[DNSOP] IPR Disclosure Cloudflare, Inc.'s Statement about IPR related to draft-ietf-dnsop-compact-denial-of-existence

2023-07-21 Thread IETF Secretariat 
Dear Shumon Huque, Christian Elmerot, Ólafur Guðmundsson:


An IPR disclosure that pertains to your Internet-Draft entitled "Compact
Denial of Existence in DNSSEC" (draft-ietf-dnsop-compact-denial-of-existence)
was submitted to the IETF Secretariat on 2023-07-21 and has been posted on
the "IETF Page of Intellectual Property Rights Disclosures"
(https://datatracker.ietf.org/ipr/6090/). The title of the IPR disclosure is
"Cloudflare, Inc.'s Statement about IPR related to
draft-ietf-dnsop-compact-denial-of-existence"


Thank you

IETF Secretariat


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] IPR Disclosure Cloudflare, Inc.'s Statement about IPR related to draft-ietf-dnsop-compact-denial-of-existence

2023-07-21 Thread IETF Secretariat 
Dear Shumon Huque, Christian Elmerot, Ólafur Guðmundsson:


An IPR disclosure that pertains to your Internet-Draft entitled "Compact
Denial of Existence in DNSSEC" (draft-ietf-dnsop-compact-denial-of-existence)
was submitted to the IETF Secretariat on 2023-07-21 and has been posted on
the "IETF Page of Intellectual Property Rights Disclosures"
(https://datatracker.ietf.org/ipr/6089/). The title of the IPR disclosure is
"Cloudflare, Inc.'s Statement about IPR related to
draft-ietf-dnsop-compact-denial-of-existence"


Thank you

IETF Secretariat


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] FYI: Google Public DNS now reports EDEs

2023-07-21 Thread Viktor Dukhovni 
[ I hope a brief "public announcement" is not out of place.
  The same post will shortly also be sent to dns-operations. ]

Google Public DNS (also "dns.google", or, colloquially, "Quad8") now
includes EDEs in most error responses.  For details see:


https://developers.google.com/speed/public-dns/docs/troubleshooting/domains#edes

-- 
Viktor.

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] New IETF 117 DNSOP WG agenda published

2023-07-21 Thread Benno Overeinder 

Dear WG,

A new agenda for the IETF 117 DNSOP WG meeting on Monday, July 24, 
0930-1130 PDT (1630-1830 UTC) has been published, see 
https://datatracker.ietf.org/meeting/117/materials/agenda-117-dnsop-01


The agenda also includes URLs to MeetEcho and Zulip.

Best regards,

Suzanne
Tim
Benno


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] draft-dnsop-dnssec-extension-pkix

2023-07-21 Thread Taekyoung Kwon 
Hi! Victor, Mark and Paul,

Thank you so much for crucial comments and candid opinions.
We have been thinking about the downgrade attacks that you mentioned.
Right now, It is not easy to come up with a solution space for such attacks.
We agree that it is better to discuss this proposal (after addressing such
issues) in later meetings.
So we'd like to withdraw our presentation slot this time.

Thank you,

Hyeonmin and Taekyoung,


On Mon, Jul 17, 2023 at 7:38 PM  wrote:

