Re: [DNSOP] [Last-Call] Secdir last call review of draft-ietf-dnsop-extended-error-14

On 15. 04. 20 0:34, Wes Hardaker wrote: > Catherine Meadows via Datatracker writes: > >> Reviewer: Catherine Meadows >> Review result: Has Issues > > Hi Catherine, > > Thanks for the review of the dnsop-extended-error draft. [and sorry > for the delay in sending this] > >> The Security Consid

Re: [DNSOP] On Powerbind

Hello everyone, my impression from yesterday is that authors of Powerbind draft assume that everyone else has an idea how DNSSEC Transparency should be implemented, and this makes discussion much harder because IMHO this assumption does not hold. Could authors elaborate on proposed DNSSEC Trans

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

first reply: On Tuesday, 14 April 2020 23:41:46 UTC Mukund Sivaraman wrote: > One more question: > > 3. Proposal to avoid IP fragmentation in DNS > > > >o UDP requestors and responders SHOULD send DNS responses with > > IP_DONTFRAG / IPV6_DONTFRAG [RFC3542] options, which will yield >

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

On Wed, Apr 15, 2020 at 05:11:46AM +0530, Mukund Sivaraman wrote: > One more question: > > > 3. Proposal to avoid IP fragmentation in DNS > > >o UDP requestors and responders SHOULD send DNS responses with > > IP_DONTFRAG / IPV6_DONTFRAG [RFC3542] options, which will yield > > e

Re: [DNSOP] On Powerbind

The DS record doesn’t have a flag field. If you want to add flags or otherwise extend DS records it requires new DS algorithms that encode the flags/extensions inside the digest field. Its incrementally doable and has implications for all future DS algorithms. That said this proposal doesn’t inc

Re: [DNSOP] On Powerbind

a bit in the parent (DS RRset) to say this delegation point is itself delegation-only would be more interesting. perhaps a way to assure compliance with a contract, thus preventing any ambiguity along the lines of "sitefinder". but a bit in the apex (DNSKEY RRset) is still interesting, as a dec

Re: [DNSOP] On Powerbind

On Tue, 14 Apr 2020, Ben Schwartz wrote: The point of powerbind is to specifically state "I'm delegation only". Without knowledge of that, you end up having to log everything, per your own conclusion, because there is no way to know if its a delegation-only zone.  I'm st

Re: [DNSOP] On Powerbind

> On 15 Apr 2020, at 09:34, Ben Schwartz > wrote: > > > > On Tue, Apr 14, 2020, 6:16 PM Wes Hardaker wrote: > Ben Schwartz writes: > > > If I understand correctly, the Powerbind draft is designed to reduce > > the amount of data that must be logged in order to verify appropriate > > use o

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

One more question: > 3. Proposal to avoid IP fragmentation in DNS >o UDP requestors and responders SHOULD send DNS responses with > IP_DONTFRAG / IPV6_DONTFRAG [RFC3542] options, which will yield > either a silent timeout, or a network (ICMP) error, if the path > MTU is ex

Re: [DNSOP] On Powerbind

On Tue, Apr 14, 2020, 6:16 PM Wes Hardaker wrote: > Ben Schwartz writes: > > > If I understand correctly, the Powerbind draft is designed to reduce > > the amount of data that must be logged in order to verify appropriate > > use of a DNSKEY "K" for a delegation-only zone. I'm trying to compare

[DNSOP] I-D Action: draft-ietf-dnsop-no-response-issue-22.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : A Common Operational Problem in DNS Servers - Failure To Communicate Authors : M. Andrews

Re: [DNSOP] Secdir last call review of draft-ietf-dnsop-extended-error-14

Catherine Meadows via Datatracker writes: > Reviewer: Catherine Meadows > Review result: Has Issues Hi Catherine, Thanks for the review of the dnsop-extended-error draft. [and sorry for the delay in sending this] > The Security Considerations section mentions some valid points, but it > is no

Re: [DNSOP] On Powerbind

Ben Schwartz writes: > If I understand correctly, the Powerbind draft is designed to reduce > the amount of data that must be logged in order to verify appropriate > use of a DNSKEY "K" for a delegation-only zone.  I'm trying to compare > the amount of logging required with and without Powerbind.

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

Hi Fujiwara san and Vixie san, On Tue, Apr 14, 2020 at 11:47:56AM -0400, Tim Wicinski wrote: > This starts a Call for Adoption for draft-fujiwara-dnsop-avoid-fragmentation > > The draft is available here: > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ > > Please rev

Re: [DNSOP] NS2/NS2T proper locations

In article you write: >Would the authors of that draft please post into this mailing list, >including asking for comments etc? I'm not Tim, but the draft is here: https://datatracker.ietf.org/doc/draft-tapril-ns2/ >Here's my view on this: >If there is a parent/child delegation NS set, ... Nop

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

On Tue, Apr 14, 2020 at 8:48 AM Tim Wicinski wrote: > > This starts a Call for Adoption for > draft-fujiwara-dnsop-avoid-fragmentation > > The draft is available here: > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ >

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

On Tue, Apr 14, 2020 at 11:23 PM Joe Abley wrote: > > Hi Tim, esteemed fellow chairs, > > On 14 Apr 2020, at 11:47, Tim Wicinski wrote: > > This starts a Call for Adoption for draft-fujiwara-dnsop-avoid-fragmentation > > The draft is available here: > https://datatracker.ietf.org/doc/draft-fujiw

