Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-11-16 Thread Tim Wattenberg
(Sorry for the belated feedback.) I was just reading the document to work on some early implementation during the Hackathon and noticed a small inconsistency: Section 2 defines the wire-format and states for the OPTION-LENGTH it „[…] should be 4 plus the length of the EXTRA-TEXT section (which m

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-03 Thread Viktor Dukhovni
> On Oct 3, 2019, at 7:11 AM, Tony Finch wrote: > >>> [ I'm still not convinced "indeterminate" is a coherent validation state... >>> ] >> >> It happens when glue NS records are available, but DS RRsets are not. > > That is "insecure". No, by "available" I meant lookup succeeded (returning va

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-03 Thread Tony Finch
Wes Hardaker wrote: > > It's this one: > >3.15. Extended DNS Error Code 14 - Not Ready D'oh! > One, the latest version talks about servers MAY put in more than one > EDE. Oh wow, that will be fun... Tony. -- f.anthony.n.finchhttp://dotat.at/ Biscay, Southeast Fitzroy: Southwesterly 5

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-03 Thread Tony Finch
Viktor Dukhovni wrote: > > On Oct 2, 2019, at 8:01 AM, Tony Finch wrote: > > > > Is this not also covered by EDE 9 (DNSKEY missing) and EDE 10 (RRSIG > > missing)? > > No it is not. The indeterminate state happens when DS RRset lookups > servfail, for the zone or one of its ancestors, this could

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-02 Thread Wes Hardaker
Tony Finch writes: > I have had another read through. Thanks for the extra pass. (we still have IETF-wide last call to wade through too, FYI) > In the intro, one of the example uses for EDE is a server returning errors > because it has not finished starting up, but there is no EDE code for th

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-02 Thread Viktor Dukhovni
> On Oct 2, 2019, at 8:01 AM, Tony Finch wrote: > > Re. EDE 5 indeterminate, RFC 4035 says: > > Indeterminate: An RRset for which the resolver is not able to > determine whether the RRset should be signed, as the resolver is > not able to obtain the necessary DNSSEC RRs. This can

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-02 Thread Tony Finch
I have had another read through. In the intro, one of the example uses for EDE is a server returning errors because it has not finished starting up, but there is no EDE code for this case. Re. EDE 0 "other", is it supposed to cover the situation when there are multiple errors, e.g. different au

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-01 Thread Wes Hardaker
internet-dra...@ietf.org writes: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Domain Name System > Operations WG of the IETF. This version addresses, I believe, all comments from the WG LC. -- Wes Hardaker USC/ISI

[DNSOP] I-D Action: draft-ietf-dnsop-extended-error-12.txt

2019-10-01 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Extended DNS Errors Authors : Warren Kumari Evan Hunt