IETF Logo Mail Archive

Re: [DNSOP] Consensus check on underscore names and draft-ietf-dnsop-rfc7816bis

Tim Wicinski <tjw.ietf@gmail.com> Wed, 07 July 2021 18:35 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948B73A23F4 for <dnsop@ietfa.amsl.com>; Wed, 7 Jul 2021 11:35:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fh1QbFZ2941i for <dnsop@ietfa.amsl.com>; Wed, 7 Jul 2021 11:35:24 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D43B43A23F2 for <dnsop@ietf.org>; Wed, 7 Jul 2021 11:35:23 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id p16so6512879lfc.5 for <dnsop@ietf.org>; Wed, 07 Jul 2021 11:35:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=VO47i8yGZfMS6Gg+2WXBharLQe2ZhzeAaFczaKXiwVw=; b=NI63adwAuuwtiKBy1L3/ResTWj7+TlQ7um8U0QNk+gz+DzLEmoxffYSVZT2XHwb7Fq Nx72YQpQUVu5M2XWc49XuUSftRbpUDf4S7aLn4XCpB40UIW6TmwTS/rArYB1Eaeo4y4W uC4kY3hDyt7+8o07cSu4GMXRey0izVirErQ/QSt1tFPtHsuA49JjxzRdEUPFblmfVYsR kQvm019jzCDz8EJPwS5C3l+Hqp0E7cFpD/Ar/UIeggt3lEMwzmi9yoHY3rOsJftcy3Tn 2QwjozqLfUVza7edjrk4e4OWax2DWb7M1dpsAOY+DYYVJNLWfhukrWdjvGhDmyRANdMD VtLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=VO47i8yGZfMS6Gg+2WXBharLQe2ZhzeAaFczaKXiwVw=; b=e5xTXC3zQhBboioxKisfOS1cDsSmbmvqnmmZLyokTEviRXVvWGP6/u3pdgV+ZfmI8O qI6SvB6om7lPC7aMkMhrkYfQ8B1qXcMNLVMaKhnARiC6BRYpjVpOTe6JfNd6H8PRwfuZ M+TLoDJh1QJpORB0dcSoJ0gs2LJKStbcFtHX2IX6FrUHNqBIcS4kW93AhM8sVvYJHK/G dI+mahB+yFiM4+yqgZiXimJRuVja87c/Q/BMb+H+IXvBIGEIscCoE4GCgbhaaaePZ1RB mYW5bKRc7sjdBDt25frsdToNIH/REbFUFuvQMvzHGwkmsblMO7oDmEPdFqhhQvfQmuNQ tysA==
X-Gm-Message-State: AOAM531Xb9jyZVFhneKKX619IRUEFGp295krocdLxjMRNXtAEaGWtxWM sfhGnNGTdaXvQ0KF0C5oQ20GVY12VJcHSDUELBKkFEQNEI4=
X-Google-Smtp-Source: ABdhPJx+iMEgteqDaKTjQ+HVZ9fkw7oK90Z1G0A6YwoA1msvC/RU/DwAN7mfgaBE0Do8MmeLY626EmlYMqVuqWdNFnY=
X-Received: by 2002:a05:6512:3332:: with SMTP id l18mr20701356lfe.439.1625682921392; Wed, 07 Jul 2021 11:35:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAHw9_iKhvHwUfJMOp-YhJkimmnN0f3DLbh+JWYxhCiZ9CjEEQQ@mail.gmail.com> <YOXr6YwmQ80s1zHa@straasha.imrryr.org>
In-Reply-To: <YOXr6YwmQ80s1zHa@straasha.imrryr.org>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Wed, 07 Jul 2021 14:35:10 -0400
Message-ID: <CADyWQ+ENZ18OX=S0ODxuV62pxb6Q3_Y2a-uQBFEszZQRWfPRRw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000c0e4105c68ccd49"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/K2JlIggneLpwM18O23zTFyxKdA0>
Subject: Re: [DNSOP] Consensus check on underscore names and draft-ietf-dnsop-rfc7816bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 18:35:29 -0000

I am with Victor on the use of RECOMMENDED.

On Wed, Jul 7, 2021 at 2:01 PM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Wed, Jul 07, 2021 at 01:54:37PM -0400, Warren Kumari wrote:
>
> > Viktor is suggesting that QNAME Minimization should be stopped when
> > you run into an underscore ("_") label, instead of this being worded
> > as a potential, optional mechanism.
> >
> > Obviously there is a tradeoff here -- privacy vs deployment.
> > 1: while it's **possible** that there is a delegation point at the
> > underscore label, (IMO) it is unlikely. If there is no delegation, you
> > will simply be coming back to the same server again and again, and so
> > you are not leaking privacy sensitive information.
> >
> > 2: some recursives are less likely to enable QNAME minimization
> > because of the non-zero ENT and slight performance issues.
> >
> > What does the WG think? Does the privacy win of getting this deployed
> > and enabled sooner outweigh the potential small leak if there *is* a
> > delegation inside the _ territory of the name?
> >
> > Should the advice above be strengthened to SHOULD / RECOMMENDED?
>
> Thanks, Indeed I'm arguing for RECOMMENDED (synonymous with SHOULD IIRC,
> but sounds less intrasigent).
>
> --
>     Viktor.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email