[DNSOP] NS2/NS2T proper locations

On Tue, Apr 14, 2020 at 8:44 AM Paul Vixie wrote: > today it was proposed that NS2 be added as a new record-set type that > could exist in either the parent or the child, similar to NS, and > reminding several of us about the DS debacle. > > Would the authors of that draft please post into this m

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

Hi Tim, esteemed fellow chairs, On 14 Apr 2020, at 11:47, Tim Wicinski wrote: > This starts a Call for Adoption for draft-fujiwara-dnsop-avoid-fragmentation > > The draft is available here: > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ >

[DNSOP] The DNSOP WG has placed draft-fujiwara-dnsop-avoid-fragmentation in state "Call For Adoption By WG Issued"

The DNSOP WG has placed draft-fujiwara-dnsop-avoid-fragmentation in state Call For Adoption By WG Issued (entered by Tim Wicinski) The document is available at https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ ___ DNSOP maili

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

On Tuesday, 14 April 2020 17:32:54 UTC Paul Wouters wrote: > On Tue, 14 Apr 2020, Tim Wicinski wrote: > > This starts a Call for Adoption for > > draft-fujiwara-dnsop-avoid-fragmentation > > > > ... > > > > We are looking for *explicit* support for adoption. > > I am in favour of adoption. > >

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

On Tue, 14 Apr 2020, Tim Wicinski wrote: This starts a Call for Adoption for draft-fujiwara-dnsop-avoid-fragmentation The draft is available here: https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ Please review this draft to see if you think it is suitable for adoptio

Re: [DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

I support and will review. -- Bob Harold On Tue, Apr 14, 2020 at 11:48 AM Tim Wicinski wrote: > > This starts a Call for Adoption for > draft-fujiwara-dnsop-avoid-fragmentation > > The draft is available here: > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ >

Re: [DNSOP] data at delegation points

Moin! On 14 Apr 2020, at 17:59, Paul Vixie wrote: Ralf Weber wrote on 2020-04-14 08:57: Just to clarify if I understand that correct. The DS for example.net would be example._dnssec.net DS. Correct? So would you propose to do example._ns2.net NS2 to distinguish parent and child NS2 records?

[DNSOP] Doodle poll for DNSOP WG interim 23 April 2020

Dear DNSOP WG, Thank you for your time and participation in the DNSOP WG meeting today. The next DNSOP WG interim meeting is scheduled for April 23 and will be a one hour virtual meeting. To select a timeslot, we again created a doodle poll: https://doodle.com/poll/zk9f4ur7fycz3kra Please

Re: [DNSOP] data at delegation points

Ralf Weber wrote on 2020-04-14 08:57: Moin! On 14 Apr 2020, at 17:43, Paul Vixie wrote: DS should never have been placed at the delegation point, and has led to a decade or longer of bugs and corner cases and complexity. it ought to have been a nephew domain of the delegation point, but, in

Re: [DNSOP] data at delegation points

Jim Reid wrote on 2020-04-14 08:54: On 14 Apr 2020, at 16:43, Paul Vixie wrote: so instead of example.com DS, it should have been example._dnssec.com DS. Sadly, that wouldn’t work for thisisaveryveryveryveryveryveryveryveryveryveryveryveryverylong.domain.name Which really exists. :-)

Re: [DNSOP] data at delegation points

Moin! On 14 Apr 2020, at 17:43, Paul Vixie wrote: DS should never have been placed at the delegation point, and has led to a decade or longer of bugs and corner cases and complexity. it ought to have been a nephew domain of the delegation point, but, in the parent: so instead of example.com

Re: [DNSOP] data at delegation points

> On 14 Apr 2020, at 16:43, Paul Vixie wrote: > > so instead of example.com DS, it should have been example._dnssec.com DS. Sadly, that wouldn’t work for thisisaveryveryveryveryveryveryveryveryveryveryveryveryverylong.domain.name Which really exists. :-) _

[DNSOP] Call for Adoption: draft-fujiwara-dnsop-avoid-fragmentation

This starts a Call for Adoption for draft-fujiwara-dnsop-avoid-fragmentation The draft is available here: https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ Please review this draft to see if you think it is suitable for adoption by DNSOP, and comments to the list, clearly

[DNSOP] data at delegation points

today it was proposed that NS2 be added as a new record-set type that could exist in either the parent or the child, similar to NS, and reminding several of us about the DS debacle. DS should never have been placed at the delegation point, and has led to a decade or longer of bugs and corner c

Re: [DNSOP] New draft on delegation revalidation

On Mon, Apr 13, 2020 at 4:59 PM Shumon Huque wrote: > On Fri, Apr 10, 2020 at 12:51 PM Bob Harold wrote: > >> Having read through the draft, and twice through the emails, I think the >> draft has the right balance in using the parent and child NS RRsets >> properly. >> >> I think the "extra" que

Re: [DNSOP] Domain Name System Operations (dnsop) WG Virtual Meeting: 2020-04-14

The Webex room will open at 13:45 UTC. https://ietf.webex.com/ietf/j.php?MTID=m706bba8b48e3db3db02d72f0941b2630 If you enter the Webex room number directly: Meeting number: 614 651 353 Password: VBvPM2NYR43 See you in 40 minutes, Suzanne, Tim and Benno On 07/04/2020 16:18, IESG Secretary wrot