IETF Logo Mail Archive

Re: [DNSOP] "anything goes" (was Re: Should we try to work on DNS over HTTP in dnsop?)

Tim Wicinski <tjw.ietf@gmail.com> Mon, 21 December 2015 00:34 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381491A6FB2 for <dnsop@ietfa.amsl.com>; Sun, 20 Dec 2015 16:34:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lb2aY7gAXEN9 for <dnsop@ietfa.amsl.com>; Sun, 20 Dec 2015 16:34:56 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 128BD1A6FAE for <dnsop@ietf.org>; Sun, 20 Dec 2015 16:34:56 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id o67so139688482iof.3 for <dnsop@ietf.org>; Sun, 20 Dec 2015 16:34:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=YKaiLh/O6mDJKXGr8FqXx/iozJ/8vmXsA14l2zK3AFY=; b=lFRPYXMl5pBJcgoleFtKWtNMq/I9Cyp/LzmwtGLchsJfzvXdbzhqg6X5XhprgRDp2M bEQbOhGEmrpRW6jpYsZto59T1ecXgLw7DObA6I4UOkMk2GXkMW1PEC7CX0B1CH6aNR99 ecact5qj4GD3cwLzcvok77oxiQRinYthtklfn6JCPbIVzAGKWIuQWogoNtTTZeoR87Mv IT3n0KqaaUNMhtPwDJoUhswfAw2EQ4FuzLFbyM3rzx2ATwJpzX5hQrQ8krTw4nXil10Y vdS07ZHl/BiLvHWhgvc3naAVqKfRQw3S8KKKuFB+lQPLS6E0ofhpIojTW3iP0FIqxqlE p+/g==
X-Received: by 10.107.185.6 with SMTP id j6mr10979322iof.111.1450658095456; Sun, 20 Dec 2015 16:34:55 -0800 (PST)
Received: from still.local ([184.13.114.26]) by smtp.googlemail.com with ESMTPSA id b36sm691885iod.29.2015.12.20.16.34.54 for <dnsop@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Sun, 20 Dec 2015 16:34:54 -0800 (PST)
To: dnsop@ietf.org
References: <20151217020754.6915b71c@pallas.home.time-travellers.org> <20151218180733.GZ3294@mx2.yitter.info> <5676D3B6.6060909@bogus.com> <2356548.sfrx6z2Xr5@linux-85bq.suse>
From: Tim Wicinski <tjw.ietf@gmail.com>
Message-ID: <46932ca1-d5e4-2220-15f8-9c90138d307e@gmail.com>
Date: Sun, 20 Dec 2015 19:34:54 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0a2
MIME-Version: 1.0
In-Reply-To: <2356548.sfrx6z2Xr5@linux-85bq.suse>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/_a1PLe3QulIIX3ENyuDvffHNZoM>
Subject: Re: [DNSOP] "anything goes" (was Re: Should we try to work on DNS over HTTP in dnsop?)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 00:34:57 -0000


On 12/20/15 1:31 PM, Paul Vixie wrote:
> On Sunday, December 20, 2015 08:13:42 AM joel jaeggli wrote:
>
>>
>
>> I think we dramatically better off, if we are willing to critically
>
>> consider the implications of proposals someplace and expose the record
>
>> of that, and I don't have a better location on offer then here.
>
>
>
> i was not trying to stifle discussion. what a wg chair told me was that
> the essence of a dnsop rfc was, "if you're trying to accomplish thing X,
> here's one way to do it." sadly for me, because of the ietf's
> imprimatur, such specifications will be used in industry as if they were
> recommendations.
>
>
>
> in the specific example of edns client subnet, i have previously
> supplied extensive technical argument against the systemic costs of
> expanding the Q-tuple in this way. those arguments did not find
> consensus in the WG, and are not reflected in the draft. see also
> "afasterinetnet.com".
>

the edns-client-subnet is a very specific edge case - it has 
security/privacy issues, it's done poorly, and even the current authors 
want to fix what is there.

In the shepherd document I wrote the following:

	"There are security issues with this version, as raised by
	various people.  They are correct, and the intent is not to
	correct the security flaws with this document, but to describe
	how this option behaves currently.  It is suggested a new
	version will be worked on in a year which addresses the
	security issues, and addresses other issues about this option."

While you are right that such specifications may be used in industry as 
recommendations, having several large vendors deploying something has 
the same effect. My current employer was convinced that client-subnet 
was already a 'standard' and wanted to know why didn't everyone support 
it.  Educating employers have always been the rock some of us push 
uphill every day.

tim

v2.23.0 | Report a Bug | By Email