> On Jul 18, 2018, at 4:35 PM, Waltermire, David A. (Fed)
> <[email protected]> wrote:
>
> I think the two "may" entries and the "should" in the following sentence
> should be capitalized.
The "may" references are not intended to be capitalized MAYs; we are stating a
fact (like "can"), since the normative language about the lists of domain
requests comes above in the text. Specifying both a MAY and its opposite
doesn't seem to add much textual value?
Similarly, the "should" that is not capitalized is not intended to be a
normative command, but a description to introduce the following two normative
statements.
IKE clients MUST use a preconfigured whitelist of one or more domain
names for which it will allow INTERNAL_DNSSEC_TA updates. This list
may be sent in the CFG_REQUEST payload, or may be applied after
reception of the CFG_REPLY payload.
IKE clients should take care to only whitelist domains that apply to
internal or managed domains, rather than to generic Internet traffic.
The DNS root zone (".") MUST NOT be whitelisted. Other generic or
public domains, such as top-level domains, similarly SHOULD NOT be
whitelisted.
>
> Regards,
> Dave
> From: IPsec <[email protected] <mailto:[email protected]>> on
> behalf of Tommy Pauly <[email protected] <mailto:[email protected]>>
> Sent: Wednesday, July 18, 2018 4:28:30 PM
> To: IPsecME WG; Eric Rescorla
> Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-split-dns-10.txt
>
> Hello all,
>
> This new rev of the Split DNS document includes the feedback from our WG
> discussion today for handling of the DNSSEC domain whitelist.
>
> Please take a look! The document should be ready to progress at this point.
>
> Best,
> Tommy
>
> > On Jul 18, 2018, at 4:26 PM, [email protected]
> > <mailto:[email protected]> wrote:
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> > This draft is a work item of the IP Security Maintenance and Extensions WG
> > of the IETF.
> >
> > Title : Split DNS Configuration for IKEv2
> > Authors : Tommy Pauly
> > Paul Wouters
> > Filename : draft-ietf-ipsecme-split-dns-10.txt
> > Pages : 13
> > Date : 2018-07-18
> >
> > Abstract:
> > This document defines two Configuration Payload Attribute Types for
> > the IKEv2 protocol that add support for private DNS domains. These
> > domains are intended to be resolved using DNS servers reachable
> > through an IPsec connection, while leaving all other DNS resolution
> > unchanged. This approach of resolving a subset of domains using non-
> > public DNS servers is referred to as "Split DNS"..
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ipsecme-split-dns%2F&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=k%2F6Juy9hDJucBOTXoJgrwBeVfzw6iL3JcOsH1oP%2F4rk%3D&reserved=0
> >
> > <https://na01.safelinks.protection.outlook.com/?url=https://datatracker.ietf.org/doc/draft-ietf-ipsecme-split-dns/&data=02|01|[email protected]|ff7ef1c6c1be4bdf912608d5eced14e3|2ab5d82fd8fa4797a93e054655c61dec|1|0|636675425355607080&sdata=k/6Juy9hDJucBOTXoJgrwBeVfzw6iL3JcOsH1oP/4rk=&reserved=0>
> >
> > There are also htmlized versions available at:
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=anQJZuOh9jiwQY0DRjnkJF9t6rwoKUnCTkTtGD4pRjI%3D&reserved=0
> >
> > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=anQJZuOh9jiwQY0DRjnkJF9t6rwoKUnCTkTtGD4pRjI%3D&reserved=0>
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=3%2FHdtPgHVzi%2B1gXSLO7m029WGCUJM2p0w940mZ8uH4I%3D&reserved=0
> >
> > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=3%2FHdtPgHVzi%2B1gXSLO7m029WGCUJM2p0w940mZ8uH4I%3D&reserved=0>
> >
> > A diff from the previous version is available at:
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf..org%2Frfcdiff%3Furl2%3Ddraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=b6TiXdCbVieE5xT7lx3gludJT3DZi%2FyCpEkYXPb3Bx4%3D&reserved=0
> >
> > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-ipsecme-split-dns-10&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=b6TiXdCbVieE5xT7lx3gludJT3DZi%2FyCpEkYXPb3Bx4%3D&reserved=0>
> >
> >
> > Please note that it may take a couple of minutes from the time of submission
> > until the htmlized version and diff are available at tools.ietf.org
> > <http://tools.ietf.org/>.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/ <ftp://ftp.ietf.org/internet-drafts/>
> >
> > _______________________________________________
> > IPsec mailing list
> > [email protected] <mailto:[email protected]>
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf..org%2Fmailman%2Flistinfo%2Fipsec&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=X%2FXEIPG%2BAZH5dG7EzMMZrRs5YsvxxujN8roweX15YHs%3D&reserved=0
> >
> > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fipsec&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=X%2FXEIPG%2BAZH5dG7EzMMZrRs5YsvxxujN8roweX15YHs%3D&reserved=0>
>
> _______________________________________________
> IPsec mailing list
> [email protected] <mailto:[email protected]>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fipsec&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=X%2FXEIPG%2BAZH5dG7EzMMZrRs5YsvxxujN8roweX15YHs%3D&reserved=0
>
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fipsec&data=02%7C01%7Cdavid..waltermire%40nist.gov%7Cff7ef1c6c1be4bdf912608d5eced14e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636675425355607080&sdata=X%2FXEIPG%2BAZH5dG7EzMMZrRs5YsvxxujN8roweX15YHs%3D&reserved=0>
> _______________________________________________
> IPsec mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/ipsec
> <https://www.ietf.org/mailman/listinfo/ipsec>
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
