Re: [DNSOP] New Version Notification for draft-sury-deprecate-obsolete-resource-records-00.txt

Evan Hunt <each@isc.org> Mon, 26 March 2018 14:57 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C545A127601 for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 07:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QIc_evbrEmna for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 07:57:29 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7062512420B for <dnsop@ietf.org>; Mon, 26 Mar 2018 07:57:29 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 351D83AB002; Mon, 26 Mar 2018 14:57:29 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 1DED9216C1C; Mon, 26 Mar 2018 14:57:29 +0000 (UTC)
Date: Mon, 26 Mar 2018 14:57:29 +0000
From: Evan Hunt <each@isc.org>
To: Michael Casadevall <michael@casadevall.pro>
Cc: dnsop@ietf.org
Message-ID: <20180326145729.GA35023@isc.org>
References: <7CF21F70-9419-4D6A-B555-FC229F90E8A9@isc.org> <5AB546CB.3030408@redbarn.org> <CCAE4014-67F8-4E73-A893-AA06B83E880B@isc.org> <20180324124958.GA29255@puck.nether.net> <CAJhMdTPRn=mUQ6xh_HFdFLBk109b_M2+saS86KFxsttb8_oVvw@mail.gmail.com> <20180325080558.GA18671@isc.org> <066C83F5-5E1C-4DF8-8D45-A7E9F3A44673@vpnc.org> <DCE31CFA-534E-451F-B743-E022F62C7516@isc.org> <20180326124544.GA32080@isc.org> <552cfda4-572b-7c88-b5b8-0cda5c49e2fd@casadevall.pro>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <552cfda4-572b-7c88-b5b8-0cda5c49e2fd@casadevall.pro>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LZy7NA7eJG4weQrthftHpHYUHHk>
Subject: Re: [DNSOP] New Version Notification for draft-sury-deprecate-obsolete-resource-records-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 14:57:31 -0000

On Mon, Mar 26, 2018 at 10:22:30AM -0400, Michael Casadevall wrote:
> I think to be more specifically, the end goal should be the ability to
> treat obsolete record types as RFC 3597 and remove special casing for
> them. That way, new resolvers simply have to implement 3597 and not
> worry about associated edge cases with the obsolete types.

Thank you, that's what I was trying to say, you said it better.

> > 2. responders SHOULD NOT compress rdata when rendering obsolete/deprecated
> >    type records to wire format.
> > 
> 
> The problem here is that right up until the point the camel declares
> these RRtypes dead, the specification specifically allows them to be
> compressed.

But it's always allowed them not to be compressed, too. The trouble
PowerDNS had was because it wasn't expecting compression, but I would
expect the opposite problem (failing because something *didn't* compress)
to be rarer.

>  1. Authoritative servers SHOULD warn when loading zones with obsolete
> record types
> 
>  2. Resolvers MUST never send obsolete RRtypes in a compressed format.

Problem here: If the resolver is treating the record as opaque, then it
can only send it along in whatever format it was received in, so this
requirement doesn't work as written. But I think what you mean is that
even if the resolver is able to parse compressed rdata, it MUST NOT
compress when sending the answer along to its own client. This is
re-stated in point 5, below.

>  3. Signers MUST treat rdata as opaque
> 
>  4. Obsolete RRtypes MUST never be treated as a known-type with respect
> to the wire protocol
>
>  5. Resolvers MAY support legacy compression for received data for
> backward compatibility if desired, but SHOULD warn if such information
> is received. Compressed records MUST never be re-transmitted.

You use MUSTs where I used SHOULDs, but I think we're both pointing
in the same direction.

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.