Re: [dbound] BoF request for IETF 115
"Vixie, Paul" <upavixie@amazon.com> Fri, 23 December 2022 02:09 UTC
Return-Path: <prvs=349fe653d=upavixie@amazon.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAECCC14F743 for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 18:09:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.9
X-Spam-Level:
X-Spam-Status: No, score=-11.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQ8BrGsQWJVp for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 18:09:10 -0800 (PST)
Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C7DC14F741 for <dbound@ietf.org>; Thu, 22 Dec 2022 18:09:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1671761351; x=1703297351; h=from:to:cc:date:message-id:content-id: content-transfer-encoding:mime-version:subject; bh=jCewReYEu/7CaAGV9KRudHh94AijJCzNwV+srjZjolM=; b=LsGtLgDCf5+scibjP0jcd0nNqFnDT7DEXMyCESJED34RoXA5I0NUE0kt aFbARLxd8pWVb5aaHpvEPd8aI+37fOEyieeMNCLmygU+lbPF5SbPAL43O /lKka0Um/04cjP9bWrbSFl5yeWzNG9vH3adn+H3mn1L8bxdWqDwLBsTra I=;
X-IronPort-AV: E=Sophos;i="5.96,267,1665446400"; d="scan'208";a="281977374"
Thread-Topic: [dbound] BoF request for IETF 115
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-iad-1e-m6i4x-6e7a78d7.us-east-1.amazon.com) ([10.43.8.2]) by smtp-border-fw-6001.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Dec 2022 02:09:07 +0000
Received: from EX13MTAUWB002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1e-m6i4x-6e7a78d7.us-east-1.amazon.com (Postfix) with ESMTPS id A591181A52; Fri, 23 Dec 2022 02:09:06 +0000 (UTC)
Received: from EX19D036UWB003.ant.amazon.com (10.13.139.172) by EX13MTAUWB002.ant.amazon.com (10.43.161.202) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Fri, 23 Dec 2022 02:09:06 +0000
Received: from EX19D036UWB002.ant.amazon.com (10.13.139.139) by EX19D036UWB003.ant.amazon.com (10.13.139.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.20; Fri, 23 Dec 2022 02:09:05 +0000
Received: from EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6]) by EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6%4]) with mapi id 15.02.1118.020; Fri, 23 Dec 2022 02:09:05 +0000
From: "Vixie, Paul" <upavixie@amazon.com>
To: John R Levine <johnl@taugh.com>
CC: "dbound@ietf.org" <dbound@ietf.org>
Thread-Index: AQHZFnOIdfLQrndV/kK/FA7vXaeIqQ==
Date: Fri, 23 Dec 2022 02:09:05 +0000
Message-ID: <C21540C4-F3BE-4EF6-B891-BCC03F8D0E96@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.218.183]
Content-Type: text/plain; charset="utf-8"
Content-ID: <23D8FD56AFBB6A4F9217418608650FED@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/29epxPXt5NjtrmlskZmKUBbqOH0>
Subject: Re: [dbound] BoF request for IETF 115
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2022 02:09:10 -0000
See inline. (Sorry, it's Outlook.) -- Paul Vixie VP & Distinguished Engineer -----Original Message----- From: John R Levine <johnl@taugh.com> Date: Thursday, December 22, 2022 at 14:51 Vixie: ... ability to (as an example) let google.com set a cookie which would be sent to gmail.com. I agree that it's a hard problem. If someone wants to work on that problem in the IETF, I have yet to see evidence of that interest. The coalition of the willing that I hope we can isolate for this WG is narrowly just the thing Tim quoted out of the earlier charter: Tim: What appears to be needed is a mechanism to determine policy realm boundaries in the DNS. That is, given two domain names, one needs to be able to answer whether the first and the second are either within the same policy realm or have policy realms that are related in some way. John: The hard bit is to do it in a way that people are willing to use. If domain owners are willing to put a few records in the DNS and domain users are willing to do a DNS lookup or two each time they're checking a boundary, then my thing or Casey's should work. If by "it" you mean my example (google.com can set-cookie for gmail.com) then it's out of scope for the BOF and we can stop workshopping it here. Nobody so far has said they want to work on it. If someone like that shows up we can try to find them some co-authors. If by "it" you mean putting PSL-like stuff into the DNS per your (John's) 2016 draft, then I do not expect some people (like browser makers) to be "willing to use it" unless it gets aggregated. A team who wants to do what the PSL team does now can aggregate from the DNS schema that your 2016 draft (or Casey's for that matter) defines. If we want IANA (via ICANN) to operate a PSL-like aggregator we can write a second draft explaining how that should work based on querying the data that's published according to the schema of the first draft. Publication is one problem. Access is an opportunity. See for example dnsdbq (URL as previously given) where we'd like to be able to do these lookups in real time as part of doing passive DNS investigations. Another access opportunity is aggregation. Aggregation would become a second problem. If we conjoin all these problems we will get 2016-style mud. ... If you want to be able to prefetch everything, they won't. So, I could disagree. Any decent passive DNS database can "prefetch everything" even if there is no linkage in the DNS tying related records together. This is routinely done for SPF and DMARC now. However, none of that matters, so I won't disagree on that basis. Instead I will say that not everyone wants to prefetch everything, and the requirement to do so is one of the problems with the PSL today. Some of us want to fetch on demand. We can't. We are hoping to be able to fetch on demand after there is an IETF-defined DNS schema as to how to do so. Once that is done, the people who "want to be able to prefetch everything" will be able to prefetch that in a directed way ("whosoever asks a PSL-like team to prefetch their data"). In no case need the data be independently prefetchable without a priori knowledge such as a list of domains to prefetch DBOUND data from. I hope we can erase that use case from our thinking because _that_ cannot be done in a way that people will use, so it would be dooming. ... Our approach has the advantage that people publish in their own zones so there's no question whether they are authorized. If it's published somewhere else that might make the prefetching easier (put them all in one zone you can xfer) but now we need some way to check what's authorized. Like I said, it's hard. I like those words "no question whether they are authorized" and I think you could have ended your statement at that point. Nobody has said that they want to work on the other problem but if they do we can try to build a team for them. It's a separable problem so we must separate it.
- [dbound] BoF request for IETF 115 Murray S. Kucherawy
- Re: [dbound] BoF request for IETF 115 Paul Hoffman
- Re: [dbound] BoF request for IETF 115 Craig Pearce
- Re: [dbound] BoF request for IETF 115 Murray S. Kucherawy
- Re: [dbound] BoF request for IETF 115 Craig Pearce
- Re: [dbound] BoF request for IETF 115 Marc Blanchet
- Re: [dbound] BoF request for IETF 115 John Levine
- Re: [dbound] BoF request for IETF 115 Tim Wicinski
- Re: [dbound] BoF request for IETF 115 John R Levine
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 John R Levine
- Re: [dbound] BoF request for IETF 115 Tim Wicinski
- Re: [dbound] BoF request for IETF 115 John R Levine
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Tim Wicinski
- Re: [dbound] BoF request for IETF 115 Jeffrey Walton
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Tim Wicinski
- Re: [dbound] [UNVERIFIED SENDER] Re: BoF request … Vixie, Paul
- Re: [dbound] BoF request for IETF 115 John R Levine
- Re: [dbound] BoF request for IETF 115 John R Levine
- Re: [dbound] boundaries, BoF request for IETF 115 John Levine
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] [UNVERIFIED SENDER] Re: BoF request … Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Jothan Frakes
- Re: [dbound] BoF request for IETF 115 (fwd) John R Levine
- Re: [dbound] BoF request for IETF 115 (fwd) Jothan Frakes
- Re: [dbound] BoF request for IETF 115 (fwd) Tim Wicinski
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 (fwd) John R Levine
- Re: [dbound] BoF request for IETF 115 (fwd) John R Levine
- Re: [dbound] BoF request for IETF 115 (fwd) Jothan Frakes
- Re: [dbound] BoF request for IETF 115 (fwd) Tim Wicinski
- Re: [dbound] BoF request for IETF 115 Vixie, Paul
- Re: [dbound] BoF request for IETF 115 Jothan Frakes
- [dbound] Which problem do people want to solve? (… Andrew Sullivan
- Re: [dbound] Which problem do people want to solv… John Levine
- Re: [dbound] Which problem do people want to solv… Jothan Frakes
- Re: [dbound] Which problem do people want to solv… Tim Wicinski
- Re: [dbound] Which problem do people want to solv… Jothan Frakes
- Re: [dbound] Which problem do people want to solv… Chris Fredrickson
- Re: [dbound] Which problem do people want to solv… Andrew Sullivan
- Re: [dbound] Which problem do people want to solv… John Levine
- Re: [dbound] Which problem do people want to solv… Jiankang Yao
- Re: [dbound] Which problem do people want to solv… John Levine