Re: [DNSOP] A conversational description of sentinel.
Geoff Huston <gih@apnic.net> Thu, 01 February 2018 20:21 UTC
Return-Path: <gih@apnic.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099851276AF for <dnsop@ietfa.amsl.com>; Thu, 1 Feb 2018 12:21:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5WHrNsZPCpN for <dnsop@ietfa.amsl.com>; Thu, 1 Feb 2018 12:21:07 -0800 (PST)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0085.outbound.protection.outlook.com [104.47.125.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60F52127775 for <dnsop@ietf.org>; Thu, 1 Feb 2018 12:21:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vRuZ5u/JdD6pl440S5NeK6+lQ1qIgxO5GMn4A+NGBVY=; b=GpgGPuD5SMYYdhGpjqnAQZxaY03yDJE7RdKxuQh39b7se40DzNTfGkBVI414YMx1GdL92DbwcpoEV48Cn7GnRLAVb1xR7MNA8uOzBzgBr+YgCGT9bbIyCQyqc2A0af2PmN9gUaF6TT+fYTFs9eERWob7rjJSgcgdjwUur8PWEqw=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from 2001-44b8-1121-1a00-d870-7286-5d8d-19af.static.ipv6.internode.on.net (2001:44b8:1121:1a00:d870:7286:5d8d:19af) by SG2PR04MB0694.apcprd04.prod.outlook.com (2a01:111:e400:520a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Thu, 1 Feb 2018 20:21:00 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <FDCED4D6-A7CE-465B-8344-CA89753ADF19@vpnc.org>
Date: Fri, 02 Feb 2018 07:20:45 +1100
Cc: Warren Kumari <warren@kumari.net>, Tony Finch <dot@dotat.at>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <74C0CA59-6D53-4A60-ACBA-4AF5B51FE3FF@apnic.net>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com> <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk> <CAHw9_iJ-gwC1ZoWQ3YiJraD3eoUf-9-Ay--rPYzy1zWYUzvYmg@mail.gmail.com> <FDCED4D6-A7CE-465B-8344-CA89753ADF19@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3445.5.20)
X-Originating-IP: [2001:44b8:1121:1a00:d870:7286:5d8d:19af]
X-ClientProxiedBy: SG2PR04CA0140.apcprd04.prod.outlook.com (2603:1096:3:16::24) To SG2PR04MB0694.apcprd04.prod.outlook.com (2a01:111:e400:520a::20)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0e1d13cf-1f11-4199-9ab8-08d569b15097
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SG2PR04MB0694;
X-Microsoft-Exchange-Diagnostics: 1; SG2PR04MB0694; 3:hLbM+i97eXl0gB0RRMEss9P1D3O2ytVi+erxi4hKPrE4x5VeMxUN8kF65gWs+gs6PBS4SeOAEFjah5OhZo43cdkD8syzMaRCiHeEHTkRffeiOqcKGUynR2FN5TRMl97QgqkRZ0xddU35Xvx+h4T6QevyEr481Z4fTLqR7xAvu+Salrw/WP/ql2fNWCAYvW6GBFkPdaqXNPK823+a69l2L51j0CDx7AX8r6tzzBuEruLx2iDCBC5StaM1EOpOKonq; 25:PNc64c6UIRwFQ14wJbxm4o+Cxcz91tHii96NfSuKzn/b6nrULCPNvv4eoOWJ/1iSpIvxFk6fMyg6hU/qSeWk4AthvzD8JlCCtNAZq5C5MSFNa3DFwLkAVg5DT6tkS620GL9coZMi+9Lrlm2PFm921hdM7VvShMoZqfpEchrOY/LGRvdN3hauFx97m9t+xhgqbtNXIjDeuFu6YneTuepJqxyhWHCqMHidGo09EI28n405+3cNBHuIzSFX+zLbDeXDbE1TgYVKzjc9P4vxiHSN601McuyQb3Up1m99ZPi16tgW0O2U3Xjy3Pc1DMY8pfGXlT/9HygWBanXAOBDQ9Q/hg==; 31:LoojdIdQhmiQnpAqRs0BKirPTt0nBkpmhAGdljuGOoWIf/UbMv62GgEsrgKbgMkLgra0TrjljoU2r0Hl8ONd1s2pNVK2Ok6tgfNwk43ts6zwIiFu5LNvTRysW7K54JKSz8e3CGO2Wq2mRO0jz3fTyBicX86XamVZrwQ/ULu6ugU8Bf+WUH+KK+s4uei+KkzywqLUa25EXVdQQcdNBtFS05MhU9n49mPvo+7xN4xIjoc=
X-MS-TrafficTypeDiagnostic: SG2PR04MB0694:
X-Microsoft-Antispam-PRVS: <SG2PR04MB0694DE00E43FACA52AD30ADFB8FA0@SG2PR04MB0694.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(150554046322364);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(2400082)(944501161)(3002001)(93006095)(93001095)(6041288)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:SG2PR04MB0694; BCL:0; PCL:0; RULEID:; SRVR:SG2PR04MB0694;
