Re: [DNSOP] Last Call: (A Root Key Trust Anchor Sentinel for DNSSEC) to Proposed Standard
Thank you! It is actually fixed in the repo already: https://github.com/APNIC-Labs/draft-kskroll-sentinel/commit/c88c649242083510462b43fd1f945f7ec33f24b8 Not sure why that isn't the LC version, but this, and the "exactly as if the mechanism described in this document was not implemented or disabled." -> "exactly as if the mechanism described in this document was not implemented or was disabled." were the only non-whitespace changes). Thanks again, W On Thu, Aug 23, 2018 at 12:07 PM Petr Špaček wrote: > New version has a typo in table of contents: > > 4. Sentinel Tests from Hosts with More than One Configured > Resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 > > IMHO it should end with "Resolvers". > > I would submit pull request but I don't see the latest version in repo > referenced in abstract. > > Petr Špaček @ CZ.NIC > > > On 23.8.2018 14:39, The IESG wrote: > > > > The IESG has received a request from the Domain Name System Operations WG > > (dnsop) to consider the following document: - 'A Root Key Trust Anchor > > Sentinel for DNSSEC' > >as Proposed Standard > > > > The IESG plans to make a decision in the next few weeks, and solicits > final > > comments on this action. Please send substantive comments to the > > i...@ietf.org mailing lists by 2018-09-06. Exceptionally, comments may > be > > sent to i...@ietf.org instead. In either case, please retain the > beginning of > > the Subject line to allow automated sorting. > > > > Abstract > > > > > >The DNS Security Extensions (DNSSEC) were developed to provide origin > >authentication and integrity protection for DNS data by using digital > >signatures. These digital signatures can be verified by building a > >chain of trust starting from a trust anchor and proceeding down to a > >particular node in the DNS. This document specifies a mechanism that > >will allow an end user and third parties to determine the trusted key > >state for the root key of the resolvers that handle that user's DNS > >queries. Note that this method is only applicable for determining > >which keys are in the trust store for the root key. > > > >[ This document is being collaborated on in Github at: > >https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most > >recent version of the document, open issues, etc should all be > >available here. The authors (gratefully) accept pull requests. RFC > >Editor, please remove text in square brackets before publication. ] > > > > > > > > > > The file can be obtained via > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ > > > > IESG discussion can be tracked via > > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ballot/ > > > > > > No IPR declarations have been submitted directly on this I-D. > > > > > > > > > > ___ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Last Call: (A Root Key Trust Anchor Sentinel for DNSSEC) to Proposed Standard
New version has a typo in table of contents: 4. Sentinel Tests from Hosts with More than One Configured Resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 IMHO it should end with "Resolvers". I would submit pull request but I don't see the latest version in repo referenced in abstract. Petr Špaček @ CZ.NIC On 23.8.2018 14:39, The IESG wrote: > > The IESG has received a request from the Domain Name System Operations WG > (dnsop) to consider the following document: - 'A Root Key Trust Anchor > Sentinel for DNSSEC' >as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > i...@ietf.org mailing lists by 2018-09-06. Exceptionally, comments may be > sent to i...@ietf.org instead. In either case, please retain the beginning of > the Subject line to allow automated sorting. > > Abstract > > >The DNS Security Extensions (DNSSEC) were developed to provide origin >authentication and integrity protection for DNS data by using digital >signatures. These digital signatures can be verified by building a >chain of trust starting from a trust anchor and proceeding down to a >particular node in the DNS. This document specifies a mechanism that >will allow an end user and third parties to determine the trusted key >state for the root key of the resolvers that handle that user's DNS >queries. Note that this method is only applicable for determining >which keys are in the trust store for the root key. > >[ This document is being collaborated on in Github at: >https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most >recent version of the document, open issues, etc should all be >available here. The authors (gratefully) accept pull requests. RFC >Editor, please remove text in square brackets before publication. ] > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Last Call: (A Root Key Trust Anchor Sentinel for DNSSEC) to Proposed Standard
The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'A Root Key Trust Anchor Sentinel for DNSSEC' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the i...@ietf.org mailing lists by 2018-09-06. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key. [ This document is being collaborated on in Github at: https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. RFC Editor, please remove text in square brackets before publication. ] The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ballot/ No IPR declarations have been submitted directly on this I-D. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop