IETF Logo Mail Archive

Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)

Warren Kumari <warren@kumari.net> Mon, 12 September 2022 13:51 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37F05C14CF09 for <dnsop@ietfa.amsl.com>; Mon, 12 Sep 2022 06:51:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6k5KNeODwI5 for <dnsop@ietfa.amsl.com>; Mon, 12 Sep 2022 06:51:14 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D31EC14F74C for <dnsop@ietf.org>; Mon, 12 Sep 2022 06:51:09 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id d8so3945826iof.11 for <dnsop@ietf.org>; Mon, 12 Sep 2022 06:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date; bh=uR/lYYdjOfXr0ObfZCDA34D6dkgE17IGZijo0x/Z8Qc=; b=Hfxted5RKjzkJSYaewhXS/s4BYZcRa9GrMFPXS4NzEyKzGiSrSx6lrPKUNv+SR4wmx EX6VOuX1ttChG+3emhpVn5LuPg5sRBPvXxMyEsJgrmuY2C4CRhXd6pZJSTcPvQqsEkX8 8jSgnDn2JkMVameLwL3SusMO6ZHSoY8QmenrWx1lYggTHBGo7uVacMj6dwXqjZ7Hag0U C8LJYb0d/Xh3jORpGT646YB/BXvG0cPFQZEb5ChH2YDWrONOT8UkCOTSvc/A2XX+fPUm sM880kqdHoCvfzpC1zkcDYG65nroJ5BvPag3Pet2G7bYBGsl+OXrHcvkt6K/1V+EvEfZ s43Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=uR/lYYdjOfXr0ObfZCDA34D6dkgE17IGZijo0x/Z8Qc=; b=iq+yGJ9meMmGT1p3ch2nEA2XdoGMVTksvM56xbgelCv7eRyrWVOTV1q/lm8k5f8eJr Zv5R3Fu3lOvAzd6rIkDYLvZn5usJWSQr+z71UMK2EdpXud+CVdUOw2yjG7LAysQmTgkc xGLnXOnOqeoTDablg2hXAWZbnfgGtaJSNMWNetB9ViczQw3171qPbj3cHitXudKiRA1X sjtIBqI73IaIYamoX9OCqxfSVgzWK/Tl3ZD+9Gzjf/pzjl3vgT21sgl3rgdIsbZ18hXS fevYaBxjTXn9oa8TkE6qTQsU3E/Nr/HIKA7XYraFbWan/Y4GtS+FP7yXAcKzpOmludKv CjZA==
X-Gm-Message-State: ACgBeo3aoWC6ff1Jjto05kOOQoVpSCqZVjMz6/JUHfhqwfVfPBsSJAWn JmcZ19dZl8/ZKIYD6PGR7+MGPN+plWeNt4+YEHwfK9dZbes=
X-Google-Smtp-Source: AA6agR5ZFj6oTp4gSZ/Jtu8or9HW6rB9M8v1H+1U4gz92Qfj2x3TX7t8foCk7VzAQW6QO5sGRgIQ1BrRSP17vqcnYYI=
X-Received: by 2002:a05:6638:1456:b0:346:856f:f3c4 with SMTP id l22-20020a056638145600b00346856ff3c4mr13839914jad.179.1662990668054; Mon, 12 Sep 2022 06:51:08 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Mon, 12 Sep 2022 06:51:07 -0700
Mime-Version: 1.0
In-Reply-To: <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com>
References: <CAHw9_iJg7yTECPbPvSNxac21My4SqPjMjhYS4tFRWBzFmjkLjg@mail.gmail.com> <CAH1iCipoo2u2h8XtJp8iwrg-bonMC785RehC3bVzbMKaLv+Kpg@mail.gmail.com> <0203FD85-487D-4B64-88BF-818B5BE0BC70@apple.com> <CAHbrMsCZSkakKvnxTsqQ0JmywNAHwVC1DyN0aVJ72sH7fgy6pA@mail.gmail.com> <CAHw9_iLNSnwUyZomkQ49Czhk-evy1Z4LjL7CfVhP7EFvZpBh5A@mail.gmail.com> <Yxk1Iikv8XazQa7o@straasha.imrryr.org> <Yxk7ycs0274UMSSh@straasha.imrryr.org> <0A4F52A8-378F-4222-9E5A-041A82E97C79@icann.org> <CAH1iCiriUcqprYj+LJGoo40o-dRsYyGmOFU_6VWbTXBt8+xnJw@mail.gmail.com> <A222DD8A-517D-4D7C-AB8E-2EEB99FF1C7E@icann.org> <YxoLstfurrWgGZUs@straasha.imrryr.org> <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org> <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
X-Mailer: Superhuman Desktop (2022-09-09T22:05:54Z)
X-Superhuman-ID: l7ytoz2z.266a1993-16c4-483e-9e5f-b42a4a3e0f74
X-Superhuman-Draft-ID: draft006addcbc6321726
Date: Mon, 12 Sep 2022 06:51:07 -0700
Message-ID: <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com>
To: Erik Nygren <erik+ietf@nygren.org>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000008dc2805e87b30eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LhEufm0a8IjoXZ_ck0b9RTSkDTc>
Subject: Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2022 13:51:18 -0000

