"> <img src="http://images.clueside.com/peb1.jpg" border=0 alt="Go on, give it a try - you'll enjoy an amazing growth very soon!"></a></BODY></HTML> From nhwtpaggwstgj@abfallshop.de Fri Dec 26 22:40:01 2008 Return-Path: <nhwtpaggwstgj@abfallshop.de> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E8F93A68A9 for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 26 Dec 2008 22:40:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -43.09 X-Spam-Level: X-Spam-Status: No, score=-43.09 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ni8bDXU69JTv for <ietfarch-dnsext-archive@core3.amsl.com>; Fri, 26 Dec 2008 22:40:00 -0800 (PST) Received: from allaboutmoms.com (unknown [122.170.25.88]) by core3.amsl.com (Postfix) with SMTP id C87303A67AB for <dnsext-archive@ietf.org>; Fri, 26 Dec 2008 22:39:57 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Please confirm your message From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081227063958.C87303A67AB@core3.amsl.com> Date: Fri, 26 Dec 2008 22:39:57 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> </HEAD> <BODY><a href="http://reciprocityabove.com/" target="_blank"> <img src="http://reciprocityabove.com/8dvs9.jpg" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML> From datacell@movistar.net.ve Sat Dec 27 16:23:14 2008 Return-Path: <datacell@movistar.net.ve> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E106D3A68B3 for <ietfarch-dnsext-archive@core3.amsl.com>; Sat, 27 Dec 2008 16:23:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.946 X-Spam-Level: X-Spam-Status: No, score=-7.946 tagged_above=-999 required=5 tests=[BAYES_95=3, DATE_IN_PAST_03_06=0.044, FRT_BELOW2=2.154, INVALID_DATE=1.245, J_CHICKENPOX_42=0.6, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_NJABL_PROXY=1.643, SARE_SUB_CHEAP_SW=1.408, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P5tuH0B2gIFg for <ietfarch-dnsext-archive@core3.amsl.com>; Sat, 27 Dec 2008 16:23:14 -0800 (PST) Received: from mta04.t-net.net.ve (mta04.t-net.net.ve [200.35.64.122]) by core3.amsl.com (Postfix) with ESMTP id D7D573A689D for <dnsext-archive@lists.ietf.org>; Sat, 27 Dec 2008 16:23:12 -0800 (PST) Received: from WLL-38-pppoe165.t-net.net.ve (WLL-38-pppoe165.t-net.net.ve [200.31.152.165]) by mta04.t-net.net.ve (Postfix) with SMTP id 307FA659A for <dnsext-archive@lists.ietf.org>; Sat, 27 Dec 2008 19:52:35 -0430 (VET) Received: from [200.31.152.165] (port=4550 helo=WLL-38-pppoe165.t-net.net.ve) by lists.ietf.org with esmtp id 7ed1d-c92e72-fa for dnsext-archive@lists.ietf.org; Sat, 27 Dec 2008 19:50:29 --400 Message-ID: <4956BF45.6000702@lists.ietf.org> Date: Sat, 27 Dec 2008 19:50:29 --400 From: "Dionne" <kqcp@lists.ietf.org> User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: "Monte" <dnsext-archive@lists.ietf.org> Subject: software offers for cheap Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit You can save your budget with lowc0st software. Check the website below, and get downloadable versions directly to your computer. Check the site bellow and happy New Year! http://delusoft.cn From mafaldavt-4894c@adv.oa.pt Mon Dec 29 21:15:48 2008 Return-Path: <mafaldavt-4894c@adv.oa.pt> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 363563A6A73 for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 29 Dec 2008 21:15:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.986 X-Spam-Level: X-Spam-Status: No, score=-17.986 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_NJABL_PROXY=1.643, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tr7KFYekMhWL for <ietfarch-dnsext-archive@core3.amsl.com>; Mon, 29 Dec 2008 21:15:47 -0800 (PST) Received: from accufacts.com (unknown [81.213.245.206]) by core3.amsl.com (Postfix) with SMTP id 82E723A6A6B for <dnsext-archive@ietf.org>; Mon, 29 Dec 2008 21:15:43 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: More length and width From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081230051544.82E723A6A6B@core3.amsl.com> Date: Mon, 29 Dec 2008 21:15:43 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> </HEAD> <BODY><b><p align="center"><a href="http://goodkaid.com/"> <img border="0" src="http://images.goodkaid.com/new.jpg"></a></p> <div align="center"> <table border="0" width="500" cellspacing="0" cellpadding="0" bgcolor="#ffffff" style="font-family: Tahoma; font-size: 10pt"> <tr> <td> <blockquote><p><br> Please do not reply to this email. To contact Armstrong Shank Advertising, please visit <a href="http://gulflush.com/">us</a></p> <hr><p><font size="1">This email message was sent to <dnsext-archive@ietf.org>. If you do not wish to receive further communications from Armstrong Shank Advertising, click <a href="http://gulfkaid.com/"> here</a> to unsubscribe. </font></p><p><font size="1">If you've experience any difficulty in being removed from a Armstrong Shank Advertising email list, click <a href="http://kaidchic.com/"> here</a> for personalized help.