headers
Randy Bush | 1 Jun 2003 05:00

list policy

namedroppers <at> ops.ietf.org is the mailing list for the ietf dnsext wg.  see
<http://www.ietf.org/html.charters/dnsext-charter.html> for the wg charter.
messages should be on topics appropriate to the dnsext wg, which are various
discussion of the dns protocols or administrivia of the wg itself.

calls for papers, announcements of events not directly relevant to the dns
protocols, etc. are not appropriate.  discussion of problems with particular
implementations, announcements of releases, sites' misconfigurations, etc.
should be done on mailing lists for the particular implementations.

posts are only accepted from subscribers.  with the massive amount of spam,
it is easy to miss and therefore delete posts by non-subscribers.  if you
wish to regularly post from an address that is not subscribed to this
mailing list, send a message to namedroppers-owner <at> ops.ietf.org and ask to
have your alternate address added to the list of addresses from which
submissions are automatically accepted.

there is a wg for dns operational practice, dnsop, whose charter can be
found at <http://www.ietf.org/html.charters/dnsop-charter.html>.

there is a mailing list for discussion of whose implementation is better,
and why someone else's is broken.  it is weenie-war <at> ops.ietf.org.  all
discussions of such nature should occur there or on /dev/null.  unlike the
namedroppers list, weenie-war <at> ops.ietf.org is not archived.

questions or concerns related to the acceptance or rejection of
specific messages to the namedroppers mailing list should first be
discussed with the wg chairs, with followup appeals using the normal
appeals process of rfc 2026 (i.e., follup with area directors, then
iesg, etc.).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mans Nilsson | 1 Jun 2003 12:51
Picon
Picon

Re: draft-ietf-dnsext-dnssec-2535typecode-change-01.txt

Subject: draft-ietf-dnsext-dnssec-2535typecode-change-01.txt Date: Thu, May 29, 2003 at 12:17:16PM
-0700 Quoting Randy Bush (randy <at> psg.com):
> this initiates a two week wg last call on
> 
>     draft-ietf-dnsext-dnssec-2535typecode-change-01.txt
> 
> and, should it be info or ps?  i suspect the latter as it modifies
> a ps document, but i could be wrong.

Good document. PS. 

Regards, 
--

-- 
Måns Nilsson         Systems Specialist
+46 70 681 7204         KTHNOC
                        MN1334-RIPE

Are we live or on tape?
Permalink | Reply | 0 comments |
headers
Roy Arends | 1 Jun 2003 17:36

Re: opt-in document

On Thu, 22 May 2003, Randy Bush wrote:

> even though opt-in did not gain consensus in the wg, it would be
> good to have a permanent document record.  the iesg discussed this
> recently in the context of a transport area document, and the idea
> is something like the following:
>
>   o publish opt-in as an informational rfc for the historical
>     record
>
>   o with a clear warning on the front of it that this is recording
>     a protocol that did NOT gain ietf consensus, it documents an
>     idea that was considered and not adopted
>
>   o the ADs do have expressed concerns to the chairs about when it
>     gets published; after DS+2535bis would be best.  this doesn't
>     prevent folk from finishing the document now and it can queue
>     (in the wg or at the AD) on hold until DS+2535bis finishes.

I'd like to see opt-in published as experimental. The clear warning is not
necessary, 'experimental' says enough. I'm okay with the timeline.

Roy

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Paul Vixie | 1 Jun 2003 18:43

Re: opt-in document

i prefer that we handle this via ed lewis's "silly state" language.

re:

> X-Original-To: vixie <at> vix.com
> Date: Sun, 1 Jun 2003 17:36:21 +0200 (CEST)
> From: Roy Arends <roy <at> logmess.com>
> X-X-Sender: roy <at> elektron.atoom.net
> To: Randy Bush <randy <at> psg.com>
> Cc: namedroppers <namedroppers <at> ops.ietf.org>
> Subject: Re: opt-in document
> X-Virus-Scanned: by amavisd-new
> Sender: owner-namedroppers <at> ops.ietf.org
> 
> On Thu, 22 May 2003, Randy Bush wrote:
> 
> > even though opt-in did not gain consensus in the wg, it would be
> > good to have a permanent document record.  the iesg discussed this
> > recently in the context of a transport area document, and the idea
> > is something like the following:
> >
> >   o publish opt-in as an informational rfc for the historical
> >     record
> >
> >   o with a clear warning on the front of it that this is recording
> >     a protocol that did NOT gain ietf consensus, it documents an
> >     idea that was considered and not adopted
> >
> >   o the ADs do have expressed concerns to the chairs about when it
> >     gets published; after DS+2535bis would be best.  this doesn't
(Continue reading)

Permalink | Reply | 1 comment |
headers
Roy Arends | 1 Jun 2003 19:19

Re: opt-in document

On Sun, 1 Jun 2003, Paul Vixie wrote:

> i prefer that we handle this via ed lewis's "silly state" language.

