Re: [DNSOP] [internet-drafts@ietf.org: I-D Action: draft-rescorla-tls-esni-00.txt]

Warren Kumari <warren@kumari.net> Mon, 23 July 2018 01:08 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0EE124BE5 for <dnsop@ietfa.amsl.com>; Sun, 22 Jul 2018 18:08:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pq0V0Ep_yhXO for <dnsop@ietfa.amsl.com>; Sun, 22 Jul 2018 18:08:16 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF80D130DE5 for <dnsop@ietf.org>; Sun, 22 Jul 2018 18:08:15 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id t6-v6so16205003wrn.7 for <dnsop@ietf.org>; Sun, 22 Jul 2018 18:08:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=A+sCHk4+y/TWnnArgLf56OHHnmH03as9psu/FxGtpUQ=; b=XQhzhNgD57/qozCrOL/TGxehvafKIyCdPjNqDnO4TmnL2QJuskPKKBmwSCn7ezS5EL UHw7/F8cGof8ujB+fztXi+adlWoApt4whAXig7BH9qnIOQXUsiMYXYgDkSl60WWTqh9Z EbAoCQoIV0k4vJoXeLZMHGD9u7Z2O1PEW51DVDKqSZhmhdEdTT6QYbLak0YSKhc506Fy sa4YA7PzUJMjaOaNZKDFhOcF6b3W3Qg50/LrAv5/Lnl1S+ntCLrcBHy01LM0S5uQPyIu 5XGZNIXK9vYPOazL67Pidj2Dq65fbKUcRxOET2juSLL300/fMbcyPDdjogBuaIqYYdjB YXJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=A+sCHk4+y/TWnnArgLf56OHHnmH03as9psu/FxGtpUQ=; b=nwafwhIwJ1ddbOPz0iPMcqMYhdHb+8I4EBK8W4XcopkSqYePrRErBPGcS/lXHSRDd/ l87LqA6utAHi2DjzPPm64qjQEASiK3P37Mxh4QJZ3PzJjywJP9aBfW+vfKOemMpIyLtw G+8DEc0Jbk3LMWK7NXWoY6bm4PNgbF0l8K40cuI4RGlG+PlOhhbbodptp08YSuuYPreV W3QZ1Q3edfpcUZjzY0V7ZBqcwacmI4TvAQkzeVOsez6l/zkr4csLE9D4g8otULapIzr/ Sa80Viv3ADwl2Vz2a3aK7thftdHlCvM8FHwK7hI8thEdmiTOUCWiFEfvzhO7m2PII8hF m4Nw==
X-Gm-Message-State: AOUpUlEgYizvpgiwDMrKnLIYbxfXkZMyEgRL7b1D/bryjd5hwkbJmJdM KIYC9svlp66XUtKmTPSy8J5rdjza8GjBPmpFHi+GbkIN
X-Google-Smtp-Source: AAOMgpccKKySfXGjOSEVaFT/GRCQgWu4HoCLstIkGrrnlzS41K+GnocUhCWKjyX+dRRF8vQ5k+oUIL1i6OKAK5JMRFY=
X-Received: by 2002:adf:ad38:: with SMTP id p53-v6mr7290057wrc.10.1532308093872; Sun, 22 Jul 2018 18:08:13 -0700 (PDT)
MIME-Version: 1.0
References: <20180707191900.7jjaxklib3tlixgb@nic.fr> <CAM1xaJ_jcMunvfuqqgoe-5hTSE1t=A4ELWF1j0SBsztoZ_1S=w@mail.gmail.com> <CAOdDvNpWs3_+c3=pdYjxm+UrEfBUawcTKXY4ks0VbuGSts+q7Q@mail.gmail.com> <CADyWQ+HwNsvgs0BnQ3NqnEob6xZrcbmk_qVOX58UCW4rFrmahg@mail.gmail.com> <CAOdDvNq65kGho6oCX=mMw+qebHOqzJq6qJ7kAWdO53wAKeyj2A@mail.gmail.com> <CAM1xaJ8nsqreqBz7f2fG_HOaB6dc5JOS_S9Oxj5pyiOaPiyvsA@mail.gmail.com> <CAOdDvNrMrz0Vx74xued7MrSR1jx5RpBmn1TsWcp-rOmg2H3J8w@mail.gmail.com> <2dba57f3-6ea5-2d6b-f244-a9e4846aa159@bellis.me.uk> <CAHw9_i+twDakNvy7=rhDy+aiJFug9LV9op+ha7EHjv+X9bar1Q@mail.gmail.com>
In-Reply-To: <CAHw9_i+twDakNvy7=rhDy+aiJFug9LV9op+ha7EHjv+X9bar1Q@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Sun, 22 Jul 2018 21:08:02 -0400
Message-ID: <CAHw9_iJnBVizHcDHvLSMK8QeYA1_gD9YwTpeRY-twGcznshHnw@mail.gmail.com>
To: Ray Bellis <ray@bellis.me.uk>
Cc: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009f3bb70571a04737"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TLMRLo10VAZZ9_4jBKTHdGgmaV4>
Subject: Re: [DNSOP] [internet-drafts@ietf.org: I-D Action: draft-rescorla-tls-esni-00.txt]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2018 01:08:19 -0000

On Sun, Jul 22, 2018 at 12:30 PM Warren Kumari <warren@kumari.net> wrote:

> On Thu, Jul 19, 2018 at 3:37 PM Ray Bellis <ray@bellis.me.uk> wrote:
>
>> On 19/07/2018 15:07, Patrick McManus wrote:
>>
>> > Am I correct in saying that what you're getting at is not so much a wire
>> > issue as a convention among configuration and implementations? i.e.
>> > wildcards are synthesized - they aren't actually sent as responses that
>> > clients use in some kind of short-cut kind of way?
>>
>> That's correct - wildcards are expanded on the DNS server, not by the
>> client.
>>
>
> That's true, but there also some more subtly here -- with DNSSEC, the
> server also sends the wildcard label to allow the client to know that this
> happened - this doesn't change the above argument, but is worth knowing...
>

So, I misspoke (or, more truthfully, misremembered!) - it is a bunch more
complicated than that, see
https://tools.ietf.org/html/rfc4592#section-4.7
for what actually happens (and thanks to Ray for calling me on it)
W


> W
>
>
>> FWIW the same issue appears to arise with the current specification for
>> carrying the ALTSVC information as a DNS RR, again because of its use of
>> underscore prefix labels.
>>
>> Ray
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
> --
> I don't think the execution is relevant when it was obviously a bad idea
> in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair of
> pants.
>    ---maf
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf