IETF Logo Mail Archive

Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)

Erik Nygren <erik+ietf@nygren.org> Tue, 11 October 2022 16:25 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59581C159A2E for <dnsop@ietfa.amsl.com>; Tue, 11 Oct 2022 09:25:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.405
X-Spam-Level:
X-Spam-Status: No, score=-1.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yx4RNjDP2ea1 for <dnsop@ietfa.amsl.com>; Tue, 11 Oct 2022 09:25:00 -0700 (PDT)
Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DCA8C14F724 for <dnsop@ietf.org>; Tue, 11 Oct 2022 09:25:00 -0700 (PDT)
Received: by mail-pg1-f177.google.com with SMTP id 129so13227022pgc.5 for <dnsop@ietf.org>; Tue, 11 Oct 2022 09:25:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PYi1SoutW2b+ylbDNfn/OnKhIahiAqZskNL54WArkUg=; b=fwmQ+8t79bFi+7QEJN9ZRDLlemXTU7rVg/XFaTzpYAvC2RvVNh04Ww6YrR8etuXm0V QpoZg8mkLBv10owOCaSRdDn6XT5et45AKcS8GqdF+SmN+xX5NCQlIE+nXu4jzyGkEGxz XwsBAZQSdZyTdSPB5jGiV0z3K/AK7FJ1No93ADF3QkgdUg16vudvOjNbImnCNSSxya0I Lrb9KoUuREoEd8puGkm45JUz6fbZHW/HCV/AGXzwHrMm6xgH76lzfr2k8mi+Z74ACUi+ AoX7W2TtNYgcMNZ7fVGfkBTEetHh7g/rNHyYPtxSYyGct6w0h+LNK6k1PUdWCMA/AT5i vAuQ==
X-Gm-Message-State: ACrzQf11gChmYv+K1Geh9fbEetQKZ3rZ27M8M3B4jqHPX12uCnrvwjnQ 9Daug3GSWN52MW/zCQppgwSeTDRGzAjpzrVpk/GV+SyAmZw=
X-Google-Smtp-Source: AMsMyM6ncuSkUhbIayKIAvJazebTsnYjM9s6Sg2+EPStbsXyjQzc+LlgJjtWWHI4g8139pREjRS4QsGzR+b5TOiYyzQ=
X-Received: by 2002:a63:942:0:b0:43c:428d:16a9 with SMTP id 63-20020a630942000000b0043c428d16a9mr20985100pgj.423.1665505499632; Tue, 11 Oct 2022 09:24:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAHw9_iJg7yTECPbPvSNxac21My4SqPjMjhYS4tFRWBzFmjkLjg@mail.gmail.com> <CAH1iCipoo2u2h8XtJp8iwrg-bonMC785RehC3bVzbMKaLv+Kpg@mail.gmail.com> <0203FD85-487D-4B64-88BF-818B5BE0BC70@apple.com> <CAHbrMsCZSkakKvnxTsqQ0JmywNAHwVC1DyN0aVJ72sH7fgy6pA@mail.gmail.com> <CAHw9_iLNSnwUyZomkQ49Czhk-evy1Z4LjL7CfVhP7EFvZpBh5A@mail.gmail.com> <Yxk1Iikv8XazQa7o@straasha.imrryr.org> <Yxk7ycs0274UMSSh@straasha.imrryr.org> <0A4F52A8-378F-4222-9E5A-041A82E97C79@icann.org> <CAH1iCiriUcqprYj+LJGoo40o-dRsYyGmOFU_6VWbTXBt8+xnJw@mail.gmail.com> <A222DD8A-517D-4D7C-AB8E-2EEB99FF1C7E@icann.org> <YxoLstfurrWgGZUs@straasha.imrryr.org> <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org> <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com> <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com> <CAKC-DJghdd0JOpsWerAe52P_fAn3T8bweB+kPwuL2jgw-8KhSA@mail.gmail.com>
In-Reply-To: <CAKC-DJghdd0JOpsWerAe52P_fAn3T8bweB+kPwuL2jgw-8KhSA@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Tue, 11 Oct 2022 12:24:48 -0400
Message-ID: <CAKC-DJjTdY7y4wtCUOYO+NcA9Xr750925jboSg-WW6F4Jd8Lyw@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ad5a9b05eac4b753"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5BoS7B_YC8aLcD7SQVGGqiRzXjM>
Subject: Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 16:25:04 -0000

Bringing (hopeful) closure to this thread, we've published -11:

Diff of the changes:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-svcb-https-11.txt

The only things included are the two changes agreed on in this thread.
(We did not include the "hostname" => "domain name" clarification
mentioned above as there wasn't any feedback on it, so it wasn't
clear that we had consensus from the WG and were trying to minimize the
changes
as much as possible.)

Hopefully this puts us back on track.  Thank you to Warren for guiding
us through this exception process.