X-Microsoft-Exchange-Diagnostics: 1; SG2PR04MB0694; 4:7oQOeZPm6vHUxDYGip5yWae2cD3Hf9kye6m50GK/D144PN/2CiPwq2i6+TW0QBc48khB0n18+IAzSPQf9wHOvw2bv2JJfGZP3d+uA9LqUAUeF/NMDSKM4BZRjeCLISeUYRtqf/986ZACiyqT498sC5d7QqGvCbxA2gwCKyS6n0tf2XVSK7TbRRsVbq0m99I5ryXN7yofQtNiFYW7Kr/iHpQ4ET1P9OnXtQ4VnjRT2xZXgwWL55QNc6Caab5nmFm3J9e2aWwg/8ISWZ/rsxM/m3V6YQoRKgP9pP01D4fDvdVvGbwQz2Fv7PWel0njHJ8nS3qUHyzdnbgdpVoRoEmVmNTI6yMd8EGavZUFsfMlpLI=
X-Forefront-PRVS: 0570F1F193
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(39380400002)(376002)(39840400004)(199004)(189003)(23676004)(6246003)(50466002)(47776003)(2950100002)(2486003)(52116002)(83716003)(6666003)(316002)(106356001)(52396003)(105586002)(229853002)(5660300001)(8676002)(81166006)(50226002)(81156014)(6916009)(54906003)(478600001)(86362001)(8746002)(16526019)(8936002)(52146003)(186003)(6116002)(53936002)(6486002)(82746002)(76176011)(68736007)(4326008)(7736002)(97736004)(53546011)(25786009)(305945005)(33656002)(6506007)(386003)(2906002)(57306001)(36756003)(93886005)(6512007)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:SG2PR04MB0694; H:2001-44b8-1121-1a00-d870-7286-5d8d-19af.static.ipv6.internode.on.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;SG2PR04MB0694;23:6Wm6Rvm7yHCyO4BjBoqexsWZY8tQBzm43/1DNqIB1f/zXAFId6gaqdZFRHriiDOv3SSBR3QbBklsGWA+TrFmEaFxEoKIQE8+u6CwzHeCldhOqsY5bhp/zEQvJoriPM71E3ctKXHVkcTnYhoSgoQ6/NbOcZOWzmGT12I//XywhuAVGc3KhTX59zhRM3ycVCozb+9hFJDKggLtdYpiOfYCSSB6oEWMCAbJM72hIuZimtiXGzkYY6eu9iN/zDnYYdTFdf/1/fmUxii4sIgYFEERS7gh5hO8VgjMEvMZ9lER6gaYpP+gn0eNBVg7vGGV2/pJeCzP5hca/AsDAjrtnPX/8ZYyWcHKM1NaqrRC7wI2J1q74FG5GQTFJrMub7m651A8wKI9A04ligYDT+Oj4aZua+hpK5cvpLHSsvKwqBxJwQ1dZ0o+FhLFd3QhMVt9Pq5jFstbPjLX1kpGZxeALii0dXs9LRRNzwl5LAFYfhYfnRr8HL77CkX+bIjL7AzPC919cUYV9A9aEa2NFs46O6pTLX8snHxvbKreW0OSamqSVpZPGRkODkDajjorgHPTB80BVFrJWNGqVSZpgiU34RtBivQ0lkwW1b5dcTP6/xwpG0Z0rgXjT48hvFPseH4C7gyf0iCdDXgfMBtrN52RAOP32TpzGweMfYwbb04mtV6QRGUEl3Zu624M7HEpmOx5vAGSYgOldtMZgWpFng3MJAhQ8j02d+xyS3jUtD8DYjjRiLaRBIDe4vRNCU9GPHZdLLLvhvWa5SQPoNKXr7/2OtaMde+JPB+uKiQxvgNsOJ0SmARNhYzhrVDSma3DbzzIcISOVd1d9MbZ/8TPJ4lxNYhT3CdUcpUPxYW3dGbVG/Zgtc0Hu5UAjmQGQAOoOsl/JQ4HLAa8pSQ0r1nZ4a+F467Ra+HlV1/x/JEDcB96ky/3tnxxAf4QZ/+1dxldhdwmtc6uelCtAY3mZdUwBGub8fOvIusag5OkhIhI9raPAgQV4rT9RPaDCMrhvy38CGi7ZZVZ89kyqZvt7ait9Bjz/G6z2vuW5HTWYTASLPoqX3NhaORfx7EvXYqeFAx2z4IZUhj74CcWBsGYumnfWhhPrkg0VuRJztp879xSEuc5mzKLPPO1nT7yRljfIdPJjpUafCyd396f2wl43jwwXW5ODqDFUWGTPqn74JCNgMrGDd7IJXMZF2ahSUP7CkB2N/0+L2tvj9Dd/BLrmj+tzduBBGQibLHSfpmoN9kjbBAQ0fiUtlcjorrijfwcq6bq0mgFiNZuTa1Hr6NAl73RYfKIYsI+uw==
X-Microsoft-Exchange-Diagnostics: 1; SG2PR04MB0694; 6:f2VdFgVvAZDXHS/l82uvrSyGurk+ybpQwUQ0+FJzJgwaBGNijtI5MqLERDDfyRKYtFPSIUdxy9rIXq51WeEJFxj3VHiUnw7m96NuhWx4oeZ4OIn3qMzslhwkk1jQnBVizW5v4G9r0q0+EHUOTjnKQ9ZHprTKqDAatKibXx0np6FTwcSQxyaq2QKaaDZeeU0CynuGYf8mttD+Y56dpBa0lXyoOVIRSoGfSc0TT6P6493AXiUE1Q/ETuEIEaA2woGcLyK2JLFw3Z4LUU5Uas/INfUVTOnD6u/cUZBMqVB3weK9qI2KSD28kPMKeuY6YKhrxSNTo0mvlkmjmMeioE0eT5/uZcF9oegImNrhas0ES/8=; 5:HOnIxt581J4yoAwNT5oaANSFaQfn/uzF4DXgTBNRpEwvhIABg4wjWukYuYuCXIh8yzyA02jAkrafjmeYO6fojTlSqIXUFi/0c/27FrwOtkFFTHts1CVyeiOjB/gXEnqlUfZN5aQKaXpHiwUwl6wfOvvsrjHhICjbXKOmEOh8X0k=; 24:i1/0fzY0cTt7ZqfljBEiJ7om0xQg6phO1LolF3XDCII9zNeayGNtlP+C7wdOX9/mZeTSCuWO3trTKo5f9OqhsGdJzZO+Ze5SHKz7OZ2GfXg=; 7:cKoDHBH6yqY15CtcB/wpx5Ia6FQzfDw6m2MBKhHQ3J9RHsV8+PDW/trszYyVjU2UoUISIVe2ME0c02huizfgKcnfcv6YVegK9PBzb7Yy749/55naneoA8czJN9+oJLUDLjZezDHaFJlh81Ra+KnGKkKsN7iFVE+NC4Ltdi3uU48Ui5SVWIt/iW5FogizV9nuX8VHRpO7rTCAtWUqAkYtI9t/yrHTz7LjotNhj78uvYzJ4+6zPECQu/Rnd3r6C08F
