IETF Logo Mail Archive

[DNSOP]Re: [IANA #1362913] expert review for draft-ietf-dnsop-dnssec-bootstrapping (dns-parameters)

jabley@strandkip.nl Fri, 10 May 2024 09:35 UTC

Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 783B1C14F615 for <dnsop@ietfa.amsl.com>; Fri, 10 May 2024 02:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcbFF5RrF3VP for <dnsop@ietfa.amsl.com>; Fri, 10 May 2024 02:35:28 -0700 (PDT)
Received: from mr85p00im-zteg06022001.me.com (mr85p00im-zteg06022001.me.com [17.58.23.193]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD0E2C14F5F6 for <dnsop@ietf.org>; Fri, 10 May 2024 02:35:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1715333728; bh=Ow/D1f7B4/SqSuqX+fPtwOr3FwOzt3QqJk0M73SfQFI=; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:To; b=Y87fpzCxKUrAYP78LPrfFrxCxxqZ+kBYK3DBXgemelV+10AZeXbyEA4qL9PfrT57z 1CU7FwbWZsJB373D0hHQZ2/HQNmbsv6k8vFcsnjIGv4dIWQlalvkR4HIA8eqgMOcsv CQInKXIDPyb1pYf9SzN4pZHRTUwMoBOImsZaAh9AcPR17hbN01UePyHPJBxe7dasqV +HPH1mgVevIypGetjsCYJQAYzexw4IEWvBd93sNe8IFEjVLRbrnMzLVabj6gbOlkcp O3wIaje0w6eA2lYH/o5OOAD0SyK0kUgnvkiN7Ml40Nwer7N83L0ux73I/wvIgiFmz9 NV8WYmp/AF5Ow==
Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-zteg06022001.me.com (Postfix) with ESMTPSA id 2564F80021B; Fri, 10 May 2024 09:35:26 +0000 (UTC)
From: jabley@strandkip.nl
Message-Id: <0194B743-3C16-4E49-B025-E37747A9D75B@strandkip.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_077352E0-A0F4-4E4E-A941-508E73D15DA1"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Fri, 10 May 2024 11:35:01 +0200
In-Reply-To: <CADyWQ+EUwigV825uW+vKEf6+gpGejBe9U1ZinsfbPH6j-qvGWw@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
References: <f9a72bf1-d09d-414d-a0ff-46cefd9907cd@nic.cz> <20240508200231.777E18A4DCA6@ary.qy> <CADyWQ+EUwigV825uW+vKEf6+gpGejBe9U1ZinsfbPH6j-qvGWw@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-Proofpoint-GUID: OOM5Td1gIUS3vSjVhsIZ5-3TVBmM1JjI
X-Proofpoint-ORIG-GUID: OOM5Td1gIUS3vSjVhsIZ5-3TVBmM1JjI
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.11.176.26 definitions=2024-05-10_06,2024-05-10_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 clxscore=1030 spamscore=0 bulkscore=0 malwarescore=0 phishscore=0 adultscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2405100069
Message-ID-Hash: CFY6CPMCAC4FTYKJAFSHBW5Y27T72CKR
X-Message-ID-Hash: CFY6CPMCAC4FTYKJAFSHBW5Y27T72CKR
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "John R. Levine" <johnl@taugh.com>, dnsop@ietf.org, libor.peltan@nic.cz
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP]Re: [IANA #1362913] expert review for draft-ietf-dnsop-dnssec-bootstrapping (dns-parameters)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Y2sFNm-2Odyt21IdKJ1HYMr5tss>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi Tim,

On May 10, 2024, at 04:29, Tim Wicinski <tjw.ietf@gmail.com> wrote:

> I wrote a note to Peter and his co-author on this discussion and we(chairs) feel that Paul W is correct in saying _signal is too generic. 
> 
> We should not overload any underscore label for multiple purposes.  If another type of operator signalling appears, a new label can be acquired.

I'm interested in where this guidance comes from.

RFC 2782 to me is the grandfather of underscore labels, and it pretty much goes out of its way to encourage a hierarchy of underscore labels to anchor SRV records under, e.g. under _tcp.name and _udp.name.

You could argue that those are not multiple purposes (everything under _tcp is TCP, after all) but it feels like the same argument could be made for _signal.

> Being specific in this situation is a *good* thing.

How is

_purpose1._concept.name ...
_purpose2._concept.name ...

less specific than

_purpose1_concept.name ...
_purpose2_concept.name ... ?

> Additionally in the Domain Verification Techniques document, there is a recommended approach to use application-specific underscore prefix labels
> 
> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-04.html#name-scope-indication

I'm struggling slightly to see how the advice in that document applies, here. I realise underscore labels are used in both cases, but in the domain validation case we are trying to avoid collisions in the absence of a registry. That's not our situation, here.

I'm not really arguing with conclusion, but I find the guidance vague. If we really think it's important to make clear statements about this, perhaps we should write something down in a document and talk about it. Personally I'm not convinced it's that important, though.


Joe

v2.31.3 | Report a Bug | By Email | System Status