Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld
Paul Wouters <paul@nohats.ca> Wed, 14 December 2022 00:10 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15070C1524D0; Tue, 13 Dec 2022 16:10:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.092
X-Spam-Level:
X-Spam-Status: No, score=-7.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0aQCQB_JSUy9; Tue, 13 Dec 2022 16:10:08 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26A3C14CF1F; Tue, 13 Dec 2022 16:10:07 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4NWwjT3VRqz71n; Wed, 14 Dec 2022 01:10:05 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1670976605; bh=XKBkQ8u+El1TxwkQOBlobFzzCDNHy9rFHAL/4G6OmrY=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=FznFs/G7MOSZ7AxnBVMX3S8S7QUUvAiZYfMsGw/xFMDtXtfl/47OCVUE8x/YECZ9U 7wA1gzQ7npNIE6c58CyakGNedgLOyNzBdraOwfMlrQXGnWZ5NmEebIQZdD+RHqCawh OWZtWy3bnIwprfhQrdnTE0idhvXLUoW6z7sb2qfY=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id NrOKVrZzR5Ce; Wed, 14 Dec 2022 01:10:03 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 14 Dec 2022 01:10:03 +0100 (CET)
Received: from smtpclient.apple (unknown [193.110.157.208]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 91B0B4224E0; Tue, 13 Dec 2022 19:10:02 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail-55C5C31E-DBB5-4EBE-9C70-229685313836"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Tue, 13 Dec 2022 19:10:01 -0500
Message-Id: <F5F58985-51C9-4DFA-81C8-ADE96203E56D@nohats.ca>
References: <2CF77A7C-0B07-4097-B034-9DD2A2063A2C@verisign.com>
Cc: Suzanne Woolf <swoolf@pir.org>, dnsop@ietf.org, dnsop-chairs@ietf.org, "Rob Wilton (rwilton)" <rwilton@cisco.com>
In-Reply-To: <2CF77A7C-0B07-4097-B034-9DD2A2063A2C@verisign.com>
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (19G82)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KdK-NlZuvKdKCHVu9n96w-HZ5Ho>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2022 00:10:12 -0000
> On Dec 13, 2022, at 18:50, Wessels, Duane <dwessels=40verisign.com@dmarc.ietf.org> wrote: > > > I > I still think the requirements for library (stub) and caching resolver behavior should be stronger. i.e. MUST NOT put .alt queries on the wire. But this is probably a minority opinion. Earlier I had said “should use query minimalization”, but perhaps better is to just say “with DO set (or when this cannot be determined) should strip the query down to “.alt” (eg dropping anything left of the TLD) and change the type to AAAA and continue the regular resolving process. If no DO is set, just return NXDOMAIN. > “Caching Resolvers performing aggressive use of DNSSEC-validated caches ... will not send any queries for names under .alt to the root zone.” This statement is too strong. RFC 8198 says SHOULD, not MUST. Not to mention cache misses. I think stripping the qname is easier and preserves more privacy. Paul
- [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Stephen Farrell
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Peter Thomassen
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Wessels, Duane
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Paul Wouters
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Donald Eastlake
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-alt-tld Eliot Lear