[DNSOP] Paul Wouters' Discuss on draft-ietf-dnsop-zoneversion-08: (with DISCUSS and COMMENT)

Paul Wouters has entered the following ballot position for draft-ietf-dnsop-zoneversion-08: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to htt

[DNSOP] Re: [Ext] To sign root-servers.net or not?

Thanks for the pointer! g > On 18 Jun 2024, at 7:17 AM, Paul Hoffman wrote: > > On Jun 17, 2024, at 13:33, Geoff Huston wrote: >> >> [change of topic] >> >> " things that the IETF may not have the final say on." >> >> Possibly true in this case, but not having the final say is very differe

[DNSOP] Re: draft-ietf-dnsop-zoneversion maybe does handle this OK

On 19:50 17/06, John Levine wrote: > According to John R. Levine : > >It currently says: > > > > A name server MAY include more than one ZONEVERSION option in the > > response if it supports multiple TYPEs. A name server MUST NOT include > > more than one ZONEVERSION option for a given TYPE. ..

[DNSOP] Re: [Ext] To sign root-servers.net or not?

On Jun 17, 2024, at 13:33, Geoff Huston wrote: > > [change of topic] > > " things that the IETF may not have the final say on." > > Possibly true in this case, but not having the final say is very different to > "having a say" > > I would find it interesting to understand the current state of

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

On Jun 17, 2024, at 13:39, Joe Abley wrote: > > Hi Paul, > > On 17 Jun 2024, at 21:18, Paul Hoffman wrote: > >> The paragraph reads: >> >> If the "root-servers.net" zone is later signed, or if the root servers are >> named in a >> different zone and that zone is signed, having DNSSEC validat

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

Hi Paul, On 17 Jun 2024, at 21:18, Paul Hoffman wrote: > The paragraph reads: > > If the "root-servers.net" zone is later signed, or if the root servers are > named in a > different zone and that zone is signed, having DNSSEC validation for the > priming queries > might be valuable. > The ben

[DNSOP] To sign root-servers.net or not?

[change of topic] " things that the IETF may not have the final say on." Possibly true in this case, but not having the final say is very different to "having a say" I would find it interesting to understand the current state of thinking in DNSOP as to whether to DNSSEC-sign the root-servers.

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

On Jun 17, 2024, at 09:52, Tim Wicinski wrote: > > > > On Mon, Jun 17, 2024 at 12:19 PM Joe Abley wrote: > On 17 Jun 2024, at 17:54, Tim Wicinski wrote: > >> Oh that's a very good point, and does make that assumption. "will be >> valuable if root-servers.net [root-servers.net] is DNSSEC s

[DNSOP] Re: draft-ietf-dnsop-zoneversion maybe does handle this OK

According to John R. Levine : >It currently says: > > A name server MAY include more than one ZONEVERSION option in the > response if it supports multiple TYPEs. A name server MUST NOT include > more than one ZONEVERSION option for a given TYPE. ... >;; QUESTION SECTION: >;com.ws.sp.am.

[DNSOP] draft-ietf-dnsop-zoneversion doesn't handle this situation

It currently says: A name server MAY include more than one ZONEVERSION option in the response if it supports multiple TYPEs. A name server MUST NOT include more than one ZONEVERSION option for a given TYPE. Here is a real life example from my server sdn.iecc.com: ;; QUESTION SECTION: ;com.ws

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

On Mon, Jun 17, 2024 at 12:19 PM Joe Abley wrote: > On 17 Jun 2024, at 17:54, Tim Wicinski wrote: > > Oh that's a very good point, and does make that assumption. "will be > valuable if root-servers.net is DNSSEC signed" does not make that > assumption. > > > It perhaps narrowly avoids one of t

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

On 17 Jun 2024, at 17:54, Tim Wicinski wrote:Oh that's a very good point, and does make that assumption.   "will be valuable if root-servers.net is DNSSEC signed" does not make that assumption. It perhaps narrowly avoids one of the assumptions I mentioned but it still warmly embraces the other one

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

On Mon, Jun 17, 2024 at 11:45 AM Joe Abley wrote: > Hi Tim, > > Doesn't that text presuppose (a) that the current naming scheme is > invariant and (b) the root-servers.net zone will one day be signed? > > I suggest phrasing that recognises current reality is probably better than > text that specu

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

Hi Tim,Doesn't that text presuppose (a) that the current naming scheme is invariant and (b) the root-servers.net zone will one day be signed?I suggest phrasing that recognises current reality is probably better than text that speculates about the future, especially when it comes to things that the

[DNSOP] Re: [DNSOP]Re: [Ext] Requesting final comments on draft-ietf-dnsop-rfc8109bis

Paul is correct on this - we would like a few more comments on the clarification changes to RFC8109-bis. Also, Willem offered some suggested text to the last paragraph of 3.3 relating to root-servers.net : "DNSSEC validation of the priming query is valuable when root-servers.net zone will be DNS

[DNSOP] Éric Vyncke's Yes on draft-ietf-dnsop-qdcount-is-one-03: (with COMMENT)

Éric Vyncke has entered the following ballot position for draft-ietf-dnsop-qdcount-is-one-03: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https