Re: [DNSOP] draft-sah-resolver-information (revised)
Erik Nygren <erik+ietf@nygren.org> Thu, 23 May 2019 02:01 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FA7612004A for <dnsop@ietfa.amsl.com>; Wed, 22 May 2019 19:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXxXFyA8CvU8 for <dnsop@ietfa.amsl.com>; Wed, 22 May 2019 19:01:44 -0700 (PDT)
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD0112013F for <dnsop@ietf.org>; Wed, 22 May 2019 19:01:44 -0700 (PDT)
Received: by mail-wr1-f45.google.com with SMTP id s17so4388923wru.3 for <dnsop@ietf.org>; Wed, 22 May 2019 19:01:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q3zbcBkUxJIppOI5dJanYlCr3I2+mfP1DKcK9k6+pe4=; b=HNz3nmXB6GdKHcVIMLtF2VfndQbfD4+aWmNdm+tEOdkC+kFDld/j4EOMPXEfqOnLaP Qc1Jgbxvy/cFoRtagAZsR0jPvYAG0Xc/eLVGVbMNuic4HA54tkOrOp5rGIuJVT+kfrdv npuVgP8DFPi/K00bIgOmjPAiIX1J/iZl/gxp6cD/KeHMhiKFT97ZNNmRbF2yFHE45c99 kFGDJDVLS9tnGzFS4eu3hAZ9DndovzxmxHJxMbeNcOV6JIdZIGJUm8IefP0bTYt+bAMY CyibClzapZhWpND8GzUrUfO79+Qe2Ljav5TjWiHhby+mKr9ykB/nJMmbTbWZwqidLZ/T Bdkw==
X-Gm-Message-State: APjAAAV/B3uIo7T8Uqja8kPecEpmx7UVh41H9D5SuqaLlnbNxHQvIzId 8IsLtrfOg8WJPCE1tw3PvSYvUXjbwZfln1zxk8I=
X-Google-Smtp-Source: APXvYqz1b/OwH8s252SEA4F12uWmxMAt7ot2KISAqv0NI2PKB9uQj5DnMPr9q7m6EStFt2T3c5HVIBTjrOW8lReKRkQ=
X-Received: by 2002:a05:6000:41:: with SMTP id k1mr25547981wrx.332.1558576902549; Wed, 22 May 2019 19:01:42 -0700 (PDT)
MIME-Version: 1.0
References: <3BCCE28D-17C6-4367-A9C3-D0DCF56AB03A@icann.org> <alpine.LRH.2.21.1905151256480.22294@bofh.nohats.ca> <C3668C33-E3DB-4267-AF5B-FDC46262CC8F@icann.org> <alpine.LRH.2.21.1905152258340.18222@bofh.nohats.ca> <0F4F5B08-A81B-48D4-AAFE-F89FEE980F9A@icann.org>
In-Reply-To: <0F4F5B08-A81B-48D4-AAFE-F89FEE980F9A@icann.org>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Wed, 22 May 2019 22:01:31 -0400
Message-ID: <CAKC-DJhmQMMCRJAJTB4ZG1MmxohKS12KPXuBwwbmVXFR=ubWFQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a1b66305898476e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EoFh3W_JAXGsCgVW4YZ_1DHoIgU>
Subject: Re: [DNSOP] draft-sah-resolver-information (revised)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2019 02:01:47 -0000
Some comments:
* We should define what TLS SNI value gets sent. Perhaps the first value
of "domain-to-match" when present, but preferably the hostname of the URL
when it's not an IP?
* Should clients consider the templates list to be ordered or unordered?
We may wish to define the behavior for handling multiple entries. (A
common case might be both an IPv6 and IPv4 address. Some clients might
only have only one of those, so would need to filter appropriately, and
operators may wish to specify an ordering preference such as
IPv6-preferred.)
* It would be worth a conversation with the people working on PvD in
IntArea to see if there is some alignment (eg, in-terms of JSON practices,
and perhaps even with PvDs being able to include or reference a
resolver-information block). There might be a path here that could also
help with the split-horizon case.
* With the draft-sah-resolver-information framework, we may wish to also
have an attribute or draft for specifying the DNS64 prefix to allow
client-side DNS64 synthesis. (On the other hand, there are also drafts to
send this via an RA option as well as some other paths in-addition to other
mechanisms. So perhaps another mechanism isn't needed.)
Erik
On Wed, May 22, 2019 at 6:30 PM Paul Hoffman <paul.hoffman@icann.org> wrote:
> Greetings again. Based on the input from the DNSOP and DOH lists, we
> revised draft-sah-resolver-information. We also created a new draft,
> draft-sah-resinfo-doh, to cover the main use case we have for getting
> information from a resolver, namely to get the DoH URI template and
> authentication information.
>
> >From the mailing list traffic, it seems like some of y'all only care
> about getting resolver information from DNS (hopefully DNSSEC-signed),
> while others are fine to use HTTPS with web PKI authentication,
> particularly when DNSSEC signing is not possible. We have left both methods
> in the main draft.
>
> We encourage more input.
>
> --Paul Hoffman
>
> ======
> Title : DNS Resolver Information Self-publication
> Authors : Puneet Sood
> Roy Arends
> Paul Hoffman
> Filename : draft-sah-resolver-information-01.txt
> Pages : 9
> Date : 2019-05-22
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-sah-resolver-information/
>
> ======
> Title : DNS Resolver Information: "doh"
> Authors : Puneet Sood
> Roy Arends
> Paul Hoffman
> Filename : draft-sah-resinfo-doh-00.txt
> Pages : 5
> Date : 2019-05-22
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-sah-resinfo-doh/
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
- [DNSOP] New draft, seeking comments: draft-sah-re… Paul Hoffman
- Re: [DNSOP] New draft, seeking comments: draft-sa… Paul Wouters
- Re: [DNSOP] New draft, seeking comments: draft-sa… John Levine
- Re: [DNSOP] [Ext] New draft, seeking comments: dr… Paul Hoffman
- Re: [DNSOP] [Ext] New draft, seeking comments: dr… John Levine
- Re: [DNSOP] [Ext] New draft, seeking comments: dr… Paul Wouters
- [DNSOP] draft-sah-resolver-information (revised) Paul Hoffman
- Re: [DNSOP] draft-sah-resolver-information (revis… Erik Nygren
- Re: [DNSOP] draft-sah-resolver-information-01 and… John Levine
- Re: [DNSOP] draft-sah-resolver-information (revis… Ben Schwartz
- Re: [DNSOP] [Ext] draft-sah-resolver-information … Paul Hoffman
- Re: [DNSOP] [Ext] draft-sah-resolver-information-… Paul Hoffman
- Re: [DNSOP] [Ext] draft-sah-resolver-information-… John R Levine
- Re: [DNSOP] draft-sah-resolver-information (revis… John R. Levine
- Re: [DNSOP] draft-sah-resolver-information (revis… John Dickinson
- Re: [DNSOP] [Ext] draft-sah-resolver-information … Paul Hoffman