IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-rfc7816bis: hopefully ready for WG Last Call

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 12 March 2021 02:56 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98BDB3A19F9 for <dnsop@ietfa.amsl.com>; Thu, 11 Mar 2021 18:56:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4SAg5lHlQ_a for <dnsop@ietfa.amsl.com>; Thu, 11 Mar 2021 18:56:58 -0800 (PST)
Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB96D3A19F8 for <dnsop@ietf.org>; Thu, 11 Mar 2021 18:56:57 -0800 (PST)
Received: by mail-vs1-xe33.google.com with SMTP id z65so11786849vsz.12 for <dnsop@ietf.org>; Thu, 11 Mar 2021 18:56:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pMSXCAHN6rLSwadfl1NuBbJhGrSJ4i6ed+nkgEKLuME=; b=mfBs77821c4SGFbtZQSIwzajnAJ1fqvMgTKx1vR6gyobVH2/+iRHnvsN3t4Nnx+PFU oMygajxNUd0o5w/7joTSfOPNRDUlSLQQ9ygJiRIdW1uYd7vvaDYo+oF25gxkV33mNJYa c9OihsCa5Evj0E06kg7Dh/NVIeO+0/EWSgbYbhg8w27cUsEKZlE4D1ut6KQfa2CGVPJL CcCzf1BRYIHLS+5P6vrPuZxmx8fSUv3ZzSFYN1/WtTNXxOYMuJ+B5TolPEHDSdt9qMVj e4TKX8Rv/iPo4M1AJYyEA2xJA7UEv87T/7OcHv5RQSCM7Vcv3H9N6WteKvtJk7PYBKpY r0oA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pMSXCAHN6rLSwadfl1NuBbJhGrSJ4i6ed+nkgEKLuME=; b=r7yPzOfBi8mFfZsuV5ZTmJHhtFezUa5zQsBqCB9y2baR852Y/T9T1+dCPcja9hjGak NuiYeuUG30yQDlNDmZZyAoTeGoMEdvoClyMr/6TOiBKxUsHtulEVtUg45PM3KH4/Z4kX sWdnnGV+sYw/FUigBGUzZ2/PT6xMd+Dps9fP4Qcf2PZbIJL3AZ01nwK8kx5i2Pq+guy+ 48gC+TPOsKCsfeg4cpSUp+NeskU5rBeEMz2NY5cam9s2LMJEatah2m93Qx3zIgQH1XtD p2WUS8hf2SJ1UWPafDkv1QtyDHwZjLQfi/TkbeAmKHAdjzAUfGX3lMAlPMisuuk6/IVL DoDg==
X-Gm-Message-State: AOAM533OpPgQgTArp9isnLZtm0gsjwsb+5MluXbzJ/HQ21XYMCyFLDbe 2rqAX8RCa0uyxa45TQGFkc2x7JwZKmo533S7DPY=
X-Google-Smtp-Source: ABdhPJzpgtwjXOzXOL2gtMbXRAc2/yvECZaecXDt6O/zSPukaVAzxNMBPUGNIeSnvlax+AhyVwAzP93hVN1XG2NOVqQ=
X-Received: by 2002:a67:df05:: with SMTP id s5mr7196759vsk.58.1615517815852; Thu, 11 Mar 2021 18:56:55 -0800 (PST)
MIME-Version: 1.0
References: <C0C343BA-D0A6-46A0-90C8-053793BC5F40@icann.org>
In-Reply-To: <C0C343BA-D0A6-46A0-90C8-053793BC5F40@icann.org>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 11 Mar 2021 18:56:45 -0800
Message-ID: <CAH1iCip9Pwg6e7fQRGTJfK=A7w4CN51CLGZ9JpwG7=dLG2HN0w@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008acfb605bd4e0df0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/K-i3cTpRRVvRPpP639pT7Ua0gm0>
Subject: Re: [DNSOP] draft-ietf-dnsop-rfc7816bis: hopefully ready for WG Last Call
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 02:57:00 -0000

Sorry for not thinking of these earlier, not sure if they would add
anything or clarify anything or potentially protect resolvers from DOS
attacks:

   - Maybe some text warning about queries with excessive numbers of
   labels, and suggestions for limiting their impact? E.g. "If NUM_LABELS is
   more than 6, follow the algorithm for the first N labels (TBD for N), then
   do a binary search on the remaining labels at each zone cut discovered."
   - Would it make sense to address ENTs (empty non-terminals), or use one
   of those in an example? Also, in zones signed with NSEC, is there any
   potential advantage to using NSEC records to "skip ahead" through the list
   of labels, if ENTs exist with no non-ENT siblings between the CHILD query
   and the actual zone cut?

Either of these might reduce the work, while still preserving the benefits
of QNAME minimization, I believe.
Brian

On Mon, Sep 28, 2020 at 12:17 PM Paul Hoffman <paul.hoffman@icann.org>
wrote:

> Greetings again. We have not heard much recent input on the draft other
> than "remove the parts about it being experimental". We have done that,
> reorganized it to make it clear that QNAME minimisation is already
> well-deployed, and a few other cleanups.
>
> We think the document is read for WG Last Call, if the chairs do as well.
>
> --Paul Hoffman_______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email