IETF Logo Mail Archive

Re: [dnsext] Draft: RRTYPE B - Web Resource Integrity

Niall O'Reilly <niall.oreilly@ucd.ie> Thu, 16 November 2023 08:15 UTC

Return-Path: <niall.oreilly@ucd.ie>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CCEDC14CF01 for <dnsext@ietfa.amsl.com>; Thu, 16 Nov 2023 00:15:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ucd-ie.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9FnHSBjqS8B for <dnsext@ietfa.amsl.com>; Thu, 16 Nov 2023 00:15:19 -0800 (PST)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEE8FC14E513 for <dnsext@ietf.org>; Thu, 16 Nov 2023 00:15:19 -0800 (PST)
Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4083f613275so4060505e9.2 for <dnsext@ietf.org>; Thu, 16 Nov 2023 00:15:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucd-ie.20230601.gappssmtp.com; s=20230601; t=1700122518; x=1700727318; darn=ietf.org; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=PppkHcZm4uVGC1V/xQkasjW9uxmqn5/s8Jy/omPB9us=; b=wzt8qCzRjleymUBe8iv91RLhWgvY2tEQ/ZwCMpvgYiSR9QE45cBRpZHox2kswCGHJ3 zBNghmQ3zwrylieP0bHNy+z+4E+IyP4aZNYifrzuVIIQtZ2adF417aBSiRTFaY9FDlKH E6lfN1nrUANZA2Oyug2wLzQjWVT78xC5ZsPM5WDZHzqyUs+p+0bARo2SS5T0551nt3dz FqI+ehjPQsEw7Sy4kIzvHY7TALEW+QbO3Kq1SLm8CaShXSCWmvDhDcV3TNCHhOcWCu0j eqwqcJBNxmkfkLtByIDv1jUbR8S+myRGJALgT8NeIpGbQmA88KX9tv0NaWrsMcA/u50W wRYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700122518; x=1700727318; h=mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PppkHcZm4uVGC1V/xQkasjW9uxmqn5/s8Jy/omPB9us=; b=SlaplDkgMoEW6L935UnMPzCOoV8GsF8HqtqixWKkOGEf5Dvv1pewNtRTjOcdzffai+ zsUn9kR49+HMwOdFzhcH7hHbNOQrSFKADKT6o8DIstbrgAj3Rg86GtkrXpwm+F0tC7vX jbLW+Wc+tx8D/PbG2XKoWJ7wVu1SP1p6R+x9t1QoiZlHGEtC+2IGGDm2Pcoqr5hK3jWx a9p78TdhC0C/To6JiyGD0R7rt5Ku6bfuC/gikRzl/fXv4FHiwZPPOrkLhXGLW8DRLNiE okP+Vk8Cn4vod94E98nO0K3gO6qcLOD7++r5BThE7vYGoV7IhEQmbY/jqRlszvH9S31N yDRQ==
X-Gm-Message-State: AOJu0YwJADmxlkxVvCVexQC3ygDp5yfcUAeF41vXIb/rL2w2w7LdwarC v+yzjKUTmbbCZEGpPz75mY2l6g==
X-Google-Smtp-Source: AGHT+IFw11bLqkTjDQeQarMAoQ2x5iz8gt+VAH+JEkaAds3njP4aICQucs5PtNvDAJ/jBoSTE8lahw==
X-Received: by 2002:a05:600c:3595:b0:406:849f:f3cd with SMTP id p21-20020a05600c359500b00406849ff3cdmr1434255wmq.29.1700122517770; Thu, 16 Nov 2023 00:15:17 -0800 (PST)
Received: from [10.0.16.125] ([2001:bb6:5a1:3000:49e8:db47:d68f:2ea4]) by smtp.gmail.com with ESMTPSA id n33-20020a05600c3ba100b0040531f5c51asm2583754wms.5.2023.11.16.00.15.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Nov 2023 00:15:17 -0800 (PST)
From: Niall O'Reilly <niall.oreilly@ucd.ie>
X-Google-Original-From: "Niall O'Reilly" <Niall.oReilly@ucd.ie>
To: James Addison <james@reciperadar.com>
Cc: dnsext@ietf.org
Date: Thu, 16 Nov 2023 08:15:15 +0000
X-Mailer: MailMate (1.14r5937)
Message-ID: <D28C0BB5-6788-4CDA-9A7F-8BDD5C113A15@ucd.ie>
In-Reply-To: <CAF3AkiPt98c5By3M1qY=31qW4ESV9_TF7bzH+wdqz2iqzBB+6w@mail.gmail.com>
References: <CAF3AkiPt98c5By3M1qY=31qW4ESV9_TF7bzH+wdqz2iqzBB+6w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/Lpi9goJN1Pb3J9u5_LUbM_x5zI4>
Subject: Re: [dnsext] Draft: RRTYPE B - Web Resource Integrity
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 08:15:23 -0000

On 14 Nov 2023, at 17:36, James Addison wrote:

> The proposal here is to add a DNS B record type, to be used to publish
> integrity metadata for the root index URI of a website on a given
> domain record.

I wonder whether the existing HTTPS RR (RFC 9460), with an additional
SvcParam definition, wouldn't satisfy the use case.  If not, I suggest
mentioning it, and the reasons for its unsuitability, in making the case
for the proposed B RR.

HTTPS and SVCB RR types are already supported in a number of DNS codes,
and I understand that browsers (in order to support Encrypted Client Hello)
will include this support shortly.  Building on this existing work may
be advantageous.

Niall O'Reilly

Reference:

RFC 9460: https://datatracker.ietf.org/doc/html/draft-ietf-tls-wkech

v2.23.0 | Report a Bug | By Email