[DNSOP] meaning of tag "match" for CAA RDATA
神明達哉 <jinmei@wide.ad.jp> Wed, 07 February 2018 16:26 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A48312E03B for <dnsop@ietfa.amsl.com>; Wed, 7 Feb 2018 08:26:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTS3VLdKR9TT for <dnsop@ietfa.amsl.com>; Wed, 7 Feb 2018 08:26:57 -0800 (PST)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB2512D7FC for <dnsop@ietf.org>; Wed, 7 Feb 2018 08:26:56 -0800 (PST)
Received: by mail-wm0-x235.google.com with SMTP id t74so4260646wme.3 for <dnsop@ietf.org>; Wed, 07 Feb 2018 08:26:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=fgXcn2XENYthV+C72+K3EHj0ML69cvcsR+tZNoxAmWQ=; b=qB6nPPBLQkM9WuV594EPZukp2g1o2b7uJywiwkZdRFXyI2a8iwCEURva5lC5apLqak 9DmMbuyoT5b9ASWw5F1p5xeAiP6+eODs1JmtRKlPhMSZ1jQv+EK074KUYunj2DkUhCyL N64smuelekane8gMGbuQLXe4k4xEn/izb9q4+OurMAdZn4277v9Cb30+MxiW75Gok6yp HnTwFhsEZINcccgc01fBPrTGXfgxkKBTmuoH8wQGVr+JLKox7hseHG09InISta8uyNkU 4i3sh5F1IH2sIHspDq7Z+aiEjsg/l9VJVf/n7bvz7FW5g6LvIdkkeOLRkWqNV1qEcWsh r8QQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=fgXcn2XENYthV+C72+K3EHj0ML69cvcsR+tZNoxAmWQ=; b=kT695TSugICyaC+u2IUX/egscCdlqn6BY0T/Sa4VI+HOAfTTxlbddvcPIC6PeRQavO yMUYkgMC28f96laRvevDLZ5YZdUarmGTdtYLZYoBJza6f8EBEMCZK66vNleyD5uR7OqN 6IZadumD19BdQlttcDfOEgTSmnX+91q/D+AageGwRdCboCyuliqbnNUVL2537tqYat4/ 981E/uKmsxY+2g900SsRG1CcQEy7zNqlcIAqg+lZNR8ZNwolmVregTN73PZzpeDatfB/ AafPrHqjcNz6n7NfY8LgI027cmnG+eBIYMk0a+4j+4WMZoSTBJCFL8pH9jA0L1jEaroa IjeA==
X-Gm-Message-State: APf1xPC6v2EMlIOkoDiimQVupGoVvaeANwwPaOVGFY6SqS+uit45N1bn QK6TQDVD40NTlTA6cYgL+6IAL8wnWksNj15h4PK7uBPg
X-Google-Smtp-Source: AH8x22533BM7u6xRJmIBAXzzw2EmtQIDudXz2AyGMLtQiYcceSf4TWbsxUVWsiY/omZzjIPOZz+JmzO9Ry3m7ZoIxM8=
X-Received: by 10.28.128.82 with SMTP id b79mr5068993wmd.113.1518020814791; Wed, 07 Feb 2018 08:26:54 -0800 (PST)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.223.133.189 with HTTP; Wed, 7 Feb 2018 08:26:54 -0800 (PST)
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 07 Feb 2018 08:26:54 -0800
X-Google-Sender-Auth: moHduHevD7RLiMSSQA6_-WRpjcc
Message-ID: <CAJE_bqfEvy6-YovKCrtXxm81ieGPTBxpLk2NDuq115eHk3xmEg@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/A8QaI3cpzEEQ_5scEM695mZSGc8>
Subject: [DNSOP] meaning of tag "match" for CAA RDATA
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 16:26:58 -0000
I happen to have this question while reading RFC6844: what does the
"matching" mean in the following description of Section 5.1?
Tag: The property identifier, a sequence of US-ASCII characters.
Tag values MAY contain US-ASCII characters 'a' through 'z', 'A'
through 'Z', and the numbers 0 through 9. Tag values SHOULD NOT
contain any other characters. Matching of tag values is case
insensitive.
Although the boundary is not very clear, Section 5.1 generally seems
to talk about the DNS-level syntax (e.g. what should/should not appear
in wire as a DNS message or in a zone file), while Section 5.2 and
later mainly talk about the semantics at the application layer
(something that validates certificates). Since the above text is in
Section 5.1, I first thought "matching of tag values" was a DNS level
concept. But then it's not clear to me what it actually means.
Does this mean, for example, we should perform case-insensitive
comparison of this field when we compare CAA RDATAs? (If so, at least
ISC BIND 9 isn't compliant to the spec; it doesn't care about the case
of the tag field when loading or serving or updating or signing a CAA
RR).
It may also be related to Section 5.1.1, which states:
The canonical presentation format of the CAA record is:
CAA <flags> <tag> <value>
[...]
Tag: Is a non-zero sequence of US-ASCII letters and numbers in lower
case.
which might read, for example, as 'dig' should present the tag field
with lower-case letters. But 'dig' currently doesn't work that way.
Could someone more familiar with the background of CAA clarify these
points?
Thanks,
--
JINMEI, Tatuya