IETF Logo Mail Archive

Re: [dbound] BoF request for IETF 115

"Vixie, Paul" <upavixie@amazon.com> Fri, 23 December 2022 03:25 UTC

Return-Path: <prvs=349fe653d=upavixie@amazon.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C845C14CEE1 for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 19:25:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcS8yobsG9MF for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 19:25:35 -0800 (PST)
Received: from smtp-fw-9103.amazon.com (smtp-fw-9103.amazon.com [207.171.188.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0F5FC14F746 for <dbound@ietf.org>; Thu, 22 Dec 2022 19:25:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1671765934; x=1703301934; h=from:to:cc:date:message-id:content-id: content-transfer-encoding:mime-version:subject; bh=1Lt9IGJf5Q1vIwK0upWDhAd4LdXQYyU4YKNOZ/JKnBA=; b=jH0vKfXjzsz4OqxX8KWcujWhTkZWJzBrNP2J76UQhn87I9fGkLM3//Ih GVd6C0wdoMBpPUErDTtywIEi47Vdqe9uCqSkP/HCK9uEi+KsP1Bnttfyy T61Ea6uAOjmNTIhMktkMq6JzCR7WB1FQyNIFo9lgqIbTb0PsinhGaFF7a E=;
X-IronPort-AV: E=Sophos;i="5.96,267,1665446400"; d="scan'208";a="1086328685"
Thread-Topic: [dbound] BoF request for IETF 115
Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-d7759ebe.us-east-1.amazon.com) ([10.25.36.214]) by smtp-border-fw-9103.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Dec 2022 03:25:27 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1d-m6i4x-d7759ebe.us-east-1.amazon.com (Postfix) with ESMTPS id AC36643504; Fri, 23 Dec 2022 03:25:26 +0000 (UTC)
Received: from EX19D036UWB001.ant.amazon.com (10.13.139.133) by EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Fri, 23 Dec 2022 03:25:25 +0000
Received: from EX19D036UWB002.ant.amazon.com (10.13.139.139) by EX19D036UWB001.ant.amazon.com (10.13.139.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.20; Fri, 23 Dec 2022 03:25:25 +0000
Received: from EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6]) by EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6%4]) with mapi id 15.02.1118.020; Fri, 23 Dec 2022 03:25:25 +0000
From: "Vixie, Paul" <upavixie@amazon.com>
To: John R Levine <johnl@taugh.com>
CC: "dbound@ietf.org" <dbound@ietf.org>
Thread-Index: AQHZFn4y9q3M+uEECUOMtupIwZEADg==
Date: Fri, 23 Dec 2022 03:25:25 +0000
Message-ID: <6F8697AC-2AC9-44DB-A97C-D554195BED00@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.218.183]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B7C44113868C5942BB740FBDF04E4038@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/ECCk5YrAfsBfRYOnimnqCNZjkvw>
Subject: Re: [dbound] BoF request for IETF 115
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2022 03:25:37 -0000

See inline.

-- 
Paul Vixie
VP & Distinguished Engineer

-----Original Message-----
From: John R Levine <johnl@taugh.com>
Date: Thursday, December 22, 2022 at 19:08

    Vixie: ... This is routinely done for SPF and DMARC now.

    Levine: That is not anything like the SPF or DMARC used by the mail systems I know.  They do regular DNS lookups using well defined DNS names found in the messages they're checking.

The measure of a success for a tool is how often it gets used in ways unforeseen by its creators. SPF and DMARC have some utility in the infosec world. Queries are out of the question since a potential bad actor would be running the authority server that answered.

    Vixie: However, none of that matters, so I won't disagree on that basis. Instead I will say that not everyone wants to prefetch everything, and the requirement to do so is one of the problems with the PSL today.

    Levine: I really don't understand what point you're making here.

I accept responsibility for that. I will keep trying as long as you don't tell me I'm wasting your time.

I want to be able to fetch. I do not want to have to prefetch. The current PSL doesn't offer the access method I prefer, which I'm not complaining about, because the PSL is free and it's a huge boon to the world and always has been.

    Levine: If you need to
    be able to prefetch stuff, you need to be able to prefetch all the records
    that apply to some DNS subtree and I am reasonably sure that is not
    feasible with the wildcard hacks that Casey and I have proposed.

The need by some accessors to prefetch will never go away. Something like the existing PSL team will be needed to perform the aggregation function that makes such prefetching possible. Your (or Casey's) 2016 draft will make that aggregation easier to perform since provenence will be implicit.

The cost of prefetching the results of such aggregation will not change, because that would be hard, and nobody wants to work on it, but if somebody like that shows up, we should listen carefully, but not nec'ily derail whatever efforts are then-current.

v2.23.0 | Report a Bug | By Email