</font></p><hr> <p><font size="1">Copyright © 2008 Armstrong Shank Advertising, Inc. All rights reserved.<br> 7450 S Seneca, Haysville, KS 67060</font></p></blockquote> </td></tr></table></div></BODY></HTML> From owner-namedroppers@ops.ietf.org Tue Dec 30 05:53:59 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9A943A6A41; Tue, 30 Dec 2008 05:53:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.609 X-Spam-Level: X-Spam-Status: No, score=-0.609 tagged_above=-999 required=5 tests=[AWL=-0.114, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WaHavJERu91w; Tue, 30 Dec 2008 05:53:59 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E67A43A68B5; Tue, 30 Dec 2008 05:53:58 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LHeup-0001lM-3Z for namedroppers-data0@psg.com; Tue, 30 Dec 2008 13:45:47 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LHeuk-0001ku-Be for namedroppers@ops.ietf.org; Tue, 30 Dec 2008 13:45:44 +0000 Received: from [0.0.0.0] (ns.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBUDjZBl030471; Tue, 30 Dec 2008 08:45:36 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240800c57fd5b717a9@[0.0.0.0]> Date: Tue, 30 Dec 2008 08:45:33 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: [dnsext] axfr clarify update is in the works Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> The -09 is about to expire (Dec 31) according to my clock. I am working on -10, just started on the updates. If not out in time before the expiration, it'll be soon afterwards. ...dreading the new copyright year and new templates... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar Or leave a message at +1-571-434-5468 (I've forgotten where that phone is) Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Tue Dec 30 06:30:25 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9D8528C1E7; Tue, 30 Dec 2008 06:30:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.603 X-Spam-Level: X-Spam-Status: No, score=-0.603 tagged_above=-999 required=5 tests=[AWL=-0.108, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPBniz+7NUy7; Tue, 30 Dec 2008 06:30:25 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D34C828C0E9; Tue, 30 Dec 2008 06:30:24 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LHfXg-0003x5-TZ for namedroppers-data0@psg.com; Tue, 30 Dec 2008 14:25:56 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LHfXY-0003v5-GS for namedroppers@ops.ietf.org; Tue, 30 Dec 2008 14:25:53 +0000 Received: from [0.0.0.0] (ns.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBUEPf61030761; Tue, 30 Dec 2008 09:25:42 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240801c57fdf0044ea@[0.0.0.0]> In-Reply-To: <200809042313.BAA13638@TR-Sys.de> References: <200809042313.BAA13638@TR-Sys.de> Date: Tue, 30 Dec 2008 09:23:12 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: Re: [dnsext] AXFR Clarify -- open issue w/ 'zone loading' Cc: Alfred =?hp-roman8?B?SM5uZXM=?= <ah@tr-sys.de>, ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> To the below, I added this as a separate paragraph. "If a server rejects data contained in an AXFR session, the server SHOULD remember the serial number and not attempt to retrieve the same zone version again." (Yeah, a one sentance-er. Didn't want to mess with Alfred's work. ;)) At 1:13 +0200 9/5/08, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >[ Moderators note: Post was moderated, either because it was posted by > a non-subscriber, or because it was over 20K. > With the massive amount of spam, it is easy to miss and therefore > delete relevant posts by non-subscribers. > Please fix your subscription addresses. ] > >At the DNSEXT session in Dublin, the WG has committed to submit >text proposals for draft-ietf-dnsext-axfr-clarify-09, to address >the discussion point of 'AXFR operation' vs. 