Re: Proposed DNSSEC Plenary Experiment for IETF 74

From: Dave CROCKER <dhc2 at dcrocker.net>
To: Steve Crocker <steve at shinkuro.com>
Cc: IETF Discussion <ietf at ietf.org>
Date: Thu, 27 Nov 2008 13:13:20 -0800
In-reply-to: <354F7F18-CA3B-44E9-BEB1-81985C3353B9 at shinkuro.com>
References: <20081126175013.94E2828C161 at core3.amsl.com> <20081127164732.GH10931 at unknown.office.denic.de> <492EE10D.70303 at dcrocker.net> <354F7F18-CA3B-44E9-BEB1-81985C3353B9 at shinkuro.com>



Steve Crocker wrote:

[As entertainment for the audience, I am sure everyone will enjoy seeingmy brother and I take opposite sides in this discussion. Enjoy ;) ]

...

There are three distinct elements of what's being planned.

...

Russ's note initiated discussion of this last piece without setting thecontext with the first two pieces. Let me say a few words about eachpiece.

...

In line with David's note, there are indeed a lot of details to cover,including explanatory notes on how end systems need to be configured toask for signed responses. measurements, etc., etc. All normal stuff andall part of what we are more than capable of doing all the time.



Steve, et al,

Damn. Given your opening, I was hoping for something a little moreentertaining. Especially since the only "side" my note was intended to take wasto observe the stated objections and suggest moving into a project-planningmode, so that debate was about concrete details.

What you've done is to agree that there are quite a few details. As you note,the mailing list didn't yet have the context to be aware that, apparently, many From ietf-bounces at ietf.org Thu Nov 27 13:13:32 2008

Return-Path: <ietf-bounces at ietf.org>
X-Original-To: ietf-archive at megatron.ietf.org
Delivered-To: ietfarch-ietf-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9375D3A6973;
	Thu, 27 Nov 2008 13:13:32 -0800 (PST)
X-Original-To: ietf at core3.amsl.com
Delivered-To: ietf at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id CCC853A6973
	for <ietf at core3.amsl.com>; Thu, 27 Nov 2008 13:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599

X-Spam-Level:X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5

	tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id AZjZ4KlMUnD1 for <ietf at core3.amsl.com>;
	Thu, 27 Nov 2008 13:13:30 -0800 (PST)
Received: from sbh17.songbird.com (mail.mipassoc.org
	[IPv6:2001:470:1:76:0:ffff:4834:7146])
	by core3.amsl.com (Postfix) with ESMTP id 777E43A6452
	for <ietf at ietf.org>; Thu, 27 Nov 2008 13:13:29 -0800 (PST)
Received: from [192.168.0.3] (adsl-67-127-57-127.dsl.pltn13.pacbell.net
	[67.127.57.127]) (authenticated bits=0)
	by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id mARLDMVO011579
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 27 Nov 2008 13:13:23 -0800
Message-ID: <492F0D70.1070500 at dcrocker.net>
Date: Thu, 27 Nov 2008 13:13:20 -0800
From: Dave CROCKER <dhc2 at dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: Steve Crocker <steve at shinkuro.com>
Subject: Re: Proposed DNSSEC Plenary Experiment for IETF 74
References: <20081126175013.94E2828C161 at core3.amsl.com>	<20081127164732.GH10931 at unknown.office.denic.de>	<492EE10D.70303 at dcrocker.net>
	<354F7F18-CA3B-44E9-BEB1-81985C3353B9 at shinkuro.com>
In-Reply-To: <354F7F18-CA3B-44E9-BEB1-81985C3353B9 at shinkuro.com>
X-Virus-Scanned: ClamAV 0.92/8689/Thu Nov 27 10:27:23 2008 on
	sbh17.songbird.com
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(sbh17.songbird.com [72.52.113.17]);
	Thu, 27 Nov 2008 13:13:23 -0800 (PST)
Cc: IETF Discussion <ietf at ietf.org>
X-BeenThere: ietf at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: dcrocker at bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf at ietf.org>
List-Help: <mailto:ietf-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request at ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ietf-bounces at ietf.org
Errors-To: ietf-bounces at ietf.org



Steve Crocker wrote:

[As entertainment for the audience, I am sure everyone will enjoy seeingmy brother and I take opposite sides in this discussion. Enjoy ;) ]

...

There are three distinct elements of what's being planned.

...

Russ's note initiated discussion of this last piece without setting thecontext with the first two pieces. Let me say a few words about eachpiece.

...

In line with David's note, there are indeed a lot of details to cover,including explanatory notes on how end systems need to be configured toask for signed responses. measurements, etc., etc. All normal stuff andall part of what we are more than capable of doing all the time.



Steve, et al,

What you've done is to agree that there are quite a few details. As you note,the mailing list didn't yet have the context to be aware that, apparently, manyare already in place.


So I'd class your note as a follow-through of mine, rather than opposing it...

Reference to signing ietf.org suggests that the intent is to limit theexperiment to operation within the ietf.org domain name. But since you andothers have refereed to other branches that are signed, I assume more elaboratescenarios are intended to work.

That is, since we know that the full DNS tree isn't signed, I assume that thereare constraints on the scenarios that can be tested.


What are they?

And in line with your final paragraph, we do need details for the many clientplatforms: linices, windows, and mac platforms... and maybe some of the mobileones, such as WM7, Android, ...?


A quick google for windows dnssec produces no useful points high in the sequence.

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf



are already in place.

So I'd class your note as a follow-through of mine, rather than opposing it...

That is, since we know that the full DNS tree isn't signed, I assume that thereare constraints on the scenarios that can be tested.


What are they?

And in line with your final paragraph, we do need details for the many clientplatforms: linices, windows, and mac platforms... and maybe some of the mobileones, such as WM7, Android, ...?


A quick google for windows dnssec produces no useful points high in the sequence.

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf

References:
- Proposed DNSSEC Plenary Experiment for IETF 74
  - From: Russ Housley
- Re: Proposed DNSSEC Plenary Experiment for IETF 74
  - From: Peter Koch
- Re: Proposed DNSSEC Plenary Experiment for IETF 74
  - From: Dave CROCKER
- Re: Proposed DNSSEC Plenary Experiment for IETF 74
  - From: Steve Crocker

Prev by Date: Re: Proposed DNSSEC Plenary Experiment for IETF 74
Next by Date: Re: Proposed DNSSEC Plenary Experiment for IETF 74
Previous by thread: Re: Proposed DNSSEC Plenary Experiment for IETF 74
Next by thread: Re: Proposed DNSSEC Plenary Experiment for IETF 74
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Proposed DNSSEC Plenary Experiment for IETF 74

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.