Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
On 3/26/22 02:21, Paul Hoffman wrote: On Mar 25, 2022, at 5:59 PM, Joey Deng wrote: During my reading of DNS and DNSSEC, I found another RFC (RFC 7129) very helpful in understanding the motivation from NSEC to NSEC3, besides RFC 5155, but it is not listed in the draft above (maybe because it is for informational purposes?). https://datatracker.ietf.org/doc/rfc7129/ While RFC 7129 is interesting for understanding the protocol, it is background material and maybe not really part of the protocol itself or an extension to the protocol itself. I'm not sure where it would fit into this document. If The purpose is to introduce all of the RFCs in one place so that the reader can understand the many aspects of DNSSEC. (taken from the abstract), then including background material that helps understanding may be the right thing to do, perhaps in a separate section (e.g. "Additional non-normative documents" between Sections 3 and 4). Otherwise, perhaps the purpose should be re-stated as to emphasize collecting only all pieces of the protocol specification. I generally support this draft, and am willing to contribute review comments, perhaps editorial PRs etc. Best, Peter -- https://desec.io/ ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
Paul Hoffman wrote:> Given the higher level of scrutiny that BCPs garner, Such a false sense of security is quite harmful to reduce the end to end security of the Internet. Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
On Mar 25, 2022, at 5:59 PM, Joey Deng wrote: > A possible format issue: Thanks! That will be fixed in the next version. > Since the description above mainly focuses on the new cryptography adopted by > DNSSEC, I think it would make more sense to use title like: > > Additional Cryptographic Algorithms in DNSSEC Yes, great. > During my reading of DNS and DNSSEC, I found another RFC (RFC 7129) very > helpful in understanding the motivation from NSEC to NSEC3, besides RFC 5155, > but it is not listed in the draft above (maybe because it is for > informational purposes?). > https://datatracker.ietf.org/doc/rfc7129/ While RFC 7129 is interesting for understanding the protocol, it is background material and maybe not really part of the protocol itself or an extension to the protocol itself. I'm not sure where it would fit into this document. --Paul Hoffman smime.p7s Description: S/MIME cryptographic signature ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] [Ext] Call for Adoption: DNSSEC as BCP: draft-hoffman-dnssec
I'm the author, so I guess it goes without saying that I support its adoption. Given the higher level of scrutiny that BCPs garner, I will incorporate suggested text in versions of the draft if they are likely to reflect changes that would garner consensus. --Paul Hoffman smime.p7s Description: S/MIME cryptographic signature ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop