Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"?
Mark Andrews <marka@isc.org> Wed, 16 May 2018 00:05 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC29212E8F1 for <dnsop@ietfa.amsl.com>; Tue, 15 May 2018 17:05:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNPiexfRLp4y for <dnsop@ietfa.amsl.com>; Tue, 15 May 2018 17:05:48 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DE6E12E8D8 for <dnsop@ietf.org>; Tue, 15 May 2018 17:05:48 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id DF28C3AB081; Wed, 16 May 2018 00:05:44 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id C42BD160090; Wed, 16 May 2018 00:05:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id AA03216008F; Wed, 16 May 2018 00:05:44 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id P2EHYkOSzBDr; Wed, 16 May 2018 00:05:44 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 948B8160070; Wed, 16 May 2018 00:05:43 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAPt1N1m0NF53EF74peECpV5sMiY7wtQae8isWfF5vmcUzBJ47A@mail.gmail.com>
Date: Wed, 16 May 2018 10:05:39 +1000
Cc: Matthew Pounsett <matt@conundrum.com>, Tony Finch <dot@dotat.at>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <16DE5DAE-CB1F-4A18-A16D-47A907FAAA50@isc.org>
References: <CAHw9_iKPTT686F8piMGJG=ESnioaunJDTKurabvMA6NucqvBow@mail.gmail.com> <alpine.DEB.2.11.1805151043220.1809@grey.csi.cam.ac.uk> <CAPt1N1=ussiww-a_tGJyUxgf7HCGTx-9LCyENSzmjWGP1D=ysQ@mail.gmail.com> <alpine.DEB.2.11.1805151732070.1809@grey.csi.cam.ac.uk> <CAAiTEH_7cndQDvoz24VGaRhCcpS5JkJX7_H68DX1xKk0e9jFCQ@mail.gmail.com> <CAPt1N1m0NF53EF74peECpV5sMiY7wtQae8isWfF5vmcUzBJ47A@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TaCjCuUr_crRyTYXpuM5cYwDeGE>
Subject: Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 00:05:50 -0000
Underscore prefix names are entirely user convention the same way as IN-ADDR.ARPA and IP6.ARPA are user convention. There is NOTHING in resolvers or name servers that treat these names as special in any sort of way what so ever. gethostbyname and getnameinfo just implement the user convention. ksk-sentinel requires validating recursive servers to have different code paths for names that start with these labels. That makes them special. As for nothing breaks if you don’t implement, that is true of most/all names in the special use registry to exactly the same extent as not implementing ksk-sentinel doesn’t break anything. > On 16 May 2018, at 3:24 am, Ted Lemon <mellon@fugue.com> wrote: > > Hm, well, the analogy I was making is that this is essentially a signal to an application, which happens to be a caching name server. "Other name servers treat them as ordinary names" is not a reason not to list a special-use name in the registry. Ideally we want names like this to have as small an implementation footprint as possible. The reason I am objecting to the idea that this is a special-use name is that it doesn't seem fundamentally different to _tcp, aside from the detail of what software happens to consume it. Special-use names do generally require special treatment by the system, even though we hope that the footprint will be as small as possible. Right now entries in the table are either not global names (which doesn't apply here) or are intended for special purposes (e.g., example.com, invalid), or require a protocol other than DNS to resolve (local, onion). > > The case for handling this as a special-use name is that we'd want implementors of naming software to find it in the registry so that they'd know to do it, but I don't think that applies here—the downside to not doing it is that you don't get the new feature, not that something breaks. That's very similar to the downside of not knowing what _tcp means. > > On Tue, May 15, 2018 at 12:39 PM, Matthew Pounsett <matt@conundrum.com> wrote: > > > On 15 May 2018 at 12:34, Tony Finch <dot@dotat.at> wrote: > Ted Lemon <mellon@fugue.com> wrote: > > > It might be useful to compare this to labels like _tcp that appear in SRV > > records and elsewhere. > > The reason for listing a name in the RCF 6761 registry is because it needs > special handling of some kind in DNS software. That isn't the case for the > _underscore names, which (from the DNS point of view) are just ordinary > domain names that have conventional uses in applications. > > I'm going to suggest a modification to your first sentence. The reason for listing a name int he RFC 6761 registry is because it needs special handling of some kind in DNS software that would otherwise be unaware of the special handling required by that name. In this case, the only name servers that need to handle these names specially are the ones implementing the technology.. all other name servers treat them as ordinary names. > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Warren Kumari
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Ólafur Guðmundsson
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Paul Wouters
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Tony Finch
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Ted Lemon
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Matthew Pounsett
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Tony Finch
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Petr Špaček
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Matthew Pounsett
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Ted Lemon
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Mark Andrews
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Paul Vixie
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Tony Finch
- Re: [DNSOP] KSK-Sentinel -- "Walkin' on the SUN"? Peter van Dijk