Re: [dane] Ben Campbell's Yes on draft-ietf-dane-srv-13: (with COMMENT)

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Tue, Apr 21, 2015 at 04:00:25PM -0700, Ben Campbell wrote:

> 3.1, 2nd paragraph (note)
> 
> I have mixed emotions about smtp-with-dane as an informational reference.
> Putting it in a "note" aside, can one safely implement and use dane-srv
> without reading that draft? (If the answer is really "yes", then I'm okay
> with it.)

It was decided after some WG discussion (for lack of an obvious
alternative home) that the text describing how to deal with DNS
errors was to remain in the SMTP draft rather than be duplicated
in both.  So I think that readers of the SRV draft need to read
the DNS error handling text from the SMTP draft.

> 3.2, first paragraph:
> 
> Is this meant to imply that one must resolve every SRV target? I would
> assume that it follows the normal SRV rules and application protocol
> rules, which may or may not result in queries for every SRV target in the
> set.

I would *not* expect that every SRV target needs to be resolved.
Rather it should suffice to resolve the targets one by one if the
application wishes to move from one target to the next, until a
satisfactory connection is established, at which point unresolved
targets are simply ignored.  All this subject to the usual precedence
and weight rules.

So the text (which I just noticed contains one "n" too many in
"connnection"):

   For each SRV target server connnection endpoint, the client makes A
   and/or AAAA queries, performs DNSSEC validation on the address (A or
   AAAA) response, and continues as follows based on the results:

really means for each "in turn", and only for as many as necessary.
Though some applications might resolves them all "in parallel", in
order to avoid latency costs when otherwise the first few might
fail to resolve.

-- 
	Viktor.