Aggressive Use of DNSSEC-Validated Cache
draft-ietf-dnsop-nsec-aggressiveuse-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-07-17
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-07-12
|
10 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-07-06
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-06-08
|
10 | (System) | IANA Action state changed to No IC from In Progress |
2017-06-08
|
10 | (System) | IANA Action state changed to In Progress |
2017-06-08
|
10 | (System) | RFC Editor state changed to EDIT |
2017-06-08
|
10 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-06-08
|
10 | (System) | Announcement was received by RFC Editor |
2017-06-08
|
10 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Revised I-D Needed |
2017-06-08
|
10 | Cindy Morgan | IESG has approved the document |
2017-06-08
|
10 | Cindy Morgan | Closed "Approve" ballot |
2017-06-07
|
10 | Terry Manderson | Ballot approval text was generated |
2017-05-25
|
10 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2017-05-25
|
10 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2017-05-24
|
10 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2017-05-24
|
10 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2017-05-24
|
10 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-10.txt |
2017-05-24
|
10 | (System) | New version approved |
2017-05-24
|
10 | (System) | Request for posting confirmation emailed to previous authors: Akira Kato , Warren Kumari , Kazunori Fujiwara |
2017-05-24
|
10 | Warren Kumari | Uploaded new revision |
2017-05-24
|
09 | Spencer Dawkins | [Ballot comment] I should ballot Discuss, so we can all tell Warren how awesome this draft is on the telechat itself. More seriously, I'm pretty … [Ballot comment] I should ballot Discuss, so we can all tell Warren how awesome this draft is on the telechat itself. More seriously, I'm pretty sure I was Gen-ART reviewer for the RFC being updated, and this update seems very much like the right thing to do. |
2017-05-24
|
09 | Spencer Dawkins | Ballot comment text updated for Spencer Dawkins |
2017-05-24
|
09 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2017-05-24
|
09 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2017-05-24
|
09 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2017-05-24
|
09 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2017-05-23
|
09 | Suresh Krishnan | [Ballot comment] It would have been nice to use a AAAA record in the examples. |
2017-05-23
|
09 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2017-05-23
|
09 | Ben Campbell | [Ballot comment] I agree with Adam's comment about the parenthetical phrasing in the abstract. I see the intent for text in square brackets to be … [Ballot comment] I agree with Adam's comment about the parenthetical phrasing in the abstract. I see the intent for text in square brackets to be removed. Did I miss instructions to the RFC Editor to that effect? Most likely they will figure it out, but explicit instructions would be better. |
2017-05-23
|
09 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2017-05-23
|
09 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2017-05-23
|
09 | Adam Roach | [Ballot comment] This seems like a good change; the description is well written and easy to understand; and the logic seems sounds and well-explained. The … [Ballot comment] This seems like a good change; the description is well written and easy to understand; and the logic seems sounds and well-explained. The abstract should remove the parentheses from the second paragraph, as they form an important (as opposed to incidental) part of the description of the update. |
2017-05-23
|
09 | Adam Roach | [Ballot Position Update] New position, Yes, has been recorded for Adam Roach |
2017-05-23
|
09 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2017-05-22
|
09 | Eric Rescorla | [Ballot Position Update] New position, No Objection, has been recorded for Eric Rescorla |
2017-05-22
|
09 | Alexey Melnikov | [Ballot comment] Specially for Warren: "Awesome" :-) |
2017-05-22
|
09 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2017-05-22
|
09 | Mirja Kühlewind | [Ballot comment] One smallish, unimportant editorial comment: In section 5, e.g.: "If the negative cache of the validating resolver has sufficient information to validate … [Ballot comment] One smallish, unimportant editorial comment: In section 5, e.g.: "If the negative cache of the validating resolver has sufficient information to validate the query, the resolver SHOULD use NSEC, NSEC3 and wildcard records aggressively." it seems like the word "aggressive" has some meaning which was at least not clear to me. Is there a difference in negative caching and aggressive negative caching? If this word should provide any additional information on what to do could you maybe further explain? |
2017-05-22
|
09 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2017-05-09
|
09 | Tim Wicinski | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Document: draft-ietf-dnsop-nsec-aggressiveuse 1) RFC Type: Proposed Standard Correct RFC … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Document: draft-ietf-dnsop-nsec-aggressiveuse 1) RFC Type: Proposed Standard Correct RFC type indicated in title: yes This Document is the correct type as it updates an existing Standards Track Document (RFC4035) (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? (2) Technical Summary This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers to generate negative answers within a range, and positive answers from wildcards. This increases performance / decreases latency, decreases resource utilization on both authoritative and recursive servers, and also increases privacy. It may also help increase resilience to certain DoS attacks in some circumstances.-33 Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Tim Wicinski Area Director: Joel Jaeggli (3) The document shepherd did a deep dive on the document for technical correctness, as well as an editorial pass for grammar and diction. The shepherd feels this document is ready for publication. (4) The document shepherd does not have any concerns about the depth or breath of the reviews. (5) No additional reviews needed. (6) The document shepherd has no concerns about this document for the Area Directors. (7) The authors have confirmed they are not aware of any IPR against this document. (9) The working group is in strong consenus for this document. (10) There has been no extreme discontent. (11) No Nits found (12) (13) All references have been identified as normative or informative (14) There are no normative references in an unclear state (15) There are normative references to RFCs 7129 and 7719. Those are informational RFCs. (16) Publication of this document will update RFC 4035. (17) The IANA Considerations section requests the assignment of a new EDNS0 option code. Discussing with the Expert Reviewer of DNS parameters, this section is correctly structured (18) No new IANA Registries |
2017-04-30
|
09 | Joel Halpern | Request for Telechat review by GENART Completed: Ready with Issues. Reviewer: Joel Halpern. Sent review to list. |
2017-04-28
|
09 | Jean Mahoney | Request for Telechat review by GENART is assigned to Joel Halpern |
2017-04-28
|
09 | Jean Mahoney | Request for Telechat review by GENART is assigned to Joel Halpern |
2017-04-24
|
09 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2017-04-24
|
09 | Warren Kumari | [Ballot comment] I'm an author, recusing myself. But if I weren't, I'd ballot "Awesome" :-) |
2017-04-24
|
09 | Warren Kumari | [Ballot Position Update] New position, Recuse, has been recorded for Warren Kumari |
2017-04-23
|
09 | Terry Manderson | Placed on agenda for telechat - 2017-05-25 |
2017-04-23
|
09 | Terry Manderson | IESG state changed to IESG Evaluation from Waiting for Writeup |
2017-04-23
|
09 | Terry Manderson | Ballot has been issued |
2017-04-23
|
09 | Terry Manderson | [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson |
2017-04-23
|
09 | Terry Manderson | Created "Approve" ballot |
2017-04-23
|
09 | Terry Manderson | Ballot writeup was changed |
2017-03-30
|
09 | Warren Kumari | Shepherding AD changed to Terry Manderson |
2017-03-30
|
09 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2017-03-30
|
09 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-09.txt |
2017-03-30
|
09 | (System) | New version approved |
2017-03-30
|
09 | (System) | Request for posting confirmation emailed to previous authors: Akira Kato , Warren Kumari , Kazunori Fujiwara |
2017-03-30
|
09 | Warren Kumari | Uploaded new revision |
2017-03-30
|
08 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Sandra Murphy. |
2017-03-29
|
08 | Cindy Morgan | Shepherding AD changed to Warren Kumari |
2017-03-27
|
08 | Jouni Korhonen | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Jouni Korhonen. Sent review to list. |
2017-03-27
|
08 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2017-03-16
|
08 | Joel Halpern | Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern. Sent review to list. |
2017-03-16
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2017-03-16
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2017-03-16
|
08 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2017-03-16
|
08 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-dnsop-nsec-aggressiveuse-08.txt, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-dnsop-nsec-aggressiveuse-08.txt, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal IANA Services Specialist |
2017-03-15
|
08 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sandra Murphy |
2017-03-15
|
08 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sandra Murphy |
2017-03-14
|
08 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jouni Korhonen |
2017-03-14
|
08 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jouni Korhonen |
2017-03-13
|
08 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2017-03-13
|
08 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: tjw.ietf@gmail.com, dnsop-chairs@ietf.org, joelja@gmail.com, draft-ietf-dnsop-nsec-aggressiveuse@ietf.org, Tim Wicinski , … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: tjw.ietf@gmail.com, dnsop-chairs@ietf.org, joelja@gmail.com, draft-ietf-dnsop-nsec-aggressiveuse@ietf.org, Tim Wicinski , dnsop@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Aggressive use of DNSSEC-validated Cache) to Proposed Standard The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Aggressive use of DNSSEC-validated Cache' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-03-27. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers to generate negative answers within a range, and positive answers from wildcards. This increases performance / decreases latency, decreases resource utilization on both authoritative and recursive servers, and also increases privacy. It may also help increase resilience to certain DoS attacks in some circumstances. This document updates RFC4035 by allowing validating resolvers to generate negative answers based upon NSEC/NSEC3 records (and positive answers in the presence of wildcards). [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication.This document is being collaborated on in Github at: https://github.com/wkumari/draft-ietf- dnsop-nsec-aggressiveuse. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests.] The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6982: Improving Awareness of Running Code: The Implementation Status Section (Experimental - IETF stream) draft-fujiwara-dnsop-nsec-aggressiveuse: Aggressive use of NSEC/NSEC3 (None - IETF stream) rfc7129: Authenticated Denial of Existence in the DNS (Informational - Independent Submission Editor stream) rfc7719: DNS Terminology (Informational - IETF stream) Note that some of these references may already be listed in the acceptable Downref Registry. |
2017-03-13
|
08 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2017-03-13
|
08 | Amy Vezza | Last call announcement was changed |
2017-03-12
|
08 | Joel Jaeggli | Last call was requested |
2017-03-12
|
08 | Joel Jaeggli | Last call announcement was generated |
2017-03-12
|
08 | Joel Jaeggli | Ballot approval text was generated |
2017-03-12
|
08 | Joel Jaeggli | Ballot writeup was generated |
2017-03-12
|
08 | Joel Jaeggli | IESG state changed to Last Call Requested from AD Evaluation |
2017-03-02
|
08 | Joel Jaeggli | IESG state changed to AD Evaluation from Publication Requested |
2017-03-02
|
08 | Tim Wicinski | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Document: draft-ietf-dnsop-nsec-aggressiveuse 1) RFC Type: Proposed Standard Correct RFC … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Document: draft-ietf-dnsop-nsec-aggressiveuse 1) RFC Type: Proposed Standard Correct RFC type indicated in title: yes This Document is the correct type as it updates an existing Standards Track Document (RFC4035) (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? (2) Technical Summary This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers to generate negative answers within a range, and positive answers from wildcards. This increases performance / decreases latency, decreases resource utilization on both authoritative and recursive servers, and also increases privacy. It may also help increase resilience to certain DoS attacks in some circumstances.-33 Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Document Shepherd: Tim Wicinski Area Director: Joel Jaeggli (3) The document shepherd did a deep dive on the document for technical correctness, as well as an editorial pass for grammar and diction. The shepherd feels this document is ready for publication. (4) The document shepherd does not have any concerns about the depth or breath of the reviews. (5) No additional reviews needed. (6) The document shepherd has no concerns about this document for the Area Directors. (7) The authors have confirmed they are not aware of any IPR against this document. (9) The working group is in strong consenus for this document. (10) There has been no extreme discontent. (11) No Nits found (12) (13) All references have been identified as normative or informative (14) There are no normative references in an unclear state (15) There are no downward normative references (16) Publication of this document will update RFC 4035. (17) The IANA Considerations section requests the assignment of a new EDNS0 option code. Discussing with the Expert Reviewer of DNS parameters, this section is correctly structured (18) No new IANA Registries |
2017-03-02
|
08 | Tim Wicinski | Responsible AD changed to Joel Jaeggli |
2017-03-02
|
08 | Tim Wicinski | IETF WG state changed to Submitted to IESG for Publication from Waiting for WG Chair Go-Ahead |
2017-03-02
|
08 | Tim Wicinski | IESG state changed to Publication Requested |
2017-03-02
|
08 | Tim Wicinski | IESG process started in state Publication Requested |
2017-03-02
|
08 | Tim Wicinski | Changed document writeup |
2017-01-12
|
08 | Kazunori Fujiwara | New version available: draft-ietf-dnsop-nsec-aggressiveuse-08.txt |
2017-01-12
|
08 | (System) | New version approved |
2017-01-12
|
08 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2017-01-12
|
08 | Kazunori Fujiwara | Uploaded new revision |
2016-12-13
|
07 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-07.txt |
2016-12-13
|
07 | (System) | New version approved |
2016-12-13
|
07 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-12-13
|
07 | Warren Kumari | Uploaded new revision |
2016-11-15
|
06 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-06.txt |
2016-11-15
|
06 | (System) | New version approved |
2016-11-15
|
06 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-11-15
|
06 | Warren Kumari | Uploaded new revision |
2016-11-11
|
05 | Tim Wicinski | IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call |
2016-10-20
|
05 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-05.txt |
2016-10-20
|
05 | (System) | New version approved |
2016-10-20
|
05 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-10-20
|
05 | Warren Kumari | Uploaded new revision |
2016-10-20
|
05 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-10-20
|
05 | Warren Kumari | Uploaded new revision |
2016-10-07
|
04 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-04.txt |
2016-10-07
|
04 | (System) | New version approved |
2016-10-07
|
04 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-10-07
|
04 | Warren Kumari | Uploaded new revision |
2016-10-04
|
03 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-03.txt |
2016-10-04
|
03 | (System) | New version approved |
2016-10-04
|
03 | (System) | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-10-04
|
03 | Warren Kumari | Uploaded new revision |
2016-09-22
|
02 | Tim Wicinski | IETF WG state changed to In WG Last Call from WG Document |
2016-09-22
|
02 | Tim Wicinski | Changed consensus to Yes from Unknown |
2016-09-22
|
02 | Tim Wicinski | Intended Status changed to Proposed Standard from Informational |
2016-09-13
|
02 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-02.txt |
2016-09-13
|
02 | Warren Kumari | New version approved |
2016-09-13
|
02 | Warren Kumari | Request for posting confirmation emailed to previous authors: "Akira Kato" , "Warren Kumari" , "Kazunori Fujiwara" |
2016-09-13
|
02 | (System) | Uploaded new revision |
2016-08-03
|
01 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-01.txt |
2016-06-27
|
00 | Tim Wicinski | Notification list changed to "Tim Wicinski" <tjw.ietf@gmail.com> |
2016-06-27
|
00 | Tim Wicinski | Document shepherd changed to Tim Wicinski |
2016-06-27
|
00 | Tim Wicinski | Intended Status changed to Informational from None |
2016-06-27
|
00 | Tim Wicinski | This document now replaces draft-fujiwara-dnsop-nsec-aggressiveuse instead of None |
2016-06-27
|
00 | Warren Kumari | New version available: draft-ietf-dnsop-nsec-aggressiveuse-00.txt |