Best, Erik





On Thu, Sep 29, 2022 at 9:16 AM Erik Nygren <erik+ietf@nygren.org> wrote:

> One item discussed above that the authors would like to clarify is to be
> consistent
> about whether the alternative endpoint name (TargetName) is a hostname
> or a domain name.  In all but one place in the doc we refer to it as a
> "domain name"
> but there is one reference that calls it a "hostname".
>
> In particular in these current sentences:
>
> 1) An "alternative endpoint" is a hostname, port number, and other
> associated
>
> 2) TargetName: The domain name of either the alias target (for AliasMode)
> or the alternative endpoint (for ServiceMode).
>
> 3) TargetName is a <domain-name> ({{!RFC1035, Section 5.1}}),
>
> 4) In AliasMode, the TargetName will be the name of a domain that resolves
> to SVCB,
>
> We'd like to change the first of these to be:
>
> 1) An "alternative endpoint" is a domain name, port number, and other
> associated
>
> for consistency with the rest.
>
> As this isn't explicitly covered in Warren's summary we thought it worth
> checking here as well:
> https://mailarchive.ietf.org/arch/msg/dnsop/LhEufm0a8IjoXZ_ck0b9RTSkDTc/
>
> Best, Erik
>
>
>
>
>
>
>
>
> On Mon, Sep 12, 2022 at 9:51 AM Warren Kumari <warren@kumari.net> wrote:
>
>>
>> Hi all,
>>
>> Firstly, and most importantly, thank y'all for keeping this civil,
>> friendly and productive; I really appreciate it.
>>
>> I've (informally) checked with the IESG on the proposed change in the
>> PR and also including Erik's proposed operational note ("Some
>> implementations may not allow A or AAAA records on names starting with an
>> underscore due to various interpretations of RFCs. This could be an
>> operational issue when the TargetName contains an attrleaf label, as well
>> as using an TargetName of "." when the owner name contains an attrleaf
>> label.") and everyone seems fine with it.
>>
>> So, I'm ask the authors to cut a new version with these changes in
>> (basically, accept the PR and add the proposed text) and I will then email
>> the IESG with a diff to get "official" consensus on the change.
>>
>> Dealing with process exception handling is always stressful, so thanks
>> all again for keeping this moving along nicely.
>> Also, a reminder that while we *can* make changes after approval (and
>> before RFC publication) we really really avoid doing so, and so this should
>> only happen under exceptional circumstances[0].
>>
>> W
>>
>> [0]: I'm not convinced that this situation rose to the "exceptional
>> circumstances" bar, but seeing as I'd already paused it (not knowing what
>> all the issues were) and because the changes are clarifications, I'm
>> willing to accepting it.
>>
>> On Thu, Sep 08, 2022 at 12:34 PM, Erik Nygren <erik+ietf@nygren.org>
>> wrote:
>>
>>> There seem to be two topics:
>>>
>>> 1) Victor's clarification makes sense, although the wording is a little
>>> awkward and perhaps we can improve that sentence.
>>>     The section was already implying that meaning (ie, that the fallback
>>> addition of the QNAME was for the AliasMode case)
>>>     but clarifying this in a more normative way seems worthwhile and not
>>> a technical change.
>>>     I'd propose we refine this PR and incorporate it as the "clarifying
>>> sentence" that Warren was willing to accept.
>>>
>>> 2) There is the issue of whether attrleaf labels are valid owner names
>>> for A/AAAA records.
>>>     This document does not seem like the place to land that, and it
>>> seems like it may be open for interpretation
>>>     as different implementations may have interpreted it differently.
>>> If anything, we might add a non-normative sentence like:
>>>
>>>        "Some implementations may not allow A or AAAA records on names
>>> starting with an underscore
>>>         due to various interpretations of RFCs. This could be an
>>> operational issue when the TargetName contains an attrleaf label,
>>>         as well as using an TargetName of "." when the owner name
>>> contains an attrleaf label."
>>>
>>>    This wouldn't be a normative change but just an operational warning
>>> --- would this be acceptable to include at this stage?
>>>    Further clarification of this seems worth a draft in its own right
>>> since the existing RFCs are inconsistent
>>>    on this topic and there is room for multiple interpretations, as
>>> shown in some implementations.
>>>
>>>
>>>
>>> On Thu, Sep 8, 2022 at 12:05 PM Paul Hoffman <paul.hoffman@icann.org>
>>> wrote:
>>>
>>>> On Sep 8, 2022, at 8:35 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
>>>> wrote:
>>>> > This is a bug fix, the proposed behaviour makes no sense when $QNAME
>>>> > is the unaltered (attrleaf prefixed) starting point.  The current
>>>> > meaning was not intended.  If the edit can be made without any
>>>> > major process, just a note to the RFC editor, it'll save errata,
>>>> > and possible confusion later.
>>>>
>>>> A technical change made after the IESG review requires, at a minimum,
>>>> another IESG review. The IESG could ask for another IETF review, if they
>>>> want. It's up to Warren, the responsible AD, to decide if that's "major
>>>> process".
>>>>
>>>> --Paul Hoffman
>>>>
>>>> _______________________________________________
>>>> DNSOP mailing list
>>>> DNSOP@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/dnsop
>>>>
>>>
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>>>
>>
>>

v2.23.0 | Report a Bug | By Email