Re: [DNSOP] SVCB chain lengths

Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Tue, 07 January 2020 15:06 UTC

Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D8E812003E for <dnsop@ietfa.amsl.com>; Tue, 7 Jan 2020 07:06:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRbiDYTVjlP9 for <dnsop@ietfa.amsl.com>; Tue, 7 Jan 2020 07:06:38 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4924C12001A for <dnsop@ietf.org>; Tue, 7 Jan 2020 07:06:38 -0800 (PST)
Received: from [IPv6:2001:1488:fffe:6:14cb:602c:c9a9:777c] (unknown [IPv6:2001:1488:fffe:6:14cb:602c:c9a9:777c]) by mail.nic.cz (Postfix) with ESMTPSA id 12B82140CDF for <dnsop@ietf.org>; Tue, 7 Jan 2020 16:06:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1578409596; bh=ga7lvxhLozz3ND7av9fxaEDe/VAGgC+qiSNNT7rKPQ8=; h=To:From:Date; b=SkgyiooUV3nNWi01PcMCmCdRZIKhDZmbFBt3FgKA7wBbzhsN3e+pEC+iBA8K+Tubo /gZmM0ciWCfdrkEOYSPbux/LmYmspWMJrFaqYF4Z8mYQCLFdxJA5TlMFPZZSJPenOj poRPhfh71hArvdOnLMgNJq9bPsw/AGACj8FwcgBk=
To: dnsop <dnsop@ietf.org>
References: <CAMOjQcGP3=+_fb9pt3dvF27kR1ENH+=2L28EDNPQU6JF8zkrzQ@mail.gmail.com> <CAH1iCirdFrT_v-FBqaC=WUfaY52DyeYLh5VWbeVsw2YwscDCpA@mail.gmail.com> <CAHbrMsBAmQU-xduT3E4_sHaqrpsdZ_YfdEtgoNB4kti4jDCvdQ@mail.gmail.com> <CAH1iCip0iY8Mt8=HC0-V8jF=D=BGcs54xUMu4Rkbe47FFxGyuA@mail.gmail.com> <CAMOjQcG2YOBa1X7ZqAUpDG0Cwr+nOzmy-bKJmbqaQEqrcTOCAQ@mail.gmail.com>
From: =?UTF-8?B?VmxhZGltw61yIMSMdW7DoXQ=?= <vladimir.cunat+ietf@nic.cz>
Message-ID: <8ab75c7a-cbef-ab5c-1c2b-2419646c050e@nic.cz>
Date: Tue, 7 Jan 2020 16:08:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0
MIME-Version: 1.0
In-Reply-To: <CAMOjQcG2YOBa1X7ZqAUpDG0Cwr+nOzmy-bKJmbqaQEqrcTOCAQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.101.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/3RrEwi9h7LJbdHLorGHa1TaPKMo>
Subject: Re: [DNSOP] SVCB chain lengths
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 15:06:40 -0000

On 12/23/19 9:22 PM, Eric Orth wrote:
> 2) Any chain limiting enforcement only applies to stubs following
> chains, not recursives.
>
> Recursives are already following CNAMEs without a standardized limit.
> [...]

(I'm a bit late, I'm sorry.)  Recursives *in practice* seem quite
limited.  Unbound has limit of 10, for BIND it's less than 20, I think. 
OK, for SVCB the suggested limits so far were lower than 10 (or
unspecified/unlimited).  This is one of the cases where it seems quite
difficult to agree to standardize a particular number, even though
"unlimited" doesn't make any sense, and we end up in a fuzzy state where
no particular guarantees get standardized (or followed).

--Vladimir