[DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error
Petr Špaček <pspacek@isc.org> Mon, 05 May 2025 15:53 UTC
Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8DA3A24E9421 for <dnsop@mail2.ietf.org>; Mon, 5 May 2025 08:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="WVRUIytC"; dkim=pass (1024-bit key) header.d=isc.org header.b="C2oz69nG"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWF-hxMS98YD for <dnsop@mail2.ietf.org>; Mon, 5 May 2025 08:53:18 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9E1F124E9304 for <dnsop@ietf.org>; Mon, 5 May 2025 08:53:11 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id C15B23AB376; Mon, 05 May 2025 15:53:10 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org C15B23AB376
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1746460390; cv=none; b=KDOKlo4WXcwsyKkyOpQM7qcdXTPzbTqmeQWO8R1jb8RPGGZRKot4RsrNPAcURGdrPZkzT/JjM31+pGKLxDcM0N2NaIwenJs5nQJ6TdrHAUQQdnPAUw/vZUoyWD3SL7fm4wRQ8MIhico0MasBcjgpaXWDJWkdZlzdfaYYfEEA4Lc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1746460390; c=relaxed/relaxed; bh=7ZBPdvXnoyHj57ER0a69VD5pzR1mkh8ixm/2UR5zMN8=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=VCHvH/rGC/xEoU7khT2yXy7m7ELU0aMRJozAaRaYXTSvH4kfQQGzYm2RL36Zbeca4FxBRVL1N0A1xPRQyy1pSBCL+8Vqvm9rYJnIlIVpcaGRygxrlB1L0HOcAE4ZQ8urYgG2Epyoq/xHnj3nq70Hrkyyfk4abr8M9xTfaInSRs4=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org C15B23AB376
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1746460390; bh=09BIF7qObOlsRv/hWhxJ0SWjs+JkXmycqpF3b5i3Zxo=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=WVRUIytC80M9fFp2bvAV15MVUlEIE6mVlyMbvIyfxRusQJvyVdvOb9BisHU4m10Jx b2tZSU98rNVPifA8vpD/Ka8JLLvMtzNjPQ0lY0bxv+Dnvol5qgxjEBrD+bg2z76Z5t TMtAbMnwtIeVC0jn/Rm6knYrYF0KaoJN4MKnkl8A=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id BCA07138E976; Mon, 5 May 2025 15:53:10 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 9AC9A138E977; Mon, 5 May 2025 15:53:10 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 9AC9A138E977
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1746460390; bh=7ZBPdvXnoyHj57ER0a69VD5pzR1mkh8ixm/2UR5zMN8=; h=Message-ID:Date:MIME-Version:To:From; b=C2oz69nG/qm0kXfo4anVTqtGaMLoWKsHWJVyKhNy2YQrBvYvBgcIY9wzr8783oN36 RXmD+wWnrmKNIifNGKXb9ZaO3pC3HFnPbdIDQsBn0g5sadd2MLTVirJYVTxP54tzSk cvkPca/zf/w26c2kdAjLeBmqCtHYKuOsHY7tZi48=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id moeE3qQ6Q8DI; Mon, 5 May 2025 15:53:10 +0000 (UTC)
Received: from [83.148.32.161] (unknown [83.148.32.161]) by zimbrang.isc.org (Postfix) with ESMTPSA id EABD5138E970; Mon, 5 May 2025 15:53:09 +0000 (UTC)
Message-ID: <568c86cc-235b-4213-80ad-086449e4a984@isc.org>
Date: Mon, 05 May 2025 17:53:08 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: tirumal reddy <kondtir@gmail.com>
References: <PH0PR11MB49666C9FAA1DC4C04EB7AEDBA98E2@PH0PR11MB4966.namprd11.prod.outlook.com> <53398b3c-98a2-4282-92eb-b694761b8875@isc.org> <CAFpG3gchc9JGHbDnpit5ib+Vg8j737QLczfAB7UTmQYvpE+F3g@mail.gmail.com>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmd7vqsFCQmG4S0ACgkQq9WHzfBlga5H dA//SNIJAXyYxpoIrQwtTSOded93J+CIYHd2ArxCsS+ZXzeaSkHcqp2QfneLY2yyiQwjeivu MfqEBIASNZ94T+4OjhEHAFaAUJQtYMY7qmH69Q5h1PQMk/HZX4QNEDB6dihjz4wunB2mRcac GnRziAQUAnlHSSZDU2EtTddmRYTCaeX9rU8O5ja0+qPBJket7PjS0yT8DQJF+aKRsQz17ywT 3rNR7NBgeKrkBud4/zE7VRoxSRCPkWkgixEog+AotZt22psgQTv+kWx89+7cTiFZaLMmtV6v