Re: [DNSOP] [art] Another look - draft-ietf-dnsop-attrleaf-05.txt
John C Klensin <john-ietf@jck.com> Thu, 29 March 2018 22:02 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DA3126DFB; Thu, 29 Mar 2018 15:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1R2IWZKfYzg3; Thu, 29 Mar 2018 15:02:53 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3BE0127136; Thu, 29 Mar 2018 15:02:45 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1f1fd5-0006OO-DL; Thu, 29 Mar 2018 18:02:43 -0400
Date: Thu, 29 Mar 2018 18:02:37 -0400
From: John C Klensin <john-ietf@jck.com>
To: Warren Kumari <warren@kumari.net>, dcrocker@bbiw.net
cc: Applications and Real-Time Area Discussion <art@ietf.org>, dnsop <dnsop@ietf.org>
Message-ID: <305CF8969698D734073250E4@PSB>
In-Reply-To: <CAHw9_i+81GzP_FPdmJzCO8-sMtCM+W+SmbQ=90fFOE+BS2dzFw@mail.gmail.com>
References: <f7b85bac-b050-5003-2df0-a48b1ef2f929@dcrocker.net> <e1f41670-ada8-eaac-468c-c712b338a10b@dcrocker.net> <alpine.OSX.2.21.1803201804440.8940@dhcp-8344.meeting.ietf.org> <A7711F58-5145-49E8-9158-B2F94D0EABBF@redbarn.org> <7c168dc1-2ea7-d47e-78b7-0380e5d0aa84@dcrocker.net> <alpine.OSX.2.21.1803211104210.9553@ary.local> <5244d327-f8ea-1590-c663-1d92e0b194c4@dcrocker.net> <5F44FA5B42805C52479DE491@PSB> <alpine.OSX.2.21.1803211507380.9666@dhcp-935d.meeting.ietf.org> <1DF1564CC2B88726B2B54CF4@PSB> <20180326171842.0eacbdc4@smaug.local.partim.de> <32837C4DF5CB5BDD00DAD0FD@PSB> <fe24bb1d-a2e2-c50a-4293-b9c4cadcfc69@dcrocker.net> <C10EFF0FB6AC68625A75D485@PSB> <CAHw9_i+69CGrZnW6XqvP6Qk1Cw+QoFKHCzqO4Hb=C6UkDvZkVg@mail.gmail.com> <e18bc940-184c-1031-b24b-d549d126dff4@dcrocker.net> <CAHw9_i+81GzP_FPdmJzCO8-sMtCM+W+SmbQ=90fFOE+BS2dzFw@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TI4DgrqWND4yOObgeB9v9Z2NVSU>
Subject: Re: [DNSOP] [art] Another look - draft-ietf-dnsop-attrleaf-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 22:02:57 -0000
--On Thursday, March 29, 2018 22:00 +0100 Warren Kumari <warren@kumari.net> wrote: > On Thu, Mar 29, 2018 at 9:52 PM, Dave Crocker > <dhc@dcrocker.net> wrote: >> On 3/29/2018 1:45 PM, Warren Kumari wrote: >>> >>> I don't want to get into if this is the*right* behavior or >>> not, but it seems like worth mentioning in the draft as it >>> has much background already... >>> I can find nothing which states that A / AAAA cannot be >>> associated with underscore names, but they sure don't seem >>> to work in practice. >> The current version is: >> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-attrleaf/ >> >> Please suggest specific text to use and where to put it. > > I'm hoping someone will pipe up with "Gee, RFCfoo, Section > bar, Bullet N clearly says this, I can't believe you never > knew that...." > > If that doesn't occur I'll craft text. Warren, just to clarify where I'm coming from (and noting Paul Vixie's recent comment). I think there is no question that putting a label starting with an underscore (or containing one) on an RRSET that includes an address record would be ill-advised, nor that some implementations (possibly because they consider it ill-advised or just plain dumb) won't allow it or won't make it easy. I think there is no question that underscores (leading or otherwise) have no more place in either historical (e.g., RFC 952) host names or the "preferred syntax" of RFC 1034/1035 than, e.g., "+", "$", "%", or "/" do. I am reasonably confident that you are not going to find a normative statement that says that the term "host name" (with or without an intervening space) is any label, or the left-most label, associated with one or more address records, nor as statement that host names in the DNS MUST conform to the preferred syntax. Indeed, the description in RFC 7719 appears to me to be consistent with what the specifications actually say and it contains the same "any octet value" language that appears in earlier, normative, documents including RFC 8121. My objection was narrow. The text, even at -06, reads '"host" (host name) are not allowed to use the underscore character, this distinguishes the underscore name from all legal host names [RFC1035]"' That is objectionable for two reasons. First and most important, RFC 1035 just does not say that. If the text had referenced RFC 952 instead, it would have been correct, but maybe not so useful. Similarly, if it had said, more or less following 