Re: [DNSOP] Consensus check on underscore names and draft-ietf-dnsop-rfc7816bis

Tony Finch <dot@dotat.at> Wed, 07 July 2021 22:05 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E47903A0D6B; Wed, 7 Jul 2021 15:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmINpU87os1y; Wed, 7 Jul 2021 15:04:57 -0700 (PDT)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [131.111.8.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F6AC3A0D66; Wed, 7 Jul 2021 15:04:56 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: https://help.uis.cam.ac.uk/email-scanner-virus
Received: from [90.254.237.175] (port=49831 helo=milebook.lan) by ppsw-42.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:25) with esmtpsa (PLAIN:fanf2) (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1m1Ff3-000Ftu-8u (Exim 4.94.2) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 07 Jul 2021 23:04:53 +0100
Date: Wed, 7 Jul 2021 23:04:53 +0100
From: Tony Finch <dot@dotat.at>
To: Warren Kumari <warren@kumari.net>
cc: dnsop <dnsop@ietf.org>, DNSOP-Chairs <dnsop-chairs@ietf.org>
In-Reply-To: <CAHw9_iKhvHwUfJMOp-YhJkimmnN0f3DLbh+JWYxhCiZ9CjEEQQ@mail.gmail.com>
Message-ID: <724abc37-da6e-2e49-1e82-bb31aedeca@dotat.at>
References: <CAHw9_iKhvHwUfJMOp-YhJkimmnN0f3DLbh+JWYxhCiZ9CjEEQQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5xG-0IoVg2XEKJBnxr55SigAlZM>
Subject: Re: [DNSOP] Consensus check on underscore names and draft-ietf-dnsop-rfc7816bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 22:05:02 -0000

Warren Kumari <warren@kumari.net> wrote:
>
> Viktor is suggesting that QNAME Minimization should be stopped when
> you run into an underscore ("_") label, instead of this being worded
> as a potential, optional mechanism.

This sounds sensible to me.

We have some _underscore delegations, because our VOIP phone setup
requires distinct internal and external views, and our main zones don't
support views. But, as in most of the other cases mentioned in this
thread, it isn't a privacy-relevant delegation point: there are only one
or two predictable SRV records in each delegated _underscore zone.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  https://dotat.at/
Southeast Fitzroy: Northwesterly 3 to 5, occasionally 6 later in
south. Moderate, occasionally rough at first in far north. Showers.
Good, occasionally moderate.