Re: [DNSOP] Kathleen Moriarty's Discuss on draft-ietf-dnsop-maintain-ds-03: (with DISCUSS)
Hello, Will there be an update to this draft before the telechat or is there a running version with updates from the open discuss points that should be referenced? Thank you, Kathleen On Mon, Aug 29, 2016 at 9:09 AM, Kathleen Moriarty wrote: > Kathleen Moriarty has entered the following ballot position for > draft-ietf-dnsop-maintain-ds-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/ > > > > -- > DISCUSS: > -- > > Overall, this draft seems like a very useful and helpful draft. In > reading it, I would like to see some security considerations around the > methods in section 3, in particular section 3.2, which is the loosest. > Just seeing that the domain has been transferred seems like a risky check > to rely on to me. The risks of using these proposed methods should be > stated. Thanks. > > > > -- Best regards, Kathleen ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Kathleen Moriarty's Discuss on draft-ietf-dnsop-maintain-ds-03: (with DISCUSS)
Kathleen Moriarty has entered the following ballot position for draft-ietf-dnsop-maintain-ds-03: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/ -- DISCUSS: -- Overall, this draft seems like a very useful and helpful draft. In reading it, I would like to see some security considerations around the methods in section 3, in particular section 3.2, which is the loosest. Just seeing that the domain has been transferred seems like a risky check to rely on to me. The risks of using these proposed methods should be stated. Thanks. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] revisiting outstanding dicusses for 6304bis
On Tue, Feb 24, 2015 at 3:28 PM, Andrew Sullivan wrote: > On Tue, Feb 24, 2015 at 12:06:06PM -0800, Joel Jaeggli wrote: > > Should we consider recommendations with respect to treatment of logging > or storage of queries or the extent to which such queries should be > protected? > > > > IMO, No. The text as it stands says, "This could result in logs." > There are lots of operational reasons to log, and the fact that your > leaking queries could result in information about your system being > made public is a reason _not to leak_ in the first place. That has > nothing to do with operating AS112, which is infrastructure to sink > traffic that never should have made it to the Net in the first place. > > Fair point. I asked for it as an educational point, which hopefully the operators know to protect logs already. I'm sure the folks leaking DNS data don't have a clue their queries are going out, may be logged, and wouldn't know they were supposed to fix this leakage (or how) it unless someone told them. I'll remove the discuss based on the updated text. Thank you. Kathleen > Best regards, > > A > > > -- > Andrew Sullivan > a...@anvilwalrusden.com > -- Best regards, Kathleen ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Kathleen Moriarty's No Objection on draft-ietf-dnsop-dnssec-key-timing-06: (with COMMENT)
Kathleen Moriarty has entered the following ballot position for draft-ietf-dnsop-dnssec-key-timing-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-key-timing/ -- COMMENT: -- Please move Appendix A into section 1.3 as it would be better to have all terms, symbols, and variables used in the draft defined in the terminology section. Russ Housley noticed this and I agree with him in that it would be good to fix. In 1.4 should this include key sizes as well since they are not discussed? I see the explanation in section 5 and am just wondering if the procedures are the same when key properties change as opposed to expiration and revocation, which are both mentioned in the draft. The SecDir review found a few nits you should probably fix as well: https://www.ietf.org/mail-archive/web/secdir/current/msg05318.html ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop