Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)
draft-ietf-dnsop-edns-key-tag-05
Yes
(Joel Jaeggli)
No Objection
(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Jari Arkko)
(Kathleen Moriarty)
(Mirja Kühlewind)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)
Note: This ballot was opened for revision 03 and is now closed.
Joel Jaeggli Former IESG member
Yes
Yes
(for -03)
Unknown
Stephen Farrell Former IESG member
Yes
Yes
(2017-02-15 for -04)
Unknown
- abstract: referring to section 1.1 from here seems wrong, the abstract ought be readable by itself - section 5: Is the key tag query only and solely intended to allow the authoritative to track how clients are paying attention (or not) to key rollovers? If there's another purpose I'm not clear about it. - 5.3: "I believe that to be..." seems like the wrong language to use with >1 author. - section 7/8: Is there a missing security/privacy consideration here, in that an authoritative server here could arrange to hand out key tags that are specific to (in the limit) each query, so that when the resolver queries a sub-domain, and thereafter, the client will be identifiable to the authoritative server? One could do this by generating new keys per querier so that if I ask about example.com I get given a tag that's unique to me, and then some web content pushes me to ask about www.example.com and every time I do that I emit that user-specific key tag. While that'd be unlikely for a large zone, it might be feasible as a tracker if some "bad" domain sets up a specific subdomain for such purposes. That said, I'm not clear how much better this is for the attacker compared to simply using a tracking name in the authority component of the URL for e.g. some 1x1 gif.
Alexey Melnikov Former IESG member
No Objection
No Objection
(2017-02-15 for -04)
Unknown
I am doubtful that this will deploy, considering that there are 2 mechanism. Are there existing or planned implementations of both approaches? I am sorry if I missed that in the shepherding writeup.
Alia Atlas Former IESG member
No Objection
No Objection
(for -04)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -04)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -04)
Unknown
Ben Campbell Former IESG member
No Objection
No Objection
(2017-02-15 for -04)
Unknown
It's unfortunate that the working group couldn't agree on one mechanism, but that's not enough to stand in the way of publication.
Benoît Claise Former IESG member
No Objection
No Objection
(2017-02-16 for -04)
Unknown
Discussion engaged between the Mahesh (OPS DIR reviewer) and the author. https://www.ietf.org/mail-archive/web/ops-dir/current/msg02457.html
Deborah Brungard Former IESG member
No Objection
No Objection
(for -04)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -04)
Unknown
Kathleen Moriarty Former IESG member
No Objection
No Objection
(for -04)
Unknown
Mirja Kühlewind Former IESG member
No Objection
No Objection
(for -04)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -04)
Unknown
Suresh Krishnan Former IESG member
No Objection
No Objection
(for -04)
Unknown
Terry Manderson Former IESG member
No Objection
No Objection
(for -04)
Unknown