Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
On Tue, Oct 01, 2019 at 04:36:02PM -0700, Wes Hardaker wrote: > > I appears that text discussing the possibility of multiple EDE values > > present in earlier drafts may have been inadvertently removed in -07. > > I think such text should be restored, making it clear that the OPT > > record may contain multiple pertinent EDE values. > > Good catch. That notion did get removed by accident. > > How does this sound: > > Senders MAY include more than one EDE option and receivers MUST be > able to accept (but not necessarily process or act on) multiple > EDE options in a DNS message. No objections from me. -- Viktor. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
Viktor Dukhovni writes: > > On Sep 30, 2019, at 7:06 PM, Wes Hardaker wrote: > > > >> Which raises another question: Can an OPT RR legitimately carry more > >> than one EDE option, and thereby communicate multiple errors? Such as > >> perhaps the above hypothetical with some RRSIGs expired, and some not > >> yet vlid. > > > > Yes, the draft discusses including multiple EDE reports. > > I appears that text discussing the possibility of multiple EDE values > present in earlier drafts may have been inadvertently removed in -07. > I think such text should be restored, making it clear that the OPT > record may contain multiple pertinent EDE values. Good catch. That notion did get removed by accident. How does this sound: Senders MAY include more than one EDE option and receivers MUST be able to accept (but not necessarily process or act on) multiple EDE options in a DNS message. -- Wes Hardaker USC/ISI ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
> On Sep 30, 2019, at 7:06 PM, Wes Hardaker wrote: > >> Which raises another question: Can an OPT RR legitimately carry more >> than one EDE option, and thereby communicate multiple errors? Such as >> perhaps the above hypothetical with some RRSIGs expired, and some not >> yet vlid. > > Yes, the draft discusses including multiple EDE reports. I appears that text discussing the possibility of multiple EDE values present in earlier drafts may have been inadvertently removed in -07. I think such text should be restored, making it clear that the OPT record may contain multiple pertinent EDE values. -- Viktor. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
Viktor Dukhovni writes: > ... but no signatures are presently valid and some (often all) > are expired. > ... but no signatures are presently valid and some are not yet valid. Ok, changed to that text. > Which raises another question: Can an OPT RR legitimately carry more > than one EDE option, and thereby communicate multiple errors? Such as > perhaps the above hypothetical with some RRSIGs expired, and some not > yet vlid. Yes, the draft discusses including multiple EDE reports. -- Wes Hardaker USC/ISI ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
> On Sep 27, 2019, at 7:32 PM, internet-dra...@ietf.org wrote: > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-extended-error-10 Perhaps at my instigation the descriptions for: 3.8. Extended DNS Error Code 7 - Signature Expired and 3.9. Extended DNS Error Code 8 - Signature Not Yet Valid were changed in version 10 to read, respectively: ... but all the signatures in an RRset in the validation chain were expired. ... but all the signatures received were not yet valid. But I guess it is also possible in pathological cases, that both might apply. Specifically, when none of the RRSIGs are extant, with at least one expired, and the rest (at least one) not yet valid. FWIW, the language could be amended to accommodate this possibility: ... but no signatures are presently valid and some (often all) are expired. ... but no signatures are presently valid and some are not yet valid. Which raises another question: Can an OPT RR legitimately carry more than one EDE option, and thereby communicate multiple errors? Such as perhaps the above hypothetical with some RRSIGs expired, and some not yet vlid. -- Viktor. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] I-D Action: draft-ietf-dnsop-extended-error-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Extended DNS Errors Authors : Warren Kumari Evan Hunt Roy Arends Wes Hardaker David C Lawrence Filename: draft-ietf-dnsop-extended-error-10.txt Pages : 13 Date: 2019-09-27 Abstract: This document defines an extensible method to return additional information about the cause of DNS errors. Though created primarily to extend SERVFAIL to provide additional information about the cause of DNS and DNSSEC failures, the Extended DNS Errors option defined in this document allows all response types to contain extended error information. Extended DNS Error information does not change the processing of RCODEs. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-extended-error/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dnsop-extended-error-10 https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-extended-error-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-extended-error-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop