Re: [dnsext] WGLC ENDS0-bis

Ray Bellis <> Thu, 12 May 2011 15:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D109CE0671 for <>; Thu, 12 May 2011 08:19:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1+8poDNuOEzD for <>; Thu, 12 May 2011 08:19:15 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 73B9613000A for <>; Thu, 12 May 2011 08:19:13 -0700 (PDT)
DomainKey-Signature:;; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:From:To:CC:Subject: Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:Content-Type: Content-ID:Content-Transfer-Encoding:MIME-Version; b=K2zlCS/yYUgDvH86uXN8RDzU5ltaBjD5eQcp0CTH851869VfqwtsaqqO SnCZE4yNlhUgqICsuiSMSvJ6BiuOSrUACnaplVwvL/GoQJAjvIe1wVS1b mJGwsZZTfxuYKxK;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=main.dkim.nominet.selector; t=1305213555; x=1336749555; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray=20Bellis=20<> |Subject:=20Re:=20[dnsext]=20WGLC=20ENDS0-bis|Date:=20Thu ,=2012=20May=202011=2015:19:10=20+0000|Message-ID:=20<586>|To:=20E dward=20Lewis=20<>|CC:=20"<dnsext@iet>"=20<>|MIME-Version:=201.0 |Content-Transfer-Encoding:=20quoted-printable |Content-ID:=20<3722738d-0ff2-4376-ab1b-c9ba40cf7401> |In-Reply-To:=20<a06240800c9ef2d544226@[]> |References:=20<>=0D=0A=20<a0624 0800c9ef2d544226@[]>; bh=3mgb3szL+QhmAhtSwwWSHaktS0xxZqpoyP1KjGSWbJE=; b=QlvEnJ0LxpdvE4sP53mDu0r/zPn0nrMCApFAuSFcS8kgGQXzo1vBLGc7 zCetUYjcTVjhkAfNlDc12uYUrcQ3+/WljpwVCPAj4lPLSuhqiGMYy5NYq AcjG1GFPcamFY+a;
X-IronPort-AV: E=Sophos;i="4.64,358,1301871600"; d="scan'208";a="32844370"
Received: from ([]) by with ESMTP; 12 May 2011 16:19:11 +0100
Received: from ([fe80::1593:1394:a91f:8f5f]) by ([fe80::7577:eaca:5241:25d4%19]) with mapi; Thu, 12 May 2011 16:19:11 +0100
From: Ray Bellis <>
To: Edward Lewis <>
Thread-Topic: [dnsext] WGLC ENDS0-bis
Thread-Index: AQHMDyb+Gzq+bz2At0ay29t0H2UOiJSGXeaAgALi6wA=
Date: Thu, 12 May 2011 15:19:10 +0000
Message-ID: <>
References: <> <a06240800c9ef2d544226@[]>
In-Reply-To: <a06240800c9ef2d544226@[]>
Accept-Language: en-GB, en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3722738d-0ff2-4376-ab1b-c9ba40cf7401>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<>" <>
Subject: Re: [dnsext] WGLC ENDS0-bis
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 May 2011 15:19:19 -0000


Taking two of your paragraphs that I believe are related:

> # 6.8.  Middleware Boxes
> This section is a problem.  Middleware boxes aren't well defined (yes, there is the parenthetical list of examples), lacking references to documents that provide definitions here.  Going beyond that I don't know what this document is trying to impart.  Are these requirements on non-DNS processes that are acting as stateful proxies for DNS messages in dealing with EDNS0 records?

I believe the intent of 6.8 is to reflect 5625, where I put in text along the lines of "if you're trying to be transparent, make sure you don't strip the EDNS0 options".

Hence it's a "get out" for the generally accepted principle that EDNS0 is "hop by hop", for those cases where the middlebox is intended to be an "invisible" hop.

> Missing material
> Item 8
> I think the point that EDNS0 is a hop-by-hop marshaller of parameters, and not an end-to-end signalling mechanism is not clear enough.  I don't think the architectural placement of EDNS0 is clear described.  This should be in the introductory material.

However as you say I think the hop-by-hop principle does need more text - in fact I couldn't find any text in either this document or its predecessor that was explicit about this, despite it being well understood amongst DNS protocol geeks.

This came up when I was reviewing draft-kaplan-dnsext-enum-sip-source-ref-opt-code for the Independent Submissions Editor, and it's relevant to draft-crocker-dnssec-algo-signal too.

In both cases I wanted to cite the hop-by-hop principle but couldn't find relevant chapter and verse to back it up.

kind regards,