Ws8QTpDRDM3hCJBCI6qk61k8SLuQ+5VuVWBM/ozoN1ON2J9anxVTrxhNsFM3RLHV/Qh9p/0y T4our7JxB6dsos3HtlRR2npXS1PMrrXt7ZnnfYao+9zbOrZHC7NRY3feaLhieLx1pKmdDRHT CAbqaGnqX22hYYemtYFzSAv7stCdqdncAEkZJy4HByjQwFVGn8A6rp7H1xV2LmlkNAMEoWrT GJ+wH8A+VA3qbZF9Ab8Ht2GRj3mQQ4h8NnRYjKyqecCQOI5Xmn4S61nQ9y+wOBUSTlAQ6a5n LmMpCVe2/D4pWFxpUxc1z8Hq+uEN95sPgbihiSdgBR50DRdqW57ulFHA9LKJ0AEnBtQfvVth qAkvG8iBYl+UpoX1xW+dbX2g6nI5Rbx8u+EojKXOwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC Z3u+zwUJCYbhUQAKCRCr1YfN8GWBrmljD/45mvtqiWzATkikxkJjTlxfhJBGUFXUoPXqvo8l 8zACTTnn6/K7v1TcFmtSHtLqQiTGwwq1vGQSjEG+UFzdXohex9MTv+7JHr+fcQfxFtxYeVGn k9fSkRkIdtpUzuCnBC27VYbq5S+nk4+ophmjm7rFVWd4tz+XTFZkuHTRImWxbaF9EZ/fuWmm XaICw+lzGan9BteM1ZSLIjzSPd7LoG55SuoVtAV91J5oLPo6KDOzgPEffalm2LJo7+ZaAeW6 diQUXxQpvAAROR/l1D1DIIQ0OJOqv0QRFyHt/zBbKgWmGaTQqF5aNab4ukVAt0LMsCkCjA11 HhcUnUwrixHR4V8G3UlHTQsWReiXfPerv/BewTsPHSzIfmufNlrBDfS/uIYdwquZfhOSsK9Z DUJFkaHudJC6tRVQ5LBVFqjgtZDllpAj1cOG7WmlTwHblj/r2+LMpOVHApByNkehEOA2c4Bn tcQ/8qSeorJCyd1/5A5+bUFIfIAJbRz4Ja21JgH107oCMX3hsGEzMnuwplYTf9NP4Dq0FQhK vkXzdnDhhXef8nUqF7l32hj9x1BCLFZ4FFe6iuKD7Q9p83Ca1HDdxauIrsrXTsEr1bjg2o/A JXI4A3sUunmiIf/tu+3riXUhA10P1IG11yEQ4y9ogE6knvOraRBwZ8gvFT7J2YLXJrF5mQ==
In-Reply-To: <CAFpG3gchc9JGHbDnpit5ib+Vg8j737QLczfAB7UTmQYvpE+F3g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KJ2HJTH4NUH65Q4WLUCFGVJL4C2BGOVI
X-Message-ID-Hash: KJ2HJTH4NUH65Q4WLUCFGVJL4C2BGOVI
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Comments from IETF Last Call about draft-ietf-dnsop-structured-dns-error
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Sqrl69WGeu6koRNKR-Vu9RMCFBc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On 5/5/25 17:27, tirumal reddy wrote: > On Mon, 5 May 2025 at 20:32, Petr Špaček <pspacek@isc.org > <mailto:pspacek@isc.org>> wrote: > > On 5/5/25 14:49, Eric Vyncke (evyncke) wrote: > > Dear authors and WG, > > > > There have been substantive IETF Last Call comments once > extending the > > review outside of DNSOP. On my own read of the comments, there > are two > > critical ones: > > > > * Are full-text explanations better or worse from UX or > security point > > of view ? > > * Should the draft merge/include/... with draft-nottingham-public- > > resolver-errors ? > > Shameless plug: There is also a technical objection in > https://mailarchive.ietf.org/arch/msg/last-call/ > dsouS0lgD8UK36rWgqBkq8LKSWo/ <https://mailarchive.ietf.org/arch/msg/ > last-call/dsouS0lgD8UK36rWgqBkq8LKSWo/> > > under "Issue #1". > > The current text breaks assumptions about EDE Option usage defined in > RFC 8914 and does not state a good reason for it. > > > This topic was discussed within the WG, and there was consensus to reuse > the EDE Option in the request as a signal of client interest in > structured data, please see slide 4 in https://datatracker.ietf.org/ > meeting/115/materials/slides-115-dnsop-structured-data-for-filtered- > dns-01 Could you please point me to the the decision, please? I did not find this being discussed on the mailing list. IETF 115 dnsop minutes for this draft say only this: ----- https://datatracker.ietf.org/doc/minutes-115-dnsop/ Structured Data for Filtered DNS draft-wing-dnsop-structured-dns-error-page, Tirumal Reddy Lots of industry interest **Chairs Action: CfA** ----- To refresh my mind I went to IETF 115 dnsop recording here