Re: [DNSOP] A conversational description of sentinel.

Geoff Huston <gih@apnic.net> Sun, 04 February 2018 23:05 UTC

Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 917B3126C0F for <dnsop@ietfa.amsl.com>; Sun, 4 Feb 2018 15:05:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZY8r5SckZ6DE for <dnsop@ietfa.amsl.com>; Sun, 4 Feb 2018 15:05:32 -0800 (PST)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0052.outbound.protection.outlook.com [104.47.126.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29C54120725 for <dnsop@ietf.org>; Sun, 4 Feb 2018 15:05:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OwIJXlnkLfFMY6tolR8W5hQxsrMJTv8yyyiih5DRRF0=; b=FrXtzNXKEpepZcfTlaZfx0WWYrp42aYYx/mo0TpY1bReJaHNWPQ/H3je5F/nEaT9R0rVVSVZfhFNxLiruOxSzT33M4dCwG3OmGU2tx3tdQJTBeCbJi0JbdlX2ytQMKeTJNIxQg+O/kzQCH1Jm+u7EKQ6350uY8kzHQiRnkEbrP0=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from [IPv6:2001:388:1000:110:1dc0:3423:534b:6fa3] (2001:388:1000:110:1dc0:3423:534b:6fa3) by SIXPR04MB0699.apcprd04.prod.outlook.com (2a01:111:e400:51ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.11; Sun, 4 Feb 2018 23:05:28 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <f9861a96-a930-bd08-7cf5-5c6b003f706e@nic.cz>
Date: Mon, 05 Feb 2018 10:05:15 +1100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <24C74B01-FC08-41CD-BB16-FD122F9EB61A@apnic.net>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com> <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk> <CAHw9_iJ-gwC1ZoWQ3YiJraD3eoUf-9-Ay--rPYzy1zWYUzvYmg@mail.gmail.com> <FDCED4D6-A7CE-465B-8344-CA89753ADF19@vpnc.org> <74C0CA59-6D53-4A60-ACBA-4AF5B51FE3FF@apnic.net> <D5D013D4-1EAD-434B-863A-29CB1BBEF4E4@vpnc.org> <496EFA88-BA70-460B-BFB2-69B2C7BC905D@apnic.net> <4540A279-4A37-4245-AE61-BEE5342E3F72@vpnc.org> <20180202075530.Horde.UWaxe9eenZ7PyxWYFHCFGdN@andreasschulze.de> <e8ac7bd0-26e6-cf97-e2ef-0ead50dc18ce@nic.cz> <88E7D27C-048E-44CB-B317-C892EA603D31@isc.org> <0c2a4a38-49d7-2b46-1ac8-1dda0812e217@nic.cz> <CAHw9_iJ6yL12OaGW5+fm8M3YUkrj46CvC2-ob7Xrc5HEaA_Z1Q@mail.gmail.com> <f9861a96-a930-bd08-7cf5-5c6b003f706e@nic.cz>
To: Petr Špaček <petr.spacek@nic.cz>
X-Mailer: Apple Mail (2.3445.5.20)
X-Originating-IP: [2001:388:1000:110:1dc0:3423:534b:6fa3]
X-ClientProxiedBy: HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) To SIXPR04MB0699.apcprd04.prod.outlook.com (2a01:111:e400:51ed::15)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4093e399-24d1-4dda-5ad7-08d56c23c909
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SIXPR04MB0699;
X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0699; 3:tCfn2O7VFe9DcDVqXxn+e8guUD8FcQq0549QkvTqD9L/q98r7wYCpSdBPR+KzuSQHtXrObRDH2L+7RNkM0fulvCRlVdVQkt66nlaVJbmBLEkfQ8eDPnapat/1XVu6KQZVY0s1/kWsnx24ut6ci3Fgl0mbXO8I2L/SA8WyMnCNajAbP7W1HwS8eA4CPhzzgitz7TjFbEyCeuHEUzMtDbYkkqsmhUrF12O6fMeQzcb5PJ9qJkM32DfNLWYHToIffaY; 25:LLSdPNDg3bsX3BVbT1eKVx29cheRYBp8xpCCqON1AJPDvCOf/ntH8RrL7TCqedqS25PlJayG6CAoRQ6mPIO6/gXE4TbqG0ZA2AmpGbPbcrQiPFg+yBOrKulHv1FMudpg27uyXJMCKvFmm+dIZ46HV4lsGZ1Vqs21H0n/N8aJpOKPN5kSDKSF17+CM0H3dOMO551VPKYG93C9HhANt4Tx2bW1pThhOeAI1g+ic3SWYuf5KFuApUuyCTRznxMHlx13xLpp0xhcki4uTEmDzJnoF6O2gsSmDuIiZO3TBrQ/kf7QSpmP+rbykRXhyax0ZVmtIaVejNfgNM0juhforZA6pA==; 31:suvKjWz3gQbgJQLKb14zbEh8i3D6Ex61FsNTPVpPEmMj0z2ET0K6pviT2MZt4+2Y9zYiLcHuxb38YSu/21JwGUZr40/iLMkvxnKrKUfuok2osv6XJTQp/009F2BqAwn+NZnFRdvrImbP2zro2TfNHjKe/cEAh9N9tV8YjIh/TZI5Rg5A0hYgzEx0cepXwNNDA+Q9FbJYneOmaaMZ/iPEqb7bQxYXITiEtQ/Xb2a+OC4=
X-MS-TrafficTypeDiagnostic: SIXPR04MB0699:
X-Microsoft-Antispam-PRVS: <SIXPR04MB0699C0CA0871B02C40D062C2B8FF0@SIXPR04MB0699.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231101)(2400082)(944501161)(3002001)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:SIXPR04MB0699; BCL:0; PCL:0; RULEID:; SRVR:SIXPR04MB0699;
X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0699; 4:tCmLuTU91hxtc86raHssgn0wwyBcK5kb6vbJb9GKePIFiBE5j9dJ8XokNv/vYRmO4HsETxANogyZf9WWDMKQRrvin6XUFZI28CfNlaV0ATp6KyvThjXFsCRIgBBX8gm67xJw/fpf9Ydl0Kw39HdY9Dp4r95of2rTYJUyKGNjHWFaUYzhXPDpH140UFm/7fTWCosMovin8jUKNlF4+brUCjYv7SgBHHkIqpDUp/JvDs90O/sxTYnJC7qAtzvc62L3TFk/N0U+ZcBVd4Xf3JBP3Q==
X-Forefront-PRVS: 05739BA1B5
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39830400003)(376002)(366004)(39380400002)(346002)(396003)(189003)(199004)(106356001)(16526019)(186003)(305945005)(6916009)(7736002)(6666003)(8676002)(50466002)(2950100002)(316002)(4326008)(229853002)(33656002)(53936002)(25786009)(6246003)(50226002)(81156014)(6306002)(81166006)(8746002)(6486002)(93886005)(83716003)(5660300001)(8936002)(57306001)(386003)(47776003)(52116002)(36756003)(82746002)(76176011)(97736004)(2486003)(52396003)(23676004)(52146003)(966005)(478600001)(86362001)(1706002)(68736007)(6116002)(105586002)(2906002)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:SIXPR04MB0699; H:[IPv6:2001:388:1000:110:1dc0:3423:534b:6fa3]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;SIXPR04MB0699;23:PTa6o9orP/EZj9nBvVV4wRRnR8krarNQU5uUQEkI/ISn2+0BcSJ1n3F+U8h+IospRAafhaQ4fwzWP9jzWMeZK5P3tI9mZJ7WJjs09EeCBmE/rJCjy2h2bgiNVoT4rnF+ma4oigutV8DLkzKbr3sIDqoQ5nfG7MgbD0zRaF3vtG+75cLsAS7w06GqlSaKEJALgj4fJMpfv1SKpmbU+594PvMgSq2KTNWvsk1kOXILfS91/olkTKat70ol2f+hFUkU3gZ86y2CVmIA/Zic9fENJN1YHcSl6f2AwcanaaGKXLhQZ/PoHJSVvSnQzXsc/0DOGZzb4u797YhadmHL8R/vDjT13JTOIFGLtL51MrcT7hVtKMVRcUQTfTRmqZi6ODzQmtYtKwJ1TtiAYxTGlwhPpgqV4If1hYXYfRhwMn8Lrt/XLGOmqRejH+OkkRRUepDGVj5L9gcJ0RR1VusDuT0hXJLbTTNWKz6hY6M88+XKRqtpNCxy/iA9NRSLarooAAYVqBkF+Y4zwRMEfxSy2oFQHq/4oO1nvJIpeQ+lDUnRmxoC8h6XpD6VYtkbxVQKcFcrRXlARui4U2IHR6eH56WYHBzdiLAzIxKlnI0hGWIu8cLwYGGm4S29ydaN+r8FD/ruX+4C2DIXcSH3o2UxKfPR9z6ypJXB0TYWJ403MY9usY7Psv+up5pQBvu63Rq9PrvbDqkZIF+FYn2cHWvvegYDyXX5GoCu2rxgjqW3rNw9MzEJgb8ZF8b3knotr8kFxjhByRmfeZEsOu/ycGdcXqU1VJySmtbS6Ro6iyPvqH/Vwy/2KX04+zwe2ESWsDTolrL0EC6fcCqwZKezD0g15S++6T/kSCmxC+lr3xkpsox4LmbKy4zMpUxy0GtKW96O5dVtlxlIIWuYwtLmecS+7M3kJ1BeDvKlhGg0fAq3v4kMNYB3slSmgICU/GUNZRk9SmzO6iQz7tkLcryfj3xBUzx0A11/8u2rK307AUi3bBgK6cHrcs7J3lPEkufwQtNLSR3/nl2bC281v9BykftXHZJflqDrVb2AxnCo/N69Yc5e9W4CRcKSGENMSDkn1he76aW94UrXEJAjPKehveKTAE2KDoADTaZjmvVs8BjbdCuWF2s0TtNcaJFGVD1DrBysZVXf65BM2VRe6l+X8iuS+CHvfnP+W4ZolbOY5JC8qAX0tLIvKsJyvLeQ5XTT4jvE+yv3EYjkA3zyNM9GjDyFHKUqGwu0MaXFT1kVxy5V1WtJJQKI+xEpQNjXvXLwO7Rf8OpL
