From nobody Fri Aug 8 07:58:57 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D23C1B2C2A for ; Fri, 8 Aug 2014 07:58:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.201 X-Spam-Level: X-Spam-Status: No, score=0.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_BELOW2=2.154, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d62u4Rg4lVDb for ; Fri, 8 Aug 2014 07:58:48 -0700 (PDT) Received: from clone.registro.br (clone.registro.br [200.160.2.4]) by ietfa.amsl.com (Postfix) with ESMTP id B99531B2C15 for ; Fri, 8 Aug 2014 07:58:48 -0700 (PDT) Received: by clone.registro.br (Postfix, from userid 1000) id A482024BDFD; Fri, 8 Aug 2014 11:58:47 -0300 (BRT) Date: Fri, 8 Aug 2014 11:58:47 -0300 From: Frederico A C Neves To: dnsext@ietf.org Message-ID: <20140808145847.GA48049@registro.br> References: <20140723213403.GN94557@registro.br> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140723213403.GN94557@registro.br> Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/i8e3koqNAubf-ebg7NBd9C6Pw4w Cc: Paul Wouters Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 14:58:52 -0000 Dear Colleages, This message ends the review process for the OPENPGPKEY RRTYPE. Based on the provided documentation and the list traffic, this request meets both requirements of RFC6895 section 3.1.1 and none of section 3.1.2. Therefore should be accepted. Best Regards, Frederico Neves On Wed, Jul 23, 2014 at 06:34:03PM -0300, Frederico A C Neves wrote: > Dear Colleagues, > > Bellow is a completed template requesting a new RRTYPE assignment > under the procedures of RFC6895. > > This message starts a 2 weeks period for an expert review of the DNS > RRTYPE parameter allocation for OPENPGPKEY specified at: > > http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-00#section-2 > > If you have comments regarding this request please post them here > before Aug 6th 21:00 UTC. > > Best Regards, > Frederico Neves > > --begin 6895 template TLSA-- > A. Submission Date: 23-07-2014 > > B.1 Submission Type: [x] New RRTYPE [ ] Modification to RRTYPE > B.2 Kind of RR: [x] Data RR [ ] Meta-RR > > C. Contact Information for submitter (will be publicly posted): > Name: Paul Wouters Email Address: pwouters@redhat.com > International telephone number: +1-647-896-3464 > Other contact handles: paul@nohats.ca > > D. Motivation for the new RRTYPE application. > > Publishing RFC-4880 OpenPGP formatted keys in DNS with DNSSEC > protection to faciliate automatic encryption of emails in > defense against pervasive monitoring. > > E. Description of the proposed RR type. > > http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-00#section-2 > > F. What existing RRTYPE or RRTYPEs come closest to filling that need > and why are they unsatisfactory? > > The CERT RRtype is the closest match. It unfortunately depends on > subtyping, and its use in general is no longer recommended. It > also has no human usable presentation format. Some usage types of > CERT require external URI's which complicates the security model. > This was discussed in the dane working group. > > G. What mnemonic is requested for the new RRTYPE (optional)? > > OPENPGPKEY > > H. Does the requested RRTYPE make use of any existing IANA registry > or require the creation of a new IANA subregistry in DNS > Parameters? If so, please indicate which registry is to be used > or created. If a new subregistry is needed, specify the > allocation policy for it and its initial contents. Also include > what the modification procedures will be. > > The RDATA part uses the key format specified in RFC-4880, which > itself use https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtm > > This RRcode just uses the formats specified in those registries > for its RRdata part. > > > I. Does the proposal require/expect any changes in DNS > servers/resolvers that prevent the new type from being processed > as an unknown RRTYPE (see [RFC3597])? > > No. > > J. Comments: > > Currently, three software implementations of draft-ietf-dane-openpgpkey > are using a private number. > --end 6895 template TLSA-- > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From nobody Sun Aug 10 01:41:34 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ADD71A0697 for ; Sun, 10 Aug 2014 01:41:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.285 X-Spam-Level: ** X-Spam-Status: No, score=2.285 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FRT_BELOW2=2.154, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZwzJc9Ku6Pn for ; Sun, 10 Aug 2014 01:41:31 -0700 (PDT) Received: from srsomail.nzrs.net.nz (srsomail.nzrs.net.nz [202.46.183.22]) by ietfa.amsl.com (Postfix) with ESMTP id AF2C41A020B for ; Sun, 10 Aug 2014 01:41:30 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by srsomail.nzrs.net.nz (Postfix) with ESMTP id B0D364BC44A; Sun, 10 Aug 2014 20:41:27 +1200 (NZST) X-Virus-Scanned: Debian amavisd-new at srsomail.office.nzrs.net.nz Received: from srsomail.nzrs.net.nz ([202.46.183.22]) by localhost (srsomail.office.nzrs.net.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BA7w7h02mXTZ; Sun, 10 Aug 2014 20:41:17 +1200 (NZST) Received: from [192.168.2.231] (118-93-227-250.dsl.dyn.ihug.co.nz [118.93.227.250]) (Authenticated sender: jay) by srsomail.nzrs.net.nz (Postfix) with ESMTPSA id 5E3624BC44F; Sun, 10 Aug 2014 20:41:17 +1200 (NZST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Jay Daley In-Reply-To: <20140808145847.GA48049@registro.br> Date: Sun, 10 Aug 2014 20:41:15 +1200 Content-Transfer-Encoding: quoted-printable Message-Id: <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> References: <20140723213403.GN94557@registro.br> <20140808145847.GA48049@registro.br> To: Frederico A C Neves X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/s1AXSYusl0iF0khD_nRJ975lBLg Cc: Paul Wouters , dnsext@ietf.org Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2014 08:41:33 -0000 It would be helpful if the draft was updated to reflect the discussion = on the list. Jay On 9/08/2014, at 2:58 am, Frederico A C Neves = wrote: > Dear Colleages, >=20 > This message ends the review process for the OPENPGPKEY RRTYPE. Based > on the provided documentation and the list traffic, this request meets > both requirements of RFC6895 section 3.1.1 and none of section > 3.1.2. Therefore should be accepted. >=20 > Best Regards, > Frederico Neves >=20 > On Wed, Jul 23, 2014 at 06:34:03PM -0300, Frederico A C Neves wrote: >> Dear Colleagues, >>=20 >> Bellow is a completed template requesting a new RRTYPE assignment >> under the procedures of RFC6895. >>=20 >> This message starts a 2 weeks period for an expert review of the DNS >> RRTYPE parameter allocation for OPENPGPKEY specified at: >>=20 >> http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-00#section-2 >>=20 >> If you have comments regarding this request please post them here >> before Aug 6th 21:00 UTC. >>=20 >> Best Regards, >> Frederico Neves >>=20 >> --begin 6895 template TLSA-- >> A. Submission Date: 23-07-2014 >>=20 >> B.1 Submission Type: [x] New RRTYPE [ ] Modification to RRTYPE >> B.2 Kind of RR: [x] Data RR [ ] Meta-RR >>=20 >> C. Contact Information for submitter (will be publicly posted): >> Name: Paul Wouters Email Address: pwouters@redhat.com >> International telephone number: +1-647-896-3464 >> Other contact handles: paul@nohats.ca >>=20 >> D. Motivation for the new RRTYPE application. >>=20 >> Publishing RFC-4880 OpenPGP formatted keys in DNS with DNSSEC >> protection to faciliate automatic encryption of emails in >> defense against pervasive monitoring. >>=20 >> E. Description of the proposed RR type. >>=20 >> http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-00#section-2 >>=20 >> F. What existing RRTYPE or RRTYPEs come closest to filling that need >> and why are they unsatisfactory? >>=20 >> The CERT RRtype is the closest match. It unfortunately depends on >> subtyping, and its use in general is no longer recommended. It >> also has no human usable presentation format. Some usage types of >> CERT require external URI's which complicates the security model. >> This was discussed in the dane working group. >>=20 >> G. What mnemonic is requested for the new RRTYPE (optional)? >>=20 >> OPENPGPKEY >>=20 >> H. Does the requested RRTYPE make use of any existing IANA registry >> or require the creation of a new IANA subregistry in DNS >> Parameters? If so, please indicate which registry is to be used >> or created. If a new subregistry is needed, specify the >> allocation policy for it and its initial contents. Also include >> what the modification procedures will be. >>=20 >> The RDATA part uses the key format specified in RFC-4880, which >> itself use = https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtm >>=20 >> This RRcode just uses the formats specified in those registries >> for its RRdata part. >>=20 >>=20 >> I. Does the proposal require/expect any changes in DNS >> servers/resolvers that prevent the new type from being processed >> as an unknown RRTYPE (see [RFC3597])? >>=20 >> No. >>=20 >> J. Comments: >>=20 >> Currently, three software implementations of = draft-ietf-dane-openpgpkey >> are using a private number. >> --end 6895 template TLSA-- >>=20 >> _______________________________________________ >> dnsext mailing list >> dnsext@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsext >=20 > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext --=20 Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 linkedin: www.linkedin.com/in/jaydaley From nobody Mon Aug 11 09:45:34 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C731A0677 for ; Mon, 11 Aug 2014 08:55:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.671 X-Spam-Level: X-Spam-Status: No, score=-5.671 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBhJrDKU4mip for ; Mon, 11 Aug 2014 08:55:12 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30DD71A0674 for ; Mon, 11 Aug 2014 08:55:12 -0700 (PDT) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s7BF1aUk018573 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 11 Aug 2014 11:01:37 -0400 Received: from bofh.nohats.ca (vpn-60-189.rdu2.redhat.com [10.10.60.189]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s7BF1ZQg029484; Mon, 11 Aug 2014 11:01:35 -0400 Message-ID: <53E8DACE.8040603@redhat.com> Date: Mon, 11 Aug 2014 11:01:34 -0400 From: Paul Wouters User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Jay Daley , Frederico A C Neves References: <20140723213403.GN94557@registro.br> <20140808145847.GA48049@registro.br> <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> In-Reply-To: <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/FL3PkZxPZsmIx5CN-P99f6dJdEw X-Mailman-Approved-At: Mon, 11 Aug 2014 09:45:32 -0700 Cc: dnsext@ietf.org Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 15:55:14 -0000 On 08/10/2014 04:41 AM, Jay Daley wrote: > It would be helpful if the draft was updated to reflect the discussion on the list. I am unsure which discussion items you think should be added to the draft? - Comments about revoked keys? The draft does not specify anything but the openpgpk key format. Possibly this item could go into the openpgpkey-usage document, but would have no effect to the OPENPGPKEY record format. - combining _openpgpkey and _smimecert ? I do not think there is anything gained my merging the namespaces. It would just hinder opengpgp and smime clients/plug-ins in discarding irrelevant data. - comments about not using the APEX or justifying the _openpgpkey prefix? I don't think that belongs in the final document. - referencing 1035's "weak encoding of email address" and explaining why it is unusable. Can be added, although I think the draft already explains the problem when it states why it is using a sha2-224 hash. - small textual improvements suggested by Joe Abbley - Can be added to the next draft, but should that hold up this RRTYPE review? I don't think so. Did I miss anything in particular that you thought needed to be added? Paul From nobody Mon Aug 11 13:20:57 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4E4D1A014F for ; Mon, 11 Aug 2014 13:20:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.569 X-Spam-Level: X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2Hycs_07TpW for ; Mon, 11 Aug 2014 13:20:47 -0700 (PDT) Received: from srsomail.nzrs.net.nz (srsomail.nzrs.net.nz [202.46.183.22]) by ietfa.amsl.com (Postfix) with ESMTP id D0F781A0004 for ; Mon, 11 Aug 2014 13:20:46 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by srsomail.nzrs.net.nz (Postfix) with ESMTP id 61DB44BC4BF; Tue, 12 Aug 2014 08:20:44 +1200 (NZST) X-Virus-Scanned: Debian amavisd-new at srsomail.office.nzrs.net.nz Received: from srsomail.nzrs.net.nz ([202.46.183.22]) by localhost (srsomail.office.nzrs.net.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IwQH0DazeCf7; Tue, 12 Aug 2014 08:20:34 +1200 (NZST) Received: from [192.168.22.129] (unknown [202.46.183.35]) (Authenticated sender: jay) by srsomail.nzrs.net.nz (Postfix) with ESMTPSA id 3A9A24BB9E5; Tue, 12 Aug 2014 08:20:34 +1200 (NZST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Jay Daley In-Reply-To: <53E8DACE.8040603@redhat.com> Date: Tue, 12 Aug 2014 08:20:34 +1200 Content-Transfer-Encoding: quoted-printable Message-Id: <95FDC975-DD90-4784-AD74-3B9760C55095@nzrs.net.nz> References: <20140723213403.GN94557@registro.br> <20140808145847.GA48049@registro.br> <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> <53E8DACE.8040603@redhat.com> To: Paul Wouters X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/qGKwdR4BQuwOP21teDdR0ODsGg8 Cc: dnsext@ietf.org Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 20:20:54 -0000 On 12/08/2014, at 3:01 am, Paul Wouters wrote: > On 08/10/2014 04:41 AM, Jay Daley wrote: >> It would be helpful if the draft was updated to reflect the = discussion on the list. >=20 > I am unsure which discussion items you think should be added to the = draft? >=20 > - Comments about revoked keys? The draft does not specify anything but = the openpgpk key format. Possibly this item could go into the = openpgpkey-usage document, > but would have no effect to the OPENPGPKEY record format. >=20 > - combining _openpgpkey and _smimecert ? I do not think there is = anything gained my merging the namespaces. It would just hinder opengpgp = and smime > clients/plug-ins in discarding irrelevant data. >=20 > - comments about not using the APEX or justifying the _openpgpkey = prefix? I don't think that belongs in the final document. I do. Some good reasons were presented on the list and having those in = the document provides a significantly better reference than list = archives. Currently there is no explanation at all given of the prefix. > - referencing 1035's "weak encoding of email address" and explaining = why it is unusable. Can be added, although I think the draft already = explains the problem > when it states why it is using a sha2-224 hash. That would be useful too. > - small textual improvements suggested by Joe Abbley - Can be added to = the next draft, but should that hold up this RRTYPE review? I don't = think so. I don't buy the "none of this is important enough to hold up the = process" argument - I see no explanation of an urgent need that = overrides doing a quality job. Jay >=20 >=20 > Did I miss anything in particular that you thought needed to be added? >=20 > Paul >=20 --=20 Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 linkedin: www.linkedin.com/in/jaydaley From nobody Mon Aug 11 14:18:19 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E461A01CB for ; Mon, 11 Aug 2014 14:18:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnrLu6RAd8az for ; Mon, 11 Aug 2014 14:18:07 -0700 (PDT) Received: from mail-vc0-x22e.google.com (mail-vc0-x22e.google.com [IPv6:2607:f8b0:400c:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0537E1A0125 for ; Mon, 11 Aug 2014 14:18:06 -0700 (PDT) Received: by mail-vc0-f174.google.com with SMTP id la4so12432678vcb.33 for ; Mon, 11 Aug 2014 14:18:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4ZwaceFgHRH/Ot4kQWDPBgMHA9cfd/YXMH2PSmXLKYU=; b=miQwT3ALn2Z8kOCymlVegzW/1L/m/J6VUhoIgf3Ds965dJgjf7TWSPUaxU9yB+2Zks fV1UD6VmTq/Rl/ynSmvSPXy9KVO2BmtXbEfYXPC+dxnfmZ2JRZuqDfMhzMd9otyKCj0J nNNCqH6P6mJTTFqcZRUzlj67XgUazV5ViO4nE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=4ZwaceFgHRH/Ot4kQWDPBgMHA9cfd/YXMH2PSmXLKYU=; b=XnqAAHKYumADQqbMLaHt0g688GPw2JEdYKwXRJZQm0fI1LdM+KYRm9D6ac1DAx9OTP cxZPFZiZIOb+WmXRdNbzIHoA5R94razVS5tKQ8/F9Y20wT93ODOQL+t9xuqUUjRKdljP vdtlanYadY2rauFYh6+ifPsdFmC3Z02Ku4HZ9z+7+EyraV3AWcahnN+raaeg3AMbimeZ r1Tf5mpUAQgPmEimlSq7TWiSZxlQPArVfMmwt1pW/CU7UCOfKaCF9Pf54Nz7+Ef4MBk/ dDtdFG3dsYNavvmgt92a6K7DuFX3VJAs03czYDGb4qQL/J9iNVFzY6/ipwQKQrBNqe8W iTqw== X-Gm-Message-State: ALoCoQmPwCuAyP5nnHMYEfShs2ki48IZGSKJlqqK+iW8m7tLrxKLAxBcICOOMaZv/vy8JXbXnCYN X-Received: by 10.53.12.225 with SMTP id et1mr20493038vdd.5.1407791886145; Mon, 11 Aug 2014 14:18:06 -0700 (PDT) Received: from [10.10.0.184] ([186.1.202.38]) by mx.google.com with ESMTPSA id er5sm37993186vdc.0.2014.08.11.14.18.03 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 Aug 2014 14:18:05 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Joe Abley In-Reply-To: <53E8DACE.8040603@redhat.com> Date: Mon, 11 Aug 2014 17:18:00 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <7C25D7A5-61E3-4C54-B508-304A7510E080@hopcount.ca> References: <20140723213403.GN94557@registro.br> <20140808145847.GA48049@registro.br> <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> <53E8DACE.8040603@redhat.com> To: Paul Wouters X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/0hwLuePKVIzSTM7_vYSPFxLM4bs Cc: dnsext@ietf.org Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 21:18:09 -0000 On 11 Aug 2014, at 11:01, Paul Wouters wrote: > Did I miss anything in particular that you thought needed to be added? I think the most important thing that this document can do is present a = clear and unambiguous specification, to promote interop between = implementations. Describing the design choices that were made has some value, but mainly = for the historical record or to provide input into future design choices = that other people might make in similar situations. There's next to no = value added for implementors by doing this (note that I'm not saying it = has zero value). Similarly, use cases and examples are great if they provide useful = clarity. If they don't (if the specification is clear enough without = them), they're not necessary. A lot of this is subjective. I think in general the working group should be concerned with whether a = document meets its reasonable objectives, and should not attempt to = micro-manage the authors into adding orthogonal text if they don't feel = like it. In this case, there's no actual need for the wg to be formally = involved at all; this could easily progress on its own merits as an = individual effort (and it's not a working group draft). I like what you have done. Not every RRType specification needs to turn into War and Peace. Joe= From nobody Mon Aug 11 14:33:21 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 409081A00ED for ; Mon, 11 Aug 2014 14:33:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEhKcd99Tg1A for ; Mon, 11 Aug 2014 14:33:19 -0700 (PDT) Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DFD91A00EB for ; Mon, 11 Aug 2014 14:33:19 -0700 (PDT) Received: by mail-vc0-f175.google.com with SMTP id ik5so12357949vcb.34 for ; Mon, 11 Aug 2014 14:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=WkxQwbi5sKt+NjiOY8BNBuiq3ksMBQOKTtfttnzL430=; b=oB64YJJOLwVQZ7TGvqi3BMKdh1OsvvHotv1dTwAKPgwwZd+LPg3d/yxA/u8BeR+gLW +AWu3i1IZe2AVToCNlrb5muwmvWU7Jtx6VThWqoo8mCkAF8X/nt2Z9oAOxu+K3ynmXVq vDGIlA3cr//oLNvlJeBcn0sE11ofNOjYv50Q0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=WkxQwbi5sKt+NjiOY8BNBuiq3ksMBQOKTtfttnzL430=; b=ljbIJwrqHJlvy3dqBINFcKS3oCvxctySf1cV9szn6iokmPQXMsTlVYa9XBshlxFFAr /+ojUFnlmIhkL/F8ezaws1kNtgSV0KsQZYrXMo/UMuuyLQRcE6E/E8vv5ll32vHgdt/Z e4EhX/b/mv0CDyJUTstVR/t7eskGbusEkP1ClvtsBsMb/932fjH22lCCUs75/LDPmIBy dO46RlGpfWth4YWTzyeTsALeY/4WXel8FoYuDKgG8Lkl1GN3Zb3rSYBn+vpsq5ZkrlVK PtQ1xTX2Y6pU7tR7gOQuUJ06eTwVjaIbN5g8DPNpW/N2EbsbKqRTl+aUbl961VG3zcxD axcA== X-Gm-Message-State: ALoCoQmMMxN4NX1M53RIfPykD2q0C7bz4/jEQ2cHhD32qtVMXVfT1o6OKnRsZ+RnoTuIabUwpIcN X-Received: by 10.52.168.134 with SMTP id zw6mr20753757vdb.37.1407792798287; Mon, 11 Aug 2014 14:33:18 -0700 (PDT) Received: from [10.10.0.184] ([186.1.202.38]) by mx.google.com with ESMTPSA id oa3sm38086352vdb.3.2014.08.11.14.33.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 Aug 2014 14:33:17 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Joe Abley In-Reply-To: <7C25D7A5-61E3-4C54-B508-304A7510E080@hopcount.ca> Date: Mon, 11 Aug 2014 17:32:52 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <7BB7321A-B29D-4C47-87AF-40A4EB8E75DA@hopcount.ca> References: <20140723213403.GN94557@registro.br> <20140808145847.GA48049@registro.br> <65E1B57B-BCFB-4444-83C3-CFA69BB87BAC@nzrs.net.nz> <53E8DACE.8040603@redhat.com> <7C25D7A5-61E3-4C54-B508-304A7510E080@hopcount.ca> To: Paul Wouters X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/wnXtDgEQ4mT6RSfrYZsCGXQxIbQ Cc: dnsext@ietf.org Subject: Re: [dnsext] OPENPGPKEY RRTYPE review - [IANA #773394] X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 21:33:20 -0000 On 11 Aug 2014, at 17:18, Joe Abley wrote: > In this case, there's no actual need for the wg to be formally = involved at all; this could easily progress on its own merits as an = individual effort (and it's not a working group draft). Arrgh, I hit cancel quite a lot after I accidentally hit send, but = apparently to no avail. With a name starting with draft-ietf-dane, this = seems quite a lot like a wg document, in fact. Here, let me distract you from the above with this amusing ASCII art, = which surely will not render accurately in 98% of the mail clients = wishing I hadn't bothered: )\._.,--....,'``. /, _.. \ _\ (`._ ,. `._.-(,_..'--(,_..'`-.;.' [Felix Lee ] And leave the following pithy residue in your mimd instead: > Not every RRType specification needs to turn into War and Peace. You're welcome. Joe= From nobody Thu Aug 14 08:53:22 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 522171A0730 for ; Thu, 14 Aug 2014 08:53:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.57 X-Spam-Level: X-Spam-Status: No, score=-102.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4kputv4lt0v for ; Thu, 14 Aug 2014 08:53:19 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id E86EA1A02D5 for ; Thu, 14 Aug 2014 08:53:18 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 975A4180095; Thu, 14 Aug 2014 08:51:25 -0700 (PDT) To: scottr.nist@gmail.com, brian@innovationslab.net, ted.lemon@nominum.com, ogud@ogud.com, ajs@anvilwalrusden.com X-PHP-Originating-Script: 6000:errata_mail_lib.php From: RFC Errata System Message-Id: <20140814155125.975A4180095@rfc-editor.org> Date: Thu, 14 Aug 2014 08:51:25 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/kxGMUYYR3ZmlvECTE7tmXU2Xpxg Cc: bmoeller@acm.org, dnsext@ietf.org, rfc-editor@rfc-editor.org Subject: [dnsext] [Editorial Errata Reported] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 15:53:20 -0000 The following errata report has been submitted for RFC6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4083 -------------------------------------- Type: Editorial Reported by: Bodo Moeller Section: 5.1 Original Text ------------- N/A Corrected Text -------------- [RFC6605] P. Hoffman, P., and Wijngaards, W.C.A., "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, 2012. Notes ----- This Normative Reference is simply missing from the document, even though the algorithms from RFC 6605 are "Recommended to Implement" in RFC 6944. (Cf. how RFC 5933 is referenced, even though its algorithms are merely optional.) Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) -------------------------------------- Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status Publication Date : April 2013 Author(s) : S. Rose Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Thu Aug 14 09:22:31 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4811D1A0A0C; Thu, 14 Aug 2014 09:22:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.57 X-Spam-Level: X-Spam-Status: No, score=-107.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AT2vXHsbHxaL; Thu, 14 Aug 2014 09:22:25 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) by ietfa.amsl.com (Postfix) with ESMTP id 3DADF1A089B; Thu, 14 Aug 2014 09:22:25 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 77C8E180095; Thu, 14 Aug 2014 09:20:30 -0700 (PDT) To: bmoeller@acm.org, scottr.nist@gmail.com X-PHP-Originating-Script: 1005:errata_mail_lib.php From: RFC Errata System Message-Id: <20140814162030.77C8E180095@rfc-editor.org> Date: Thu, 14 Aug 2014 09:20:30 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/L2h9N3xvbFImfgNo-ynwAGYfxPg Cc: rfc-editor@rfc-editor.org, dnsext@ietf.org, ted.lemon@nominum.com, iesg@ietf.org Subject: [dnsext] [Errata Verified] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 16:22:26 -0000 The following errata report has been verified for RFC6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4083 -------------------------------------- Status: Verified Type: Editorial Reported by: Bodo Moeller Date Reported: 2014-08-14 Verified by: Ted Lemon (IESG) Section: 5.1 Original Text ------------- N/A Corrected Text -------------- [RFC6605] P. Hoffman, P., and Wijngaards, W.C.A., "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, 2012. Notes ----- This Normative Reference is simply missing from the document, even though the algorithms from RFC 6605 are "Recommended to Implement" in RFC 6944. (Cf. how RFC 5933 is referenced, even though its algorithms are merely optional.) -------------------------------------- RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) -------------------------------------- Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status Publication Date : April 2013 Author(s) : S. Rose Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Thu Aug 14 09:47:30 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 594CB1A076B for ; Thu, 14 Aug 2014 09:47:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.633 X-Spam-Level: X-Spam-Status: No, score=-2.633 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBo6PssSKqaa for ; Thu, 14 Aug 2014 09:47:28 -0700 (PDT) Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C82521A0460 for ; Thu, 14 Aug 2014 09:47:27 -0700 (PDT) Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 14 Aug 2014 12:47:32 -0400 Received: from postmark.nist.gov (129.6.16.94) by WSXGHUB1.xchange.nist.gov (129.6.18.96) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 14 Aug 2014 12:47:26 -0400 Received: from 6-140.antd.nist.gov (6-140.antd.nist.gov [129.6.140.6]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id s7EGlHh4024179; Thu, 14 Aug 2014 12:47:17 -0400 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Scott Rose In-Reply-To: <20140814155125.975A4180095@rfc-editor.org> Date: Thu, 14 Aug 2014 12:47:17 -0400 Content-Transfer-Encoding: quoted-printable Message-ID: <9D2277EF-2659-4C32-BF3A-B77B547C5E93@gmail.com> References: <20140814155125.975A4180095@rfc-editor.org> To: RFC Errata System X-Mailer: Apple Mail (2.1878.6) X-NIST-MailScanner-Information: Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/VCnadXJPifgzkok5q5KO1W8x-jU Cc: brian@innovationslab.net, dnsext@ietf.org, ted.lemon@nominum.com, bmoeller@acm.org, Olafur Gud Subject: Re: [dnsext] [Editorial Errata Reported] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 16:47:29 -0000 I agree with adding the corrected text. Scott Rose On Aug 14, 2014, at 11:51 AM, RFC Errata System = wrote: > The following errata report has been submitted for RFC6944, > "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm = Implementation Status". >=20 > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=3D6944&eid=3D4083 >=20 > -------------------------------------- > Type: Editorial > Reported by: Bodo Moeller >=20 > Section: 5.1 >=20 > Original Text > ------------- > N/A >=20 > Corrected Text > -------------- > [RFC6605] P. Hoffman, P., and Wijngaards, W.C.A., "Elliptic Curve > Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, 2012. >=20 >=20 > Notes > ----- > This Normative Reference is simply missing from the document, even = though the algorithms from RFC 6605 are "Recommended to Implement" in = RFC 6944. (Cf. how RFC 5933 is referenced, even though its algorithms = are merely optional.) >=20 > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary.=20 >=20 > -------------------------------------- > RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) > -------------------------------------- > Title : Applicability Statement: DNS Security (DNSSEC) = DNSKEY Algorithm Implementation Status > Publication Date : April 2013 > Author(s) : S. Rose > Category : PROPOSED STANDARD > Source : DNS Extensions > Area : Internet > Stream : IETF > Verifying Party : IESG >=20 From nobody Thu Aug 14 10:06:50 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C66041A6F46 for ; Thu, 14 Aug 2014 10:06:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.569 X-Spam-Level: X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWksBNy2nOFx for ; Thu, 14 Aug 2014 10:06:42 -0700 (PDT) Received: from gro.dd.org (gro.dd.org [209.198.103.200]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C58761A0A0E