No problem.

Roy

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
Permalink | Reply | 0 comments |
headers
Olaf M. Kolkman | 2 Jun 2003 09:52
Picon
Favicon

Re: draft-ietf-dnsext-dnssec-2535typecode-change-01.txt


> this initiates a two week wg last call on
> 
>     draft-ietf-dnsext-dnssec-2535typecode-change-01.txt
> 
> and, should it be info or ps?  i suspect the latter as it modifies
> a ps document, but i could be wrong.

Let's get rolling baby...

Full Support, proposed std.

--------------------------------------------| Olaf M. Kolkman
                                            | www.ripe.net/disi

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
Permalink | Reply | 0 comments |
headers
Roy Arends | 2 Jun 2003 10:56

Re: draft-ietf-dnsext-dnssec-2535typecode-change-01.txt

On Thu, 29 May 2003, Randy Bush wrote:

> this initiates a two week wg last call on
>
>     draft-ietf-dnsext-dnssec-2535typecode-change-01.txt
>
> and, should it be info or ps?  i suspect the latter as it modifies
> a ps document, but i could be wrong.

I do not disagree with the chosen path since I don't want more delays.
Though I still think this is radical, and not a "minor" update to the
protocol.

As for the spec, one minor, very minor suggestion:

    4. IANA Considerations

       This document updates the IANA registry for DNS Resource Record
       Types by assigning types 46, 47, and 48 to the DNSKEY, RRSIG, and
       NSEC RRs, respectively.

I'd like to see the type 48 as the DNSKEY type. The NSEC type code map
consists of octets, and bit48=1 introduces a new octet. If bit 48
corresponds to DNSKEY, and not NSEC, we save an octet during transport
when DNSKEY is not present. But this is a _very_ local optimization.

Roy

--
to unsubscribe send a message to namedroppers-request <at> ops.ietf.org with
(Continue reading)

Permalink | Reply | 0 comments |
headers
Roy Arends | 2 Jun 2003 11:47

Re: Q-10: Reaction to "Silly" NXT's

On Tue, 27 May 2003, Edward Lewis wrote:

<snap>

> When a verifier sees a 0 in EITHER the NXT OR the SIG positions, the
> verifier will take corrective action.  This proposal recommends the
> following action be specified as a MUST:  the verifier will first
> validate the NXT according to local policy, with the intent that the
> presence of the DS RR at the parent points eventually to a zone key
> that verifies the SIG (NXT).  Once the NXT is proven valid, the
> verifier then treats the remainder of the query as if the DS RR did
> not exist - essentially treating the query as traversing through or
> being answered from an unsigned zone.

Okay:

So we have

a.example. IN A
a.example. IN SIG (A)
a.example. IN NXT  d.example. A SIG !NXT     ; aka silly state
a.example. IN SIG (NXT)
b.example. IN A
d.example. IN A
d.example. IN SIG (A)
d.example. IN NXT  example. A SIG NXT
d.example. IN SIG (NXT)

One queries for (b.example.,A,IN,dnssec-ok)
Response:
(Continue reading)

Permalink | Reply | 27 comments |
headers
Derek Atkins | 2 Jun 2003 17:32
Favicon

Re: Q-10: Reaction to "Silly" NXT's

Comments near the end...

Roy Arends <roy <at> logmess.com> writes:

> Okay:
> 
> So we have
> 
> a.example. IN A
> a.example. IN SIG (A)
> a.example. IN NXT  d.example. A SIG !NXT     ; aka silly state
> a.example. IN SIG (NXT)
> b.example. IN A
> d.example. IN A
> d.example. IN SIG (A)
> d.example. IN NXT  example. A SIG NXT
> d.example. IN SIG (NXT)
> 
> One queries for (b.example.,A,IN,dnssec-ok)
> Response:
> 
>    NOERROR
>    b.example. IN A
>    a.example. IN NXT d.example. A !nxt !sig
>    a.example. IN SIG (NXT).
> 
> corrective action:
>    verify NXT record by verifying SIG(NXT). NXT record is okay: remainder
>    is unsigned, i.e. b.example. IN A is treated as unsigned.
>
(Continue reading)

Permalink | Reply | 26 comments |
headers
Eric A. Hall | 2 Jun 2003 18:09

[Fwd: I-D ACTION:draft-hall-dns-data-00.txt]


I'd like to solicit feedback on this I-D please.

Would this be useful as an impersonal ("don't blame me") tool for telling
people that their proposed usage of the DNS has problems?

What's missing from the list? Is there anything you'd take out?

Is this a useless effort?

Thanks

--

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/
Picon Favicon
From: I'd like to solicit feedback on this I-D please. Would this be useful as an impersonal ("don't blame me") tool for telling people that their proposed usage of the DNS has problems? What's missing from the list? Is there anything you'd take out? Is this a useless effort? (Continue reading)

Permalink | Reply | 0 comments |

Gmane