Hi all,

Firstly, and most importantly, thank y'all for keeping this civil, friendly
and productive; I really appreciate it.

I've (informally) checked with the IESG on the proposed change in the
PR and also including Erik's proposed operational note ("Some
implementations may not allow A or AAAA records on names starting with an
underscore due to various interpretations of RFCs. This could be an
operational issue when the TargetName contains an attrleaf label, as well
as using an TargetName of "." when the owner name contains an attrleaf
label.") and everyone seems fine with it.

So, I'm ask the authors to cut a new version with these changes in
(basically, accept the PR and add the proposed text) and I will then email
the IESG with a diff to get "official" consensus on the change.

Dealing with process exception handling is always stressful, so thanks all
again for keeping this moving along nicely.
Also, a reminder that while we *can* make changes after approval (and
before RFC publication) we really really avoid doing so, and so this should
only happen under exceptional circumstances[0].

W

[0]: I'm not convinced that this situation rose to the "exceptional
circumstances" bar, but seeing as I'd already paused it (not knowing what
all the issues were) and because the changes are clarifications, I'm
willing to accepting it.

On Thu, Sep 08, 2022 at 12:34 PM, Erik Nygren <erik+ietf@nygren.org> wrote:

> There seem to be two topics:
>
> 1) Victor's clarification makes sense, although the wording is a little
> awkward and perhaps we can improve that sentence.
>     The section was already implying that meaning (ie, that the fallback
> addition of the QNAME was for the AliasMode case)
>     but clarifying this in a more normative way seems worthwhile and not a
> technical change.
>     I'd propose we refine this PR and incorporate it as the "clarifying
> sentence" that Warren was willing to accept.
>
> 2) There is the issue of whether attrleaf labels are valid owner names for
> A/AAAA records.
>     This document does not seem like the place to land that, and it seems
> like it may be open for interpretation
>     as different implementations may have interpreted it differently.  If
> anything, we might add a non-normative sentence like:
>
>        "Some implementations may not allow A or AAAA records on names
> starting with an underscore
>         due to various interpretations of RFCs. This could be an
> operational issue when the TargetName contains an attrleaf label,
>         as well as using an TargetName of "." when the owner name contains
> an attrleaf label."
>
>    This wouldn't be a normative change but just an operational warning ---
> would this be acceptable to include at this stage?
>    Further clarification of this seems worth a draft in its own right
> since the existing RFCs are inconsistent
>    on this topic and there is room for multiple interpretations, as shown
> in some implementations.
>
>
>
> On Thu, Sep 8, 2022 at 12:05 PM Paul Hoffman <paul.hoffman@icann.org>
> wrote:
>
>> On Sep 8, 2022, at 8:35 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
>> wrote:
>> > This is a bug fix, the proposed behaviour makes no sense when $QNAME
>> > is the unaltered (attrleaf prefixed) starting point.  The current
>> > meaning was not intended.  If the edit can be made without any
>> > major process, just a note to the RFC editor, it'll save errata,
>> > and possible confusion later.
>>
>> A technical change made after the IESG review requires, at a minimum,
>> another IESG review. The IESG could ask for another IETF review, if they
>> want. It's up to Warren, the responsible AD, to decide if that's "major
>> process".
>>
>> --Paul Hoffman
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email