IETF Logo Mail Archive

[DNSOP] Authoritative servers announcing capabilities

Paul Hoffman <paul.hoffman@icann.org> Fri, 11 September 2020 20:37 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8456C3A09C6 for <dnsop@ietfa.amsl.com>; Fri, 11 Sep 2020 13:37:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Pdx2bCaSQDW for <dnsop@ietfa.amsl.com>; Fri, 11 Sep 2020 13:37:41 -0700 (PDT)
Received: from ppa5.dc.icann.org (ppa5.dc.icann.org [192.0.46.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214D63A09A9 for <dnsop@ietf.org>; Fri, 11 Sep 2020 13:37:41 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa5.dc.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 08BKbdM2004886 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Fri, 11 Sep 2020 20:37:40 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.659.4; Fri, 11 Sep 2020 13:37:38 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0659.006; Fri, 11 Sep 2020 13:37:38 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: dnsop WG <dnsop@ietf.org>
Thread-Topic: Authoritative servers announcing capabilities
Thread-Index: AQHWiHtjuQUA9IhDA0u/SjeHKdZGYA==
Date: Fri, 11 Sep 2020 20:37:38 +0000
Message-ID: <676DE8DE-DA20-4162-B81C-C358DC7084E7@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_D1C5DE37-BC31-48F2-BD3E-5A51E9452591"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-11_10:2020-09-10, 2020-09-11 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Nupr3_PiIBVptmetUlMUtUBwFyQ>
Subject: [DNSOP] Authoritative servers announcing capabilities
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 20:37:50 -0000

Greetings. Puneet and I have an new draft, <https://tools.ietf.org/html/draft-pp-dnsop-authinfo>, that we would like DNSOP to consider. From the abstract:
  This document defines a new DNS RRtype, AUTHINFO, that is used by
  authoritative servers to publish information about themselves.  This
  information can be useful because a recursive resolver can determine
  an authoritative server's capabilities, such as whether an
  authoritative server supports the EDNS(0) client subnet extension.

The responses will be signed if the zone for which the server is authoritative is signed, meaning that validating resolvers can get authenticated information about the server if that would influence how they treat responses from the server.

As you might expect from from the authors of the RESINFO draft, the response is a JSON blob that can be extended to carry other information in the future as resolver operators and vendors think of additional information that would be useful to them.

We would like DNSOP to adopt this, and of course we are open to suggestions on how to improve the protocol.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email