Re: [DNSOP] Another look - draft-ietf-dnsop-attrleaf-05.txt

Paul Vixie <paul@redbarn.org> Mon, 26 March 2018 07:08 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96BF112D7E8; Mon, 26 Mar 2018 00:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id te-2j07WX8cg; Mon, 26 Mar 2018 00:08:03 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1D612DA00; Mon, 26 Mar 2018 00:07:58 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:4ca8:bd4c:848b:7427] (unknown [IPv6:2001:559:8000:c9:4ca8:bd4c:848b:7427]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 36C457594C; Mon, 26 Mar 2018 07:07:58 +0000 (UTC)
Message-ID: <5AB89C4C.7090300@redbarn.org>
Date: Mon, 26 Mar 2018 00:07:56 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.24 (Windows/20180302)
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>
CC: "John R. Levine" <johnl@iecc.com>, Dave Crocker <dcrocker@bbiw.net>, art@ietf.org, dnsop@ietf.org
References: <f7b85bac-b050-5003-2df0-a48b1ef2f929@dcrocker.net> <e1f41670-ada8-eaac-468c-c712b338a10b@dcrocker.net> <alpine.OSX.2.21.1803201804440.8940@dhcp-8344.meeting.ietf.org> <A7711F58-5145-49E8-9158-B2F94D0EABBF@redbarn.org> <7c168dc1-2ea7-d47e-78b7-0380e5d0aa84@dcrocker.net> <alpine.OSX.2.21.1803211104210.9553@ary.local> <5244d327-f8ea-1590-c663-1d92e0b194c4@dcrocker.net> <5F44FA5B42805C52479DE491@PSB> <alpine.OSX.2.21.1803211507380.9666@dhcp-935d.meeting.ietf.org> <1DF1564CC2B88726B2B54CF4@PSB>
In-Reply-To: <1DF1564CC2B88726B2B54CF4@PSB>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CXhIVEcVelj_C2flaELkNXA2n3c>
Subject: Re: [DNSOP] Another look - draft-ietf-dnsop-attrleaf-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 07:08:05 -0000


John C Klensin wrote:
> ...
>
> Two additional, possibly more important, thoughts after reading
> -05 more closely...
>
> (1) The introductory material in the I-D seems to imply that use
> of labels styled with "_" is a reasonable alternative to
> creating a new label type.  ...

i think you mean "RRTYPE" as used below, and not "label type". we 
flirted with extended label types in the original EDNS0, but found them 
to require end-to-end scale (forklift) DNS protocol evolution which is 
impossible, rather than hop-by-hop scale (incremental) evolution which 
is all we've got left given the installed base.

> ...  My impression has been that, while there is nothing we can
> change about what is done and deployed, there has been community
> consensus that it is a bad idea and that changes have been made to
> the procedures for defining and registering new RRTYPEs to reinforce
> the principle that new RRTYPEs should be used and to make their use
> easier. "Significantly challenging over the life of the DNS" is
> undoubtedly correct, but that should not be, and presumably is not,
> the situation today or in recent years.   I believe this document
> should not be advanced until that material is changed to be clear
> that use of underscore or similar conventions may be a reality but is
> not a desirable substitute for separate RRTYPEs (with or without that
> convention as appropriate).

while i am sympathetic to this point of view, and even share it, i know 
that developers of new apps learned from the SPF RR example "never 
again" and that they can and have and will continue to create new apps 
based on TXT with or without the IETF's blessing. so i'm expecting your 
call for the stated clarification to not reach consensus in this WG.

> (2) I'd encourage people to think through another possibility. I'm
> not sure it is the right answer, but it is worth more consideration
> than this draft (at least at -05) appears to be giving it. The issues
> associated with QTYPE=ANY notwithstanding, it is not clear to me that
> the set of labels starting with "_" constitute a namespace, any more
> than the set of labels starting with "xn--" do. It is just a naming
> convention that identifies the labels as keywords with defined
> meaning. From that point of view, namespaces are actually per-RRTYPE
> and the right way to design this document would be as a registry of
> "_"-introduced keywords, with subregistries for each RRTYPE with
> which those keywords can be used. Given the way the DNS works, at
> least as I understand it, there is no DNS protocol conflict between
>       _foo IN XYZ Data1
> and
>       _foo IN ABC Data2
>
> Using the same keyword in both cases may be a bad idea but the zone
> files don't care and, given that queries are typically made for QNAME
> and QTYPE (etc.) and not the name alone (i.e., with QTYPE=ANY) except
> for other purposes, I see some advantages of [sub]registry-per-RRTYPE
> rather than pretending that every label starting with "_" is the same
> namespace. Of course, one of them is that there is no need to treat
> SRV as a special, legacy, case or even debate that. The coverage of
> the current document would be simply a subregistry for SRV
> (reorganized from the current registry, but that is simply an IANA
> organizational matter, not a change to what is registered, protocols,
> etc., plus a subregistry for RRTYPE=TXT and provisions for other
> subregistries as might be needed in the future.
>
> Organizing things that way would have at least one additional
> advantage: while FCFS may be appropriate for some RRTYPEs, other
> procedures may be appropriate for others. In a way, SRV is a good
> example of that distinction.
>
> Again, that might not be the right thing to do on balance, but I
> think it should be examined carefully as an alternative to trying to
> treat "everything starting with '_' as long as it occupies a
> particular place in the tree" as a namespace.

i have reproduced your entire second suggestion here, because i think 
it's solid. rrset atomicity means you're right, and that underbar'ed 
labels need only be unique within an RRTYPE, and any registry of such 
labels can and therefore should be per-RRTYPE.

good catch.

-- 
P Vixie