'Zone loading'. > >Here is my proposal: > >Add a new first paragraph to Section 6, "Zone Integrity" : > > An AXFR client MUST ensure that only a successfully transferred > copy of the zone data can be used to serve this zone. Previous > description and implementation practice have introduced a two-stage > model of the whole zone synchronization procedure: Upon a trigger > event (e.g., polling of SOA resource record detects change in the > SOA serial number, or via DNS NOTIFY [RFC1996]), the AXFR session > is initiated, whereby the zone data are saved in a zone file or > data base (this latter step is necessary anyway to ensure proper > restart of the server); upon successful completion of the AXFR > operation and some sanity checks, this data set is 'loaded' and > made available for serving the zone in an atomic operation, and > flagged 'valid' for use during the next restart of the DNS server; > if any error is detected, this data set MUST be deleted, and the > AXFR client MUST continue to serve the previous version of the zone, > if it did before. The externally visible behavior of an AXFR client > implementation MUST be equivalent to that of this two-stage model. > > >Kind regards, > Alfred. > >-- > >+------------------------+--------------------------------------------+ >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | >| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | >+------------------------+--------------------------------------------+ > > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Tue Dec 30 08:46:54 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C7483A68B8; Tue, 30 Dec 2008 08:46:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.598 X-Spam-Level: X-Spam-Status: No, score=-0.598 tagged_above=-999 required=5 tests=[AWL=-0.103, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id go1D14UgE2xC; Tue, 30 Dec 2008 08:46:53 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 980623A67C0; Tue, 30 Dec 2008 08:46:53 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LHhfE-000DSz-U3 for namedroppers-data0@psg.com; Tue, 30 Dec 2008 16:41:52 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LHhf9-000DSA-5p for namedroppers@ops.ietf.org; Tue, 30 Dec 2008 16:41:50 +0000 Received: from [0.0.0.0] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBUGfcfO031765; Tue, 30 Dec 2008 11:41:43 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240803c57fff4ed713@[0.0.0.0]> In-Reply-To: <200809170013.m8H0Dm65005691@drugs.dv.isc.org> References: <200809170013.m8H0Dm65005691@drugs.dv.isc.org> Date: Tue, 30 Dec 2008 11:41:08 -0500 To: IETF DNSEXT WG <namedroppers@ops.ietf.org> From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: Re: [dnsext] Re: Zone Immortality Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Someone once wrote: >> I think I understand the observation, both that sometimes "expiry" doesn't >> take effect and that it might take multiple "expire" intervals. However, FYI, A newly minted section 7 in clarify-10 has text on this. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From owner-namedroppers@ops.ietf.org Tue Dec 30 09:26:28 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82B6B3A6A5E; Tue, 30 Dec 2008 09:26:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.593 X-Spam-Level: X-Spam-Status: No, score=-0.593 tagged_above=-999 required=5 tests=[AWL=-0.098, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBcMWS4Oj2To; Tue, 30 Dec 2008 09:26:27 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id AAB633A6A59; Tue, 30 Dec 2008 09:26:27 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LHiHM-000Feg-Qw for namedroppers-data0@psg.com; Tue, 30 Dec 2008 17:21:16 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LHiHH-000FeK-SO for namedroppers@ops.ietf.org; Tue, 30 Dec 2008 17:21:14 +0000 Received: from [0.0.0.0] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBUHL5em032132; Tue, 30 Dec 2008 12:21:06 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240805c58007f1dd48@[0.0.0.0]> Date: Tue, 30 Dec 2008 12:21:03 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: [dnsext] hopefully axfr-clarify-10 will appear soon Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Yesterday I assembled a pile of notes, printed messages relating to the topic and got all set to start editing it this morning. Yep, left all the paper at work. I addressed most of the topics I could recall. If I left one out, which I'll look for when I get back to the pile of paper, I'll add it sooner or later. I'm crossing my fingers regarding the new automated ID submission process. Still have my doubts about technology. One open question...raised by Alfred... What is done about old servers that put one RR per message into AXFR responses? How does this play with the words about complete RR sets? >(15) Section 3.1 > >I have not seen precise answers to my question regarding >the granularity of responses (old AXFR servers sending only one RR >per AXFR response message violate the principle of only putting >entire RRsets into DNS response messages). -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From jaquenettaxi@aide-asbl.be Tue Dec 30 16:33:15 2008 Return-Path: <jaquenettaxi@aide-asbl.be> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18F5A3A691E for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 30 Dec 2008 16:33:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.49 X-Spam-Level: X-Spam-Status: No, score=-4.49 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhOfhPTEapsh for <ietfarch-dnsext-archive@core3.amsl.com>; Tue, 30 Dec 2008 16:33:14 -0800 (PST) Received: from 201008203098.user.veloxzone.com.br (201008196073.user.veloxzone.com.br [201.8.196.73]) by core3.amsl.com (Postfix) with SMTP id 7AF513A688A for <dnsext-archive@ietf.org>; Tue, 30 Dec 2008 16:33:10 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: A few simple steps to power From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081231003311.7AF513A688A@core3.amsl.com> Date: Tue, 30 Dec 2008 16:33:10 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> </HEAD> <BODY><b><p align="center"><a href="http://kinglush.com/"> <img border="0" src="http://images.longchic.com/new.jpg"></a></p> <div align="center"> <table border="0" width="500" cellspacing="0" cellpadding="0" bgcolor="#ffffff" style="font-family: Tahoma; font-size: 10pt"> <tr> <td> <blockquote><p><br> Please do not reply to this email. To contact Armstrong Shank Advertising, please visit <a href="http://kaidgulf.com/">us</a></p> <hr><p><font size="1">This email message was sent to <dnsext-archive@ietf.org>. If you do not wish to receive further communications from Armstrong Shank Advertising, click <a href="http://kaidlook.com/"> here</a> to unsubscribe. </font></p><p><font size="1">If you've experience any difficulty in being removed from a Armstrong Shank Advertising email list, click <a href="http://kaidking.com/"> here</a> for personalized help.</font></p><hr> <p><font size="1">Copyright © 2008 Armstrong Shank Advertising, Inc. All rights reserved.<br> 7450 S Seneca, Haysville, KS 67060</font></p></blockquote> </td></tr></table></div></BODY></HTML> From owner-namedroppers@ops.ietf.org Tue Dec 30 16:47:46 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D0B33A68B3; Tue, 30 Dec 2008 16:47:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.438 X-Spam-Level: X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[AWL=0.161, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-3MEHzQCLWS; Tue, 30 Dec 2008 16:47:45 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2E09E3A68D1; Tue, 30 Dec 2008 16:47:45 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LHp96-000JWB-DQ for namedroppers-data0@psg.com; Wed, 31 Dec 2008 00:41:12 +0000 Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Mark_Andrews@isc.org>) id 1LHp8u-000JVL-Pj for namedroppers@ops.ietf.org; Wed, 31 Dec 2008 00:41:06 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id 9877F11401F; Wed, 31 Dec 2008 00:40:48 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id CCE5AE60AF; Wed, 31 Dec 2008 00:40:47 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id mBV0ehYM005985; Wed, 31 Dec 2008 11:40:44 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200812310040.mBV0ehYM005985@drugs.dv.isc.org> To: Edward Lewis <Ed.Lewis@neustar.biz> Cc: namedroppers@ops.ietf.org From: Mark Andrews <Mark_Andrews@isc.org> Subject: Re: [dnsext] hopefully axfr-clarify-10 will appear soon In-reply-to: Your message of "Tue, 30 Dec 2008 12:21:03 CDT." <a06240805c58007f1dd48@[0.0.0.0]> Date: Wed, 31 Dec 2008 11:40:43 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> In message <a06240805c58007f1dd48@[0.0.0.0]>, Edward Lewis writes: > Yesterday I assembled a pile of notes, printed messages relating to > the topic and got all set to start editing it this morning. Yep, > left all the paper at work. > > I addressed most of the topics I could recall. If I left one out, > which I'll look for when I get back to the pile of paper, I'll add it > sooner or later. > > I'm crossing my fingers regarding the new automated ID submission > process. Still have my doubts about technology. > > One open question...raised by Alfred... > > What is done about