Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-15.txt
Eric Orth <ericorth@google.com> Tue, 05 May 2020 22:17 UTC
Return-Path: <ericorth@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D219B3A0BEB for <dnsop@ietfa.amsl.com>; Tue, 5 May 2020 15:17:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJ7vZEpfht00 for <dnsop@ietfa.amsl.com>; Tue, 5 May 2020 15:17:30 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 569F83A0BEC for <dnsop@ietf.org>; Tue, 5 May 2020 15:17:30 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id z6so201569wml.2 for <dnsop@ietf.org>; Tue, 05 May 2020 15:17:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mxBB2CCmv/um9spAK0Ip19mWVKvIMwGZFGSHgyGLPGA=; b=el6bp83Gw+7onMLU+gf0VPDFphc+byqQJwC8a4wgZvE47+WBEQz/QIcmwUwijYZBVk ZvqmRisqrD6bxyfuE/3n/0XfZ0FEiGU5aFIaV7xMy6hOBHNCLB4NxoTOAVvZNST9j2r1 2UZF2El7RjY6FddOmHplVzHYrJwLLkODPwFnTbxYND58TywDb1kFjBkVXAhSjqwJ3Jkq z9hqmRHMS9lf0M8+LRnOsU9ixv4xTQSsuWm16Q3iQr2d+MgbbS7ZCtXQ7lxmxZe2Iho7 NDdZfewKtHekMurgaFm5KEGoLWxMntq8dcRmIPRA2j54WxicUhUzwVSjl/y4c3K9Te5z G8ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mxBB2CCmv/um9spAK0Ip19mWVKvIMwGZFGSHgyGLPGA=; b=ixmJ/w8ZxD+1rP4tTTsyF5HoI6rg8YEeFi5/yNtpE65gLmSJ67RaoL2EtA+ip0NZCo TXvu1EzoFybRQd4evJCjjRIAVodmaRRNQhNdkpaJIrX+KQgd7Gsvt2bJ3KdbhcYfrwrY QQxYyN9o5avEeabeQ5xNtTq38xMoOYqjmsC6saPE1xmmfW0HNF1BLZhKYsRRf7uPM4I1 IyX9/4HdnRts1srAb7mct7IwX6yZ8BWTETaoFSYsiGjExNf+Otc3NoTcyNsd/j5Pxm5d qbW7NZaWQ+5tmzM+BooHAgRSPRhqU0JeP316RPYFTOTslGCZHtxH5sBPILzBZm0sy9BF 8qpQ==
X-Gm-Message-State: AGi0Puai49Tp4Mq6xRAvM88FTjoFz6Q+exZAKAHGbhhC5BGlA4xC+qOL kiZIr4WWptqLPOVSPdkogsq28LFsKMesZjEKVEuYYh+G
X-Google-Smtp-Source: APiQypIcl2f2YNXDbdyQKTdC6+6TpXdamIPwOyECaqE2W32KH686DfCbqWSKhEcq0MBRU/cW4OSaHSr8dphprYLAlaU=
X-Received: by 2002:a05:600c:2c47:: with SMTP id r7mr782910wmg.50.1588717048267; Tue, 05 May 2020 15:17:28 -0700 (PDT)
MIME-Version: 1.0
References: <158775255558.2213.3792198241620384409@ietfa.amsl.com> <CAMOjQcETMEQXsHpRT1uH03_VuxD10gD7mK25+3up6VBi_gNfbQ@mail.gmail.com> <ybleeryyscz.fsf@w7.hardakers.net>
In-Reply-To: <ybleeryyscz.fsf@w7.hardakers.net>
From: Eric Orth <ericorth@google.com>
Date: Tue, 05 May 2020 18:17:17 -0400
Message-ID: <CAMOjQcH8KO3g8r7-3QWEnFg2k=PQLCpD4JQC=Qpp22KWBwKRhA@mail.gmail.com>
To: Wes Hardaker <wjhns1@hardakers.net>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004ff3af05a4ee0389"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1sniRIzIeLKAwWIwerMIFkVopRg>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-15.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 22:17:33 -0000
On Tue, May 5, 2020 at 5:39 PM Wes Hardaker <wjhns1@hardakers.net> wrote: > Eric Orth <ericorth=40google.com@dmarc.ietf.org> writes: > > > "As such, EDE content should be treated only as diagnostic information > and MUST NOT alter DNS > > protocol processing." > > > > (Sorry for not getting back and responding further on this subject in > > the previous thread.) > > And I'm sorry for delaying getting back to you about you getting back to > me about me getting... anyway. > > FYI, at least two of the authors agree with you, as resolvers are > already making decisions based on unauthenticated information (rcodes). > But this has been heavily discussed (multiple times) in the WG and the > conclusion was that EDE cannot alter processing, hence the strong > language. So in the end we didn't change the text to soften it, as it > would counter the decisions of the larger past discussions. > My counterargument is that I feel my objection is more language-based concerning ambiguity and not counter to the previous WG discussions. The general WG consensus was that EDE should be primarily for "diagnostic purposes". This draft goes beyond such consensus by banning "altering processing", a very ambiguous phrase that does not necessarily ban just non-diagnostic behavior or important decision making, as it could be debated whether clearly-WG-acceptable alterations such as altering logging counts as altering processing. I think the end result of the language as-is is that EDE receivers will either have to abandon EDE handling entirely to avoid any ambiguous potential of not being compliant with the spec, or we'll have to just willfully ignore this newly-added imperative to do whatever processing alterations we want (hopefully only for diagnostic purposes, but who knows).
- [DNSOP] I-D Action: draft-ietf-dnsop-extended-err… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended… Eric Orth
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended… Eric Orth