IETF Logo Mail Archive

Re: [dns-privacy] [Ext] next steps for draft-opportunistic-adotq

Ben Schwartz <bemasc@google.com> Tue, 23 March 2021 21:16 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E59B3A16B7 for <dns-privacy@ietfa.amsl.com>; Tue, 23 Mar 2021 14:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UpkvryyyuJUu for <dns-privacy@ietfa.amsl.com>; Tue, 23 Mar 2021 14:16:32 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56F4D3A16B3 for <dns-privacy@ietf.org>; Tue, 23 Mar 2021 14:16:32 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id t5-20020a1c77050000b029010e62cea9deso122539wmi.0 for <dns-privacy@ietf.org>; Tue, 23 Mar 2021 14:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BpWyG91lXJlNrJ+P0xKsEiIbT6WaURuF9W7pQ9BIcxM=; b=goGXx8KjyJtn7/EgMVyVjFbz4zhNGwWB490g/37IsteiQkwqLE379f3E96F626uKoL CTEiQI3UAygK9wSGH02VvjwBARe2M4OnvjW8H+R4riWb5xaQN0lja7PxiMM/c9vLO6JE cm8BD7B4nPJeMQ/ZOu9XDTFTUCPfqkli30nG5vm6HtGmElqmEj7P5v6X/zyN4hWfT9PJ fNnvsh/tVh0H6ImKyzmfElD+4sWzuYTmHtw2B4Poyhg0UIWqJsphfnkOcTuJ8t3afz/P SzzUCypp9FabAsNXgZ+fNUKwGJd+CCcngxE+hsZm8kvgytRer0iMvOy0jlLpEhFQwHOD jvVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BpWyG91lXJlNrJ+P0xKsEiIbT6WaURuF9W7pQ9BIcxM=; b=KgaDEi7859w7o5c6YlXK1TU3AHgMNX9XikezXKALOzUAzHIawDoUEdeswozY4/5PJ7 Hi/dW+j7WmSxLHS1KObluCpX9mD+MTiO5bBFf06Qee9JGm3opolSS4DanX387X8PA+Pq 5xFB9oLDoGgWGugt+UKUCgUcP+h+gc6U1nfn3BVyLlT6/I6Zq6cZ/wDEfVaZRrodewYZ 84eN8Ss5cFKR65zl5VcmNJrBZQbM2r1OzhzmBFOOfmipxDwUHqNixrl7MusOnXf6KZMy 0OZ75N4wPwa5gAfj8G8Eg0EDr1dRIbBL1a+FYmUN65jOk+aYE+Chcqwyv/5ffv5+UL7W McRQ==
X-Gm-Message-State: AOAM532S2+KfZ1eEwenZ4oZbqk5ejfckdLwwWwAq0+WIqEHVkoDA6umh 2qhgDu3CKAlY1Coh8KxU8tiMKkYgHGcn0jTYhSnxNB13075d4Q==
X-Google-Smtp-Source: ABdhPJyKbeM1G/TPgOoCoX/U/ul8JYmt94x/W2VH46/CpVWXWcbDUtS2kk6TphGEgg9KlRzPCyRbwGK4td635D//DB4=
X-Received: by 2002:a1c:1f4a:: with SMTP id f71mr5027083wmf.101.1616534189152; Tue, 23 Mar 2021 14:16:29 -0700 (PDT)
MIME-Version: 1.0
References: <2ba5ac12c24eaee4c51de2cd2c1693e9bd1fd8b2.camel@powerdns.com> <4bc96140-454e-0746-83b3-bb1331cf7cce@cs.tcd.ie> <ADB00FD5-A6EA-4D05-84E8-A44A2E40BE7C@icann.org> <8363070a-8fc5-2d20-a9aa-45673d1515ac@innovationslab.net> <E37E7434-A557-40F2-A9FA-B647B35D1638@icann.org>
In-Reply-To: <E37E7434-A557-40F2-A9FA-B647B35D1638@icann.org>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 23 Mar 2021 17:16:17 -0400
Message-ID: <CAHbrMsAsd5J1p6oZxhuTRbpQn+DsUbMT2tzuTK72pSPMnMuwHw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: Brian Haberman <brian@innovationslab.net>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000022395f05be3ab2b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Rq8cdaIKWthpFG_WJJKjQ0Xnhe0>
Subject: Re: [dns-privacy] [Ext] next steps for draft-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 21:16:37 -0000

On Tue, Mar 23, 2021 at 10:59 AM Paul Hoffman <paul.hoffman@icann.org>
wrote:

> On Mar 23, 2021, at 7:16 AM, Brian Haberman <brian@innovationslab.net>
> wrote:
>
...

> > Is there an issue with putting SVCB info in the TLD zones? If I
> > interpret this ICANN document correctly
> > (
> https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-31jul17-en.html#exhibitA.1
> ),
> > there are strict limitations on the info that can be put in the TLD
> zones.
>
> There are currently such limitations, and only in gTLDs. If the IETF
> creates a standard that would cause zone owners to want additional record
> types in their zones, I suspect that the technical and gTLD operator
> communities will talk to ICANN about changing the contracts.
>

Paul, are you referring to the linked "Registry Agreement" or is there
another contract document?

The "Registry Agreement" says that "permissible contents" include "NS
records and in-bailiwick glue for DNS servers of registered names in the
TLD".  It seems to me that the IETF defines what constitutes "in-bailiwick
glue".  In my view, if there is an NS record for $NSNAME, and $NSNAME is
in-bailiwick, then any record under $NSNAME that is used by resolvers to
connect to the nameserver in accordance with IETF standards is in-bailiwick
glue, regardless of RR type.

In other words, this agreement seems compatible with our SVCB- and
TLSA-based designs.

Said a different way: if this WG wants to have a mechanism for
> authoritative discovery that involves adding new glue-like records in
> parent zones, it should not be constrained by current contracts that could
> be changed in the future.


I agree; I'm just wondering how sure we are that such a change is needed.

v2.23.0 | Report a Bug | By Email