Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)

Paul Hoffman <paul.hoffman@icann.org> Tue, 27 November 2018 14:59 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64DC8130DDA; Tue, 27 Nov 2018 06:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWuPL0JkYRaB; Tue, 27 Nov 2018 06:59:56 -0800 (PST)
Received: from out.west.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67F6A1293FB; Tue, 27 Nov 2018 06:59:56 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 27 Nov 2018 06:59:53 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1367.000; Tue, 27 Nov 2018 06:59:52 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
CC: Warren Kumari <warren@kumari.net>, dnsop <dnsop@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
Thread-Index: AQHUhfXA7GXQjxhDhkmaHfo9fpkzAaVjZwEAgACVg4CAAEFegA==
Date: Tue, 27 Nov 2018 14:59:51 +0000
Message-ID: <88A3AB64-7E17-4EB8-A6FC-1D425F3F7AFF@icann.org>
References: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com> <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com> <1542811322.1310112.1584530512.0785569A@webmail.messagingengine.com> <4D2E72B7-1EEE-4BD2-8200-B688074AE5E3@sinodun.com> <CAHw9_iLuNYHHnMz_jgOA2JwTDNWUkRb9TVkT8zwKedNT9LUBmQ@mail.gmail.com> <ca821f6f-26de-f2f8-7e63-d9cb8dcfdf60@rfc-editor.org> <CAHw9_i+6MRiGOeDh5+5tVwajFhCCbgRgSnio04yqUGLbHKyHEw@mail.gmail.com> <CAHw9_iLxsEw4PQ4=Vu1ghhGGEPvS8pBuB9G7buiFMDjNB=m1cg@mail.gmail.com> <FA6BBBB2-D535-4597-8923-5307390D9462@icann.org> <CAHw9_iKEsfjpC2FzjKaaUz=oR_S9WNPNg+EuvBmi_n_CUpC8mQ@mail.gmail.com> <7E59D98E-7350-43FB-BE47-4E2691D5872F@icann.org> <1543316753.3027969.1590279856.6CEC8EC7@webmail.messagingengine.com>
In-Reply-To: <1543316753.3027969.1590279856.6CEC8EC7@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: multipart/signed; boundary="Apple-Mail=_7AB0C81A-C352-43F6-91C9-358CF4B28EFA"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EWIXujHLhgTcYpieXz5kRbnZbr8>
Subject: Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 14:59:59 -0000

On Nov 27, 2018, at 3:05 AM, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
> 
> On Tue, Nov 27, 2018, at 2:10 AM, Paul Hoffman wrote:
>>   | filter           | O | T | "tcpdump" [pcap] style filter for      |
>>   |                  |   |   | input.                                 |
>> 
>> 
>> On Nov 26, 2018, at 6:05 PM, Warren Kumari <warren@kumari.net> wrote:
>>> ... that is where we started.
>>> The concern was what happens if there are new filters added, and implementations written don't know how to deal with them.
>> 
>> New filters being added to tcpdump (or even removed) doesn't affect a C-
>> DNS application from reading or writing that field. It's just a text 
>> string. 
> 
> I think this depends on how the field is used.
> 
> If you want to write an application that validates or does something with this field, that wouldn't be true.
> If you think that writing such an application is a dumb idea, then the draft should clearly state that.

My interpretation of the spec has been all along that this field, as well as the other fields in CollectionParameters, were informational for whomever is looking at the particular capture. "Parameters relating to how data in the file was collected" seemed sufficient for that. If the authors added "These parameters are informational are only informational and cannot necessarily be validated by looking in the data captured", would that satisfy your concern?

--Paul Hoffman