> Send DNSOP mailing list submissions to
> dnsop@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.ietf.org/mailman/listinfo/dnsop
> or, via email, send a message with subject or body 'help' to
> dnsop-requ...@ietf.org
>
> You can reach the person managing the list at
> dnsop-ow...@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of DNSOP digest..."
> Today's Topics:
>
>1.  draft-dnsop-dnssec-extension-pkix on IETF117 dnsop agenda?
>   (Viktor Dukhovni)
>2. Re:  draft-dnsop-dnssec-extension-pkix on IETF117 dnsop
>   agenda? (Viktor Dukhovni)
>3. Re:  draft-dnsop-dnssec-extension-pkix on IETF117 dnsop
>   agenda? (Mark Andrews)
>4. Re:  [Ext] draft-dnsop-dnssec-extension-pkix on IETF117 dnsop
>   agenda? (Paul Hoffman)
>5. Re:  Best Practices for Managing Existing Delegations When
>   Deleting a Domain or Host (Viktor Dukhovni)
>6. Re:  Fwd: New Version Notification -
>   draft-ietf-dnsop-avoid-fragmentation-13.txt (Peter van Dijk)
>
>
>
> -- Forwarded message --
> From: Viktor Dukhovni 
> To: dnsop-cha...@ietf.org
> Cc: dnsop@ietf.org
> Bcc:
> Date: Sun, 16 Jul 2023 15:06:35 -0400
> Subject: [DNSOP] draft-dnsop-dnssec-extension-pkix on IETF117 dnsop agenda?
> I see that draft-dnsop-dnssec-extension-pkix is included on the IETF117
> dnsop agenda.
>
> https://datatracker.ietf.org/doc/draft-dnsop-dnssec-extension-pkix/
>
> I haven't seen prior discussion of this item on the list, and,
> personally, rather suspect it unlikely to gain meaningful support from
> the WG and see adoption.
>
> Would it possible to defer discussion of this document to such time as
> some evidence of support emerges, and in the meantime use the timeslot
> for more realistically productive proposals?
>
> --
> Viktor.
>
>
>
>
>
> -- Forwarded message --
> From: Viktor Dukhovni 
> To: dnsop@ietf.org
> Cc:
> Bcc:
> Date: Sun, 16 Jul 2023 15:53:12 -0400
> Subject: Re: [DNSOP] draft-dnsop-dnssec-extension-pkix on IETF117 dnsop
> agenda?
> On Sun, Jul 16, 2023 at 03:06:35PM -0400, Viktor Dukhovni wrote:
> > I see that draft-dnsop-dnssec-extension-pkix is included on the IETF117
> dnsop agenda.
> >
> > https://datatracker.ietf.org/doc/draft-dnsop-dnssec-extension-pkix/
> >
> > I haven't seen prior discussion of this item on the list, and,
> > personally, rather suspect it unlikely to gain meaningful support from
> > the WG and see adoption.
> >
> > Would it possible to defer discussion of this document to such time as
> > some evidence of support emerges, and in the meantime use the timeslot
> > for more realistically productive proposals?
>
> I should perhaps have stated the technical criteria on which I consider
> the proposal non-viable.  To whit:
>
> - The proposed protocol lacks all downgrade resistance.
> - Without a signed delegation from the parent, the existence of the
>   zone apex CERT MRs and associated RRSIGs is trivially denied  by
>   an on-path attacker.
> - This protocol adds failure modes (CERTs and RRSIGs are available,
>   but don't match), without adding any security.
>
> Since the point of DNSSEC is to thwart active attacks, and the protocol
> in the proposed draft offers no such protection, I consider it
> non-viable.
>
> There are other substantial issues, but the above is sufficient to stop
> looking for more reasons why this is a dead-end.
>
> --
> Viktor.
>
>
>
>
>
> -- Forwarded message --
> From: Mark Andrews 
> To: dnsop 
> Cc:
> Bcc:
> Date: Mon, 17 Jul 2023 09:47:35 +1000
> Subject: Re: [DNSOP] draft-dnsop-dnssec-extension-pkix on IETF117 dnsop
> agenda?
>
>
> > On 17 Jul 2023, at 05:53, Viktor Dukhovni 
> wrote:
> >
> > On Sun, Jul 16, 2023 at 03:06:35PM -0400, Viktor Dukhovni wrote:
> >> I see that draft-dnsop-dnssec-extension-pkix is included on the IETF117
> dnsop agenda.
> >>
> >>https://datatracker.ietf.org/doc/draft-dnsop-dnssec-extension-pkix/
> >>
> >> I haven't seen prior discussion of this item on the list, and,
> >> personally, rather suspect it unlikely to gain meaningful support from
> >> the WG and see adoption.
> >>
> >> Would it possible to defer discussion of this document to such time as
> >> some evidence of support emerges, and in the meantime use the timeslot
> >> for more realistically productive proposals?
> >
> > I should perhaps have stated the technical criteria