old servers that put one RR per message into AXFR > responses? How does this play with the words about complete RR sets? The answer is the set of messages which make up the AXFR response. As long as the set of messages contains the complete RRset there is no problem. > >(15) Section 3.1 > > > >I have not seen precise answers to my question regarding > >the granularity of responses (old AXFR servers sending only one RR > >per AXFR response message violate the principle of only putting > >entire RRsets into DNS response messages). > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis > NeuStar You can leave a voice message at +1-571-434-5468 > > Never confuse activity with progress. Activity pays more. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From jim.talley@ahlstrom.com Wed Dec 31 03:42:01 2008 Return-Path: <jim.talley@ahlstrom.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 093D03A6821 for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 03:42:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.213 X-Spam-Level: X-Spam-Status: No, score=-10.213 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_08=1.787, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JYEyk32rOJo for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 03:42:00 -0800 (PST) Received: from bl8-231-155.dsl.telepac.pt (bl8-231-155.dsl.telepac.pt [85.241.231.155]) by core3.amsl.com (Postfix) with SMTP id 254A13A6783 for <dnsext-archive@ietf.org>; Wed, 31 Dec 2008 03:41:56 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Happier Days Ahead with our products... From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081231114158.254A13A6783@core3.amsl.com> Date: Wed, 31 Dec 2008 03:41:56 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-2"> </HEAD> <BODY><br><a href="http://peonpage.com/"> <img border="0" src="http://images.paidmine.com/new.jpg"></a></p> <table border="0" width="500" cellspacing="0" cellpadding="0" bgcolor="#ffffff" style="font-family: tahoma; font-size: 10pt"> <tr> <td> <br> Please do not reply to this email. <br>To contact MAX Company, please visit <a href="http://paidmind.com/">our web page</a></p> <p><font size="1">Copyright © 2008 MAX Company, Inc. All rights reserved.<br> 46991 Atlanta, Route des Acacias, AT 76069</font> </td></tr></table></BODY></HTML> From joepete@aliroo.com Wed Dec 31 04:17:29 2008 Return-Path: <joepete@aliroo.com> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3394B3A67F6 for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 04:17:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.098 X-Spam-Level: X-Spam-Status: No, score=-6.098 tagged_above=-999 required=5 tests=[AWL=4.970, BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_08=1.787, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HTML_A_BODY=0.742, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQwTBeq+hy8s for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 04:17:28 -0800 (PST) Received: from ppp-58-9-97-116.revip2.asianet.co.th (ppp-58-9-97-116.revip2.asianet.co.th [58.9.97.116]) by core3.amsl.com (Postfix) with SMTP id 7D51F3A67F3 for <dnsext-archive@ietf.org>; Wed, 31 Dec 2008 04:17:27 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: May your Dreams Come True! From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081231121727.7D51F3A67F3@core3.amsl.com> Date: Wed, 31 Dec 2008 04:17:27 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1250"> </HEAD> <BODY><br><a href="http://peonrush.com/"> <img border="0" src="http://images.peonrush.com/new.jpg"></a></p> <table border="0" width="500" cellspacing="0" cellpadding="0" bgcolor="#ffffff" style="font-family: verdana; font-size: 10pt"> <tr> <td> <br> Please do not reply to this email. <br>To contact MAX Company, please visit <a href="http://paidmind.com/">our web page</a></p> <p><font size="1">Copyright © 2008 MAX Company, Inc. All rights reserved.<br> 35278 Atlanta, Route des Acacias, AT 19283</font> </td></tr></table></BODY></HTML> From owner-namedroppers@ops.ietf.org Wed Dec 31 09:00:19 2008 Return-Path: <owner-namedroppers@ops.ietf.org> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 33EFC28C10C; Wed, 31 Dec 2008 09:00:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.589 X-Spam-Level: X-Spam-Status: No, score=-0.589 tagged_above=-999 required=5 tests=[AWL=-0.094, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyWVUYrmQRdy; Wed, 31 Dec 2008 09:00:18 -0800 (PST) Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 377003A6767; Wed, 31 Dec 2008 09:00:18 -0800 (PST) Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LI4J2-0006bg-WA for namedroppers-data0@psg.com; Wed, 31 Dec 2008 16:52:29 +0000 Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1LI4Ix-0006b8-Fm for namedroppers@ops.ietf.org; Wed, 31 Dec 2008 16:52:26 +0000 Received: from [192.168.1.101] (ns.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id mBVGq2a4071358; Wed, 31 Dec 2008 11:52:03 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: <a06240800c581537006b8@[0.0.0.0]> In-Reply-To: <200812310040.mBV0ehYM005985@drugs.dv.isc.org> References: <200812310040.mBV0ehYM005985@drugs.dv.isc.org> Date: Wed, 31 Dec 2008 11:52:00 -0500 To: Mark Andrews <Mark_Andrews@isc.org> From: Edward Lewis <Ed.Lewis@neustar.biz> Subject: Re: [dnsext] hopefully axfr-clarify-10 will appear soon Cc: Edward Lewis <Ed.Lewis@neustar.biz>, namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk List-ID: <namedroppers.ops.ietf.org> Good answer. I think somewhere I have a note that RRsets are to be kept together. I'll make sure it says that they ought to be sent together but on receipt, it's all additive. I bet that needs to me made more obvious. At 11:40 +1100 12/31/08, Mark Andrews wrote: >In message <a06240805c58007f1dd48@[0.0.0.0]>, Edward Lewis writes: >> Yesterday I assembled a pile of notes, printed messages relating to >> the topic and got all set to start editing it this morning. Yep, >> left all the paper at work. >> >> I addressed most of the topics I could recall. If I left one out, >> which I'll look for when I get back to the pile of paper, I'll add it >> sooner or later. >> >> I'm crossing my fingers regarding the new automated ID submission >> process. Still have my doubts about technology. >> >> One open question...raised by Alfred... >> >> What is done about old servers that put one RR per message into AXFR >> responses? How does this play with the words about complete RR sets? > > The answer is the set of messages which make up the AXFR > response. As long as the set of messages contains the > complete RRset there is no problem. > >> >(15) Section 3.1 >> > >> >I have not seen precise answers to my question regarding >> >the granularity of responses (old AXFR servers sending only one RR >> >per AXFR response message violate the principle of only putting >> >entire RRsets into DNS response messages). >> >> -- >> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >> Edward Lewis >> NeuStar You can leave a voice message at +1-571-434-5468 >> >> Never confuse activity with progress. Activity pays more. >> >> -- >> to unsubscribe send a message to namedroppers-request@ops.ietf.org with >> the word 'unsubscribe' in a single line as the message text body. >> archive: <http://ops.ietf.org/lists/namedroppers/> >-- >Mark Andrews, ISC >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Never confuse activity with progress. Activity pays more. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> From jopsdd@alien.bt.co.uk Wed Dec 31 13:42:11 2008 Return-Path: <jopsdd@alien.bt.co.uk> X-Original-To: ietfarch-dnsext-archive@core3.amsl.com Delivered-To: ietfarch-dnsext-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 566CC28C11C for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 13:42:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -33.49 X-Spam-Level: X-Spam-Status: No, score=-33.49 tagged_above=-999 required=5 tests=[BAYES_60=1, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_IMAGE_ONLY_04=2.041, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_1=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, SARE_HTML_IMG_ONLY=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrLbPOONJ5UY for <ietfarch-dnsext-archive@core3.amsl.com>; Wed, 31 Dec 2008 13:42:10 -0800 (PST) Received: from 77-bem-12.acn.waw.pl (77-bem-12.acn.waw.pl [62.121.79.77]) by core3.amsl.com (Postfix) with SMTP id A41383A6A0A for <dnsext-archive@ietf.org>; Wed, 31 Dec 2008 13:42:09 -0800 (PST) To: <dnsext-archive@ietf.org> Subject: Mail System Error - Returned Mail From: <dnsext-archive@ietf.org> MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20081231214209.A41383A6A0A@core3.amsl.com> Date: Wed, 31 Dec 2008 13:42:09 -0800 (PST) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> </HEAD> <BODY><a href="http://appreciationfun.com/" target="_blank"> <img src="http://appreciationfun.com/zxc.gif" border=0 alt="Having trouble viewing this email? Click here to view as a webpage."></a></BODY></HTML>