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Feb 2018 20:21:00.1907 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e1d13cf-1f11-4199-9ab8-08d569b15097
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB0694
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EQmetfB6GTj6OfN2qZXVkgRvQ7s>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 20:21:11 -0000
> On 26 Jan 2018, at 3:17 am, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > > On 25 Jan 2018, at 7:36, Warren Kumari wrote: > >> On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch <dot@dotat.at> wrote: >>> Isn't this going to cause problems with software that checks hostname >>> syntax? > > Yes. However, that software will only be on the authoritative server side, yes? If you're a researcher who wants to run a sentinel test, you can use authoritative server software that doesn't block that. For example, I'm pretty sure Geoff's software either does not block that or could be tweaked easily to not block. > >>> Wouldn't it be better to use something like a double hyphen to avoid >>> collisions? >> >> Possibly, or using CNAMES. I (personally) liked the underscores as it >> separated this from the rest of the namespace, but the double hyphen >> also sounds like an interesting idea. >> What does the WG think? > > Sentinel would be the first example of label-based special cases in resolver software. The special-case labels can be anything that would not ordinarily appear at the left. Using dcyen28c5wxcf95fcsxceexwwe1z-ta-12345.example.com works just as well, and would probably cause fewer implementers to make bad assumptions about the future. Underscores are already used for preventing those assumptions, but any unused string works. the draft’s authors have discussed this, and it appears prudent to stick to the hostname syntax for this label. What about if the sentinel spec proposes to use a left-most label of the form(s): xm—-is-ta-[key] and xm—-not-ta-[key] would this form of hostname be a reasonable way forward? Geoff
- [DNSOP] A conversational description of sentinel. Warren Kumari
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… william manning
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Ralph Dolmans
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Andrew Sullivan
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Vixie
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Mark Andrews
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Vladimír Čunát
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Patrick Mevzek
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… joel jaeggli
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Benno Overeinder
- Re: [DNSOP] A conversational description of senti… Bob Harold
- Re: [DNSOP] A conversational description of senti… Matt Larson
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- [DNSOP] Risk of using underscores for sentinel (W… Stephane Bortzmeyer
- Re: [DNSOP] Risk of using underscores for sentine… Vladimír Čunát