https://meetecho-player.ietf.org/playout/?session=IETF115-DNSOP-20221108-0930 and listened to block starting at 1:52:00. What I hear is call for adoption a minute or two before the session ended and everyone went home, not a technical discussion. Did I miss some other place where it was discussed? It's been a long time so I might have missed something, obviously. > The same EDNS(0) option is > permitted in both requests and responses, for example, RFC7828 (edns- > tcp-keepalive) specifies the use of the option in both request/response. > > It also maintains symmetry between signaling support for this feature > and delivering structured error information using the same option. Just to be clear: I'm fine with using an option in both directions. What I object to is overloading meaning of an existing EDE option for different purpose. Specifically EDE spec in RFC 8914 section 2 says: > The Extended DNS Error (EDE) option can be included in any response (SERVFAIL, NXDOMAIN, REFUSED, even NOERROR, etc.) to a query that includes an OPT pseudo-RR [RFC6891]. It does not say anything about use in queries. I can't see a technical reason for this overloading, and as resolver implementer I don't want to deal with complicated spec and resulting code if it can be made simpler. Hopefully I explained myself clearly now. -- Petr Špaček Internet Systems Consortium
- [DNSOP] Re: Comments from IETF Last Call about dr… Stephane Bortzmeyer
- [DNSOP] Comments from IETF Last Call about draft-… Eric Vyncke (evyncke)
- [DNSOP] Re: Comments from IETF Last Call about dr… Stephane Bortzmeyer
- [DNSOP] Re: Comments from IETF Last Call about dr… Petr Špaček
- [DNSOP] Re: Comments from IETF Last Call about dr… Paul Wouters
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: Comments from IETF Last Call about dr… Peter Thomassen
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: Comments from IETF Last Call about dr… Peter Thomassen
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: Comments from IETF Last Call about dr… Paul Wouters
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: [Last-Call] Re: Re: Comments from IET… Paul Wouters
- [DNSOP] Re: [Last-Call] Re: Re: Comments from IET… Eric Rescorla
- [DNSOP] Re: Comments from IETF Last Call about dr… S Moonesamy
- [DNSOP] Re: Comments from IETF Last Call about dr… S Moonesamy
- [DNSOP] Re: Comments from IETF Last Call about dr… David Adrian
- [DNSOP] Re: [Last-Call] Re: Re: Comments from IET… tirumal reddy
- [DNSOP] Re: [Last-Call] Re: Re: Comments from IET… tirumal reddy
- [DNSOP] Re: [Last-Call] Re: Re: Comments from IET… Paul Wouters
- [DNSOP] Re: Comments from IETF Last Call about dr… Petr Špaček
- [DNSOP] Re: Comments from IETF Last Call about dr… Petr Špaček
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] DNS, censorship, attacks and centralizati… Mark Nottingham
- [DNSOP] Re: Comments from IETF Last Call about dr… Petr Špaček
- [DNSOP] Re: DNS, censorship, attacks and centrali… Bill Woodcock
- [DNSOP] Re: DNS, censorship, attacks and centrali… Jens Finkhäuser
- [DNSOP] Re: DNS, censorship, attacks and centrali… Ben Schwartz
- [DNSOP] Re: DNS, censorship, attacks and centrali… Mark Nottingham
- [DNSOP] Re: Comments from IETF Last Call about dr… tirumal reddy
- [DNSOP] Re: DNS, censorship, attacks and centrali… Mark Nottingham
- [DNSOP] Re: DNS, censorship, attacks and centrali… S Moonesamy