7719, that generally-accepted domain names that identify hosts ("host names") conform to the preferred syntax of RFC 1034 (or 1035) and hence do not include underscores, there would be no problem (if someone wants to take that as proposed text, feel free). Second, as has been discussed many times before in the last decade or two, "legal" is not a good term to use to describe validity or conformance in RFCs. Our standards are voluntary, which makes it hard for them to assign legality or illegality to, in this case, particular bits of syntax. Moreover, the concept of something being legal or illegal implies that, if the latter is discovered, I should be able to call the Protocol Police and have the offending label or its perpetrator arrested. When last I tried, they were not answering their phone or even their email. The IESG has pushed back on that term in the past and should, I believe, be pushing back on it today, regardless or what might have been said in kinder and gentler times. However, I believe that this discussion is, however unintentionally, a distraction from a far more important issue. The way the DNS, and particularly DNS queries, are defined makes the idea of a namespace for all labels starting with "_" very difficult and potentially a source of confusion. While sorting the registry by RRTYPE is an improvement over earlier versions, the correct structure is to have subregistries by RRTYPE, each with whatever keywords (starting with underscore) are appropriate for use with it listed. I do not believe it is appropriate to lose that distinction while we quibble about the language used to describe the syntax of host names. best, john
- [DNSOP] Fwd: New Version Notification for draft-i… Dave Crocker
- Re: [DNSOP] Fwd: New Version Notification for dra… tjw ietf
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Crocker
- Re: [DNSOP] Fwd: New Version Notification for dra… John R. Levine
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Crocker
- Re: [DNSOP] New Version Notification for draft-ie… John R. Levine
- Re: [DNSOP] New Version Notification for draft-ie… P Vix
- Re: [DNSOP] New Version Notification for draft-ie… Dave Crocker
- Re: [DNSOP] New Version Notification for draft-ie… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John C Klensin
- Re: [DNSOP] [art] New Version Notification for dr… Paul Vixie
- Re: [DNSOP] [art] New Version Notification for dr… Paul Vixie
- Re: [DNSOP] [art] redefining SRV, New Version Not… John R. Levine
- Re: [DNSOP] [art] redefining SRV, New Version Not… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… Alexey Melnikov
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] redefining SRV, New Version Not… Ray Bellis
- [DNSOP] Attrleaf _second-Level modifications (was… Dave Crocker
- Re: [DNSOP] Attrleaf _second-Level modifications Ray Bellis
- Re: [DNSOP] [art] New Version Notification for dr… John Levine
- Re: [DNSOP] [art] New Version Notification for dr… Andrew Sullivan
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John R Levine
- Re: [DNSOP] [art] Attrleaf _second-Level modifica… John Levine
- [DNSOP] Another look - draft-ietf-dnsop-attrleaf-… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John R. Levine
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Martin Hoffmann
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Martin Hoffmann
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Kurt Andersen (b)
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- [DNSOP] _openpgpkey & _smimecert (was: Re: [art] … Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Paul Vixie
- [DNSOP] namespace and substring reservations (was… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Ray Bellis
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- [DNSOP] Additional uses of underscore labels (was… Martin Hoffmann
- Re: [DNSOP] Additional uses of underscore labels Dave Crocker
- [DNSOP] End-to-end _underscore arguments (was: Re… Dave Crocker
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Warren Kumari
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Dave Crocker
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Warren Kumari
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John C Klensin
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Adam Roach
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine