IETF Logo Mail Archive

Re: [DNSOP] [internet-drafts@ietf.org: New Version Notification for draft-edmonds-dnsop-capabilities-00.txt]

Mark Andrews <marka@isc.org> Mon, 03 July 2017 03:54 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3FC51294C8 for <dnsop@ietfa.amsl.com>; Sun, 2 Jul 2017 20:54:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhCkCn0EEzjM for <dnsop@ietfa.amsl.com>; Sun, 2 Jul 2017 20:54:03 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EBAB12708C for <dnsop@ietf.org>; Sun, 2 Jul 2017 20:54:03 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id EA9B124AE09; Mon, 3 Jul 2017 03:53:54 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id AD97C160041; Mon, 3 Jul 2017 03:53:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 9B0D1160051; Mon, 3 Jul 2017 03:53:58 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xnYCkee60GoZ; Mon, 3 Jul 2017 03:53:58 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 56AF3160041; Mon, 3 Jul 2017 03:53:58 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id DA71A7D6C89D; Mon, 3 Jul 2017 13:53:55 +1000 (AEST)
To: Robert Edmonds <edmonds@mycre.ws>
Cc: dnsop@ietf.org
From: Mark Andrews <marka@isc.org>
References: <20170702213334.dm5olfbvkpbxdq3m@mycre.ws>
In-reply-to: Your message of "Sun, 02 Jul 2017 17:33:34 -0400." <20170702213334.dm5olfbvkpbxdq3m@mycre.ws>
Date: Mon, 03 Jul 2017 13:53:55 +1000
Message-Id: <20170703035355.DA71A7D6C89D@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HWKIrRbFnorlXdNrPHHeLTkf-Jc>
Subject: Re: [DNSOP] [internet-drafts@ietf.org: New Version Notification for draft-edmonds-dnsop-capabilities-00.txt]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 03:54:05 -0000

There are three things that made it hard to deploy new features.

1) Firewall vendor shipping firewalls with ridiculously strict rules
   with zero evidence that they are needed.

2) Misimplementation of STD 13 and RFC 2671 by nameserver vendors.

3) Unknown EDNS option behaviour was not well defined by RFC 2671,
   this is addressed in RFC 6891.

1 and 2 made it impossible to do a clean update from RFC 2671 to
RFC 6891 which tightened the unknown EDNS option behaviour.  Proper
implementation of RFC 2671 would have allowed the EDNS version 1
to be used to signal that RFC 6891 unknown option behaviour is
required.

I don't see how adding a capabilities option will help here when
the primary problem is bad code.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email