X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0699; 6:kjFPFUqVojGOOC0Y1Z76+xAA5RQ7g/9OLQTwOcivHa3j0yE0+TKjzr6Ra1/aOTXBUgPGJ3BWIm6TN6JKL+YwMBauIVKUkMk8CjNJ2LXd8XJNDktOwR+uM52Z4aCaQdFlpFakjBdgdLrZixNuKijT0fTUb04E5uItDr2JZrhpCIA1LFGqJhontYOvVjkZpDjzDJOzinqAPO5jAHh8d4BA6rVMrjEi8R4TzOFL25rG9DbcNFLhD5Vs59dWgLxfbL7vTdi3T6VEy5zyjxLIN/umKD54jJu13iOT6IWNGMm+6HjeU0g9D6KzrzHnuY1O1rbGNu3ZoRj/aNXYm1YuYdJ+AECDyDFNVtEo9WZreE09uDY=; 5:XAoYVCuPEnPjf/bb3k/XEibgsaYylaLn/YKs2caLJm9xwF3H5kmwXLZJPB43t0rslR+k/KXwHXM8OWX4Xi9cngSAUbe+DxAtHcvNUmJlD89ZZAoVuuNDkZWPfL5FXTZXqhedSApvhTAEv2xvkQBnsPB/kGIahYf/IdZmLAqGpqY=; 24:Ul7URAmELda+sZCwDJAAb8FBfyx8j2fXYW57G5leLfkVC5jN3DOWefC5uWbVF+tJEYKpnd0k/cxW8idxt0P4Z/BEENFQKh4WxyEw1zHvfZo=; 7:FP1nEoVKN/W479sxHdCkNIRM+YnoH72QwgNDsHCJ1mKKvby98HB3BjvJl0dHo8JgYAC10bBtNIo72A2er/tvS352S8PVDA4edXFz9TKEKetDsRa5hTm8En+w2XPhosXaHEIjARz1A1kaD+jd1poTtmVlrXexuwzOII8UPpgewdCRDkOu/TMnpHNzWpHplsqV9M0kFIV4QJ0hATKoZrX/RODJ+aazTpu83KJlew6m+2qnp8s/6cC7atBkBpKr47t2
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2018 23:05:28.9031 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4093e399-24d1-4dda-5ad7-08d56c23c909
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SIXPR04MB0699
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2G_NvsX59twBfgDfwY9SOPWKK-U>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Feb 2018 23:05:35 -0000

> 
> Now when I see that this kind of problems is real, it is probably the
> right time to ask Geoff to use his tools and get some data from large
> scale measurement...
> 
> Underscore is now out of the question because we know about the
> Android/Chrome problem se might test alternative labels.
> 
> ??-- variant is out of question because it goest against
> https://tools.ietf.org/html/rfc5891#section-5.4
> 
> So, to have something realistic and testable, I propse to use strings:
> 
> test-name-rfcXXXX-dnssec-root-trust-anchor-key-trusted-yes-0000
> (63 octets, unlikely to colide with anything, self-explanatory)
> test-name-rfcXXXX-dnssec-root-trust-anchor-key-trusted-no-0000
> (62 octets)
> 
> Opinions?
> 
> Geoff, is it realistic to test that clients are able to resolve A
> records containing these leftmost labels?
> 


It is an interesting question, and one we should probably measure.

My outstanding question is to Paul Hoffman (and anyone else who caress):
if not  underscores and IF “xm—“ as a leading substring is not acceptable for 
some reason, then what label format would be acceptable for this 
measure?

thanks

  Geoff