for ; Thu, 14 Aug 2014 10:06:41 -0700 (PDT) Received: by gro.dd.org (Postfix, from userid 102) id DBB7E3F43D; Thu, 14 Aug 2014 13:06:39 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <21484.60575.847307.455491@gro.dd.org> Date: Thu, 14 Aug 2014 13:06:39 -0400 From: Dave Lawrence To: Scott Rose In-Reply-To: <9D2277EF-2659-4C32-BF3A-B77B547C5E93@gmail.com> References: <20140814155125.975A4180095@rfc-editor.org> <9D2277EF-2659-4C32-BF3A-B77B547C5E93@gmail.com> Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/ZMnaxJGXEQAheI3RO2TKakdyYb0 Cc: brian@innovationslab.net, dnsext@ietf.org, ted.lemon@nominum.com, bmoeller@acm.org, Olafur Gud , RFC Errata System Subject: Re: [dnsext] [Editorial Errata Reported] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 17:06:47 -0000 > > Corrected Text > > -------------- > > [RFC6605] P. Hoffman, P., and Wijngaards, W.C.A., "Elliptic Curve > > Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, 2012. Looks like an erroneous double "P." there, and RFC convention would seem to be with the last author's first initial preceding the family name. The same reference is as follows in RFC 6781: [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, April 2012. From nobody Thu Aug 14 10:29:24 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F53D1A6F90 for ; Thu, 14 Aug 2014 10:29:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.568 X-Spam-Level: X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWWQhdPDuoPI for ; Thu, 14 Aug 2014 10:29:19 -0700 (PDT) Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E0E1A6F8F for ; Thu, 14 Aug 2014 10:29:19 -0700 (PDT) Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 616081B84F3 for ; Thu, 14 Aug 2014 10:29:19 -0700 (PDT) Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 206C953E070; Thu, 14 Aug 2014 10:29:19 -0700 (PDT) Received: from [10.0.10.40] (71.233.43.215) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 14 Aug 2014 10:29:18 -0700 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Ted Lemon In-Reply-To: <21484.60575.847307.455491@gro.dd.org> Date: Thu, 14 Aug 2014 13:29:13 -0400 Content-Transfer-Encoding: 7bit Message-ID: References: <20140814155125.975A4180095@rfc-editor.org> <9D2277EF-2659-4C32-BF3A-B77B547C5E93@gmail.com> <21484.60575.847307.455491@gro.dd.org> To: Dave Lawrence X-Mailer: Apple Mail (2.1878.6) X-Originating-IP: [71.233.43.215] Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/8iyi1WSShFXHx89y28h7E1S8rOs Cc: Brian Haberman , dnsext@ietf.org, bmoeller@acm.org, Olafur Gud , RFC Errata System Subject: Re: [dnsext] [Editorial Errata Reported] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 17:29:21 -0000 On Aug 14, 2014, at 1:06 PM, Dave Lawrence wrote: > Looks like an erroneous double "P." there, and RFC convention would > seem to be with the last author's first initial preceding the family > name. The same reference is as follows in RFC 6781: > > [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital > Signature Algorithm (DSA) for DNSSEC", RFC 6605, > April 2012. This error is harmless. From nobody Thu Aug 14 16:11:43 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9B8C1A8948 for ; Thu, 14 Aug 2014 15:44:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.569 X-Spam-Level: X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZ4YmQx724-7 for ; Thu, 14 Aug 2014 15:44:06 -0700 (PDT) Received: from mail.amsl.com (mail.amsl.com [IPv6:2001:1900:3001:11::28]) by ietfa.amsl.com (Postfix) with ESMTP id 6F1BF1A8946 for ; Thu, 14 Aug 2014 15:44:06 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id EB1F21E45A8; Thu, 14 Aug 2014 15:43:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c9a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vJ_tnAInd-C; Thu, 14 Aug 2014 15:43:00 -0700 (PDT) Received: from [10.0.1.4] (pool-74-96-142-208.washdc.fios.verizon.net [74.96.142.208]) by c8a.amsl.com (Postfix) with ESMTPA id 15A241E41C8; Thu, 14 Aug 2014 15:43:00 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Megan Ferguson In-Reply-To: Date: Thu, 14 Aug 2014 18:44:00 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <5B205C44-D2EE-4778-8E1A-FF5D3AB09684@amsl.com> References: <20140814155125.975A4180095@rfc-editor.org> <9D2277EF-2659-4C32-BF3A-B77B547C5E93@gmail.com> <21484.60575.847307.455491@gro.dd.org> To: Dave Lawrence X-Mailer: Apple Mail (2.1085) Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/WNXYIPshR1LD06mpzydpMws85B4 X-Mailman-Approved-At: Thu, 14 Aug 2014 16:11:42 -0700 Cc: Brian Haberman , dnsext@ietf.org, Ted Lemon , bmoeller@acm.org, Olafur Gud , RFC System Subject: Re: [dnsext] [Editorial Errata Reported] RFC6944 (4083) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 22:44:08 -0000 Dave, Thanks for pointing this out. We have updated the report to match the = reference entry as it appears in the list at = www.rfc-editor.org/in-notes/rfc-ref.txt. You can see the corrected report at = http://www.rfc-editor.org/errata_search.php?rfc=3D6944&eid=3D4083. Thank you. RFC Editor/mf On Aug 14, 2014, at 1:29 PM, Ted Lemon wrote: > On Aug 14, 2014, at 1:06 PM, Dave Lawrence wrote: >> Looks like an erroneous double "P." there, and RFC convention would >> seem to be with the last author's first initial preceding the family >> name. The same reference is as follows in RFC 6781: >>=20 >> [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital >> Signature Algorithm (DSA) for DNSSEC", RFC 6605, >> April 2012. >=20 > This error is harmless. >=20 From nobody Mon Aug 25 11:40:00 2014 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 946581A029F for ; Mon, 25 Aug 2014 11:39:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.803 X-Spam-Level: * X-Spam-Status: No, score=1.803 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AX6YMCiL6xk0 for ; Mon, 25 Aug 2014 11:39:57 -0700 (PDT) Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) by ietfa.amsl.com (Postfix) with SMTP id 6EE731A01BA for ; Mon, 25 Aug 2014 11:39:57 -0700 (PDT) Received: (qmail 16931 invoked by uid 0); 25 Aug 2014 18:39:57 -0000 Received: from unknown (HELO CMOut01) (10.0.90.82) by gproxy3.mail.unifiedlayer.com with SMTP; 25 Aug 2014 18:39:57 -0000 Received: from box514.bluehost.com ([74.220.219.114]) by CMOut01 with id j6fr1o00h2UhLwi016fuwj; Mon, 25 Aug 2014 12:39:55 -0600 X-Authority-Analysis: v=2.1 cv=LbyvtFvi c=1 sm=1 tr=0 a=9W6Fsu4pMcyimqnCr1W0/w==:117 a=9W6Fsu4pMcyimqnCr1W0/w==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=-KpzFdj539cA:10 a=S5PdWYr2WMEA:10 a=xcDG4u7r5BUA:10 a=3NT3xRclEPMA:10 a=IkcTkHD0fZMA:10 a=ieNpE_y6AAAA:8 a=XYUc-DgfXtMA:10 a=vS7MmSmxvPQA:10 a=-Z7HAEizAAAA:8 a=RN-VueuHG9Xe6kQu5WEA:9 a=QEXdDO2ut3YA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=bX1eORPooQCItyidec81D+KJVGoISbw264BNCRe13Hs=; b=Us6pIzgbYErGHKm4nGAdVS8KyW3JzjEZZMa43Diixg/UdbNSy39xm43fPSXGoTIGZdxqkSlrLMYADlgAP7i3fmbsrz4soXyn3zAOqas6rPI6wYxw7W7Cp/rOnKXA3J4Z; Received: from [216.113.168.128] (port=25812 helo=[10.244.137.98]) by box514.bluehost.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1XLzBI-0000sa-Nu for dnsext@ietf.org; Mon, 25 Aug 2014 12:39:52 -0600 Message-ID: <53FB82FE.3010409@KingsMountain.com> Date: Mon, 25 Aug 2014 11:39:58 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: dnsext List Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/en6h7iQ4XTncNGtyO1rDdvqG_6A Subject: [dnsext] fyi: NSEC5: Provably Preventing DNSSEC Zone,Enumeration X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2014 18:39:58 -0000 perhaps of interest, this talk will be given tomorrow Tue 26-Aug-2014 in = Gates Hall, Stanford Univ (link to paper near bottom)... Subject: Tuesday, August 26 -- Moni Naor: Primary-Secondary-Resolvers Membership Proof Systems and their Applications to DNSSEC From: Joe Zimmerman Date: Mon, 25 Aug 2014 09:55:27 -0700 To: security-seminar@lists.stanford.edu Primary-Secondary-Resolvers Membership Proof Systems and their Applications to DNSSEC Moni Naor Tuesday, August 26, 2014 Talk at 4:15pm Gates 463A Abstract: We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) that enable a secondary to convince a resolver whether or not a given a element is in a set defined by the primary without revealing more information abo= ut the set. The main motivation is studying the problem of zone enumeration= in DNSSEC. DNSSEC is designed to prevent network attackers from tampering= with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability - Zone Enumeration, where an adversary launches a small number of online DNSSEC queries and t= hen uses offline dictionary attacks to learn which domain names are present o= r absent in a DNS zone. We explain why current DNSSEC (NSEC3) suffers from the problem of zone enumeration: we use cryptographic lower bounds to prove that in a PSR sys= tem the secondary must perform non trivial online computation. This implies t= hat the three design goals of DNSSEC --- high performance, security against network attackers, and privacy against zone enumeration --- cannot be satisfied simultaneously. We provide PSR constructions matching our lower bound and in particular suggest NSEC5, a protocol that solves the problem of DNSSEC zone enumerat= ion while remaining faithful to the operational realities of DNSSEC. The sche= me can be seen as a variant of NSEC3, where the hash function is replaced wi= th an RSA based hashing scheme. Other constructions we have are based on the= Boneh=E2=80=93Lynn=E2=80=93Shacham signature scheme, Verifiable Random an= d Unpredictable Functions and Hierarchical Identity Based Encryption. The talk is based on the papers "NSEC5: Provably Preventing DNSSEC Zone Enumeration" by Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, Leoni= d Reyzin, Sachin Vasant and Asaf Ziv https://www.cs.bu.edu/~goldbe/papers/nsec5.pdf and "PSR Membership Proof Systems" by Moni Naor and Asaf Ziv