IETF Logo Mail Archive

Re: [DNSOP] Fundamental ANAME problems

Ray Bellis <ray@bellis.me.uk> Sun, 04 November 2018 07:11 UTC

Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33D20130DF5 for <dnsop@ietfa.amsl.com>; Sun, 4 Nov 2018 00:11:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSgpM66vXmjk for <dnsop@ietfa.amsl.com>; Sun, 4 Nov 2018 00:10:59 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96BB7130DEC for <dnsop@ietf.org>; Sun, 4 Nov 2018 00:10:58 -0700 (PDT)
Received: from dhcp-80c8.meeting.ietf.org ([31.133.128.200]:50640) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1gJCYi-0005Mz-Cc (Exim 4.72) for dnsop@ietf.org (return-path <ray@bellis.me.uk>); Sun, 04 Nov 2018 07:10:56 +0000
To: dnsop@ietf.org
References: <CAH1iCirXYsYB3sAo8f1Jy-q4meLmQAPSFO-7x5idDufdT_unXQ@mail.gmail.com> <CA+nkc8C6yVT62cW5QP-ec2ZT7FY_n48Ecr=CLeE6FS_1duBO8g@mail.gmail.com> <CAJhMdTOwU88BkukodL_zXcK1=JenExX4HL46Zzbw=+btLbDG2A@mail.gmail.com> <20181103193258.GE20885@besserwisser.org> <3E93AE5D-C8AC-496E-85DB-57E6F8E92DF5@frobbit.se>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <00158263-85dd-69ce-5299-13ff4c2411c5@bellis.me.uk>
Date: Sun, 04 Nov 2018 14:10:52 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <3E93AE5D-C8AC-496E-85DB-57E6F8E92DF5@frobbit.se>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/U-qrTORuaaWPBIr_rZ571fXpp0E>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2018 07:11:02 -0000


On 04/11/2018 12:53, Patrik Fältström wrote:
> On 3 Nov 2018, at 23:32, Måns Nilsson wrote:
> 
>> _http._tcp.example.org. IN URI	10 20	"https://example-lb-frontend.hosting.namn.se:8090/path/down/in/filestructure/"
>>
>> We already have this. We need not build a new mechanism.
> 
> +1

-1

What are the semantics of this?

- What appears in the user's UI when the URI record completely replaces 
the site name entered by the user?

- Which domain name is the SSL cert validated against?

- Which domain name appears in the HTTP Host: header?

- What is the HTTP "Origin" of the resultint content,
   and which domain's cookies are accepted / sent?

- What if there's also a URI record for 
'example-lb-frontend.hosting.namn.se' ?

- How do I provision a wildcard record for this?

I see absolutely zero chance of the web community embracing this.

Ray

v2.29.0 | Report a Bug | By Email | System Status