IETF Logo Mail Archive

Re: [DNSOP] [internet-drafts@ietf.org: I-D Action: draft-rescorla-tls-esni-00.txt]

Warren Kumari <warren@kumari.net> Sun, 22 July 2018 16:30 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D7BD130F90 for <dnsop@ietfa.amsl.com>; Sun, 22 Jul 2018 09:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUYioc_EBWuV for <dnsop@ietfa.amsl.com>; Sun, 22 Jul 2018 09:30:45 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBF09130F99 for <dnsop@ietf.org>; Sun, 22 Jul 2018 09:30:44 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id c14-v6so13681040wmb.4 for <dnsop@ietf.org>; Sun, 22 Jul 2018 09:30:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XMddYgzoV1+SSWmWapecJDpB/onZBKmaiw4GJEU09fo=; b=vy7CFG5qzqtIh4dV0RljUcaPd9lchDXcQ5fEh9YjeNcjPwktCpYcZNlpkcKHFslSis q67aNoBIG741cGES05oqcJ5zNTVwqOaZqV2qPry3z45QhRc6Dwj58ROyWI/iTf6NA+V+ wGL1RuCzlzibp2Dz8tOMzT2qe3LHvT6MLyZkNH0bxIVAG+LUmjOssO7DVqEiIACAnfZf cFoN1iQTvFCsnNqFYnbqDQ4ZnI4BVFEjYBvCYbHeqfJ3IdhPAXcwLl0JJT7v4plKaZ0o aaAJ1BJ2KUQjXDnX+3OOwQvZulp+p16uLiX1fQiu8dWi+qNnc71xKtw0z3r6S60Spyx0 GqLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XMddYgzoV1+SSWmWapecJDpB/onZBKmaiw4GJEU09fo=; b=B05ATooQCaXslb6cdO0VFwiosdhXkSqXcoCccMskc8YCQ5ixqt9NDo3ANlsS/ZXYP4 FTTYncEggUq5lq2M7kBkKBR07NMGkUjb/h3WS6dBPs8Y1WXWcBOGbR9znEdQmehvkUb8 1FRR2LTvYYrG0HJuoei4v02Z0TQwAOlZ+i4bgP5JLFcIYE4vqR3XRtokgjzDHrFf47yX L7IPBUkIEBIq0Q+QsAbvf4HXUZ5QJdR98Z0hlGSldBCxZoHNs0MQbyAAfgKw1caoOnH8 LZLNY+P4Qk2XQPoNNRlHsaa1F8w0V03INpZ85v1+hfalkcpyJQaHynGVAa8cHLsvkIKJ OSdg==
X-Gm-Message-State: AOUpUlE+A9K2s3yiS3QrEYmfFUulOtgRdi8s2MqycnOgW/8fHAz8vrSh 5l7J3tdWBLwXi8KZlOq+efzXxRgPMwKBprURJYGWy+4j
X-Google-Smtp-Source: AAOMgpd3oEV8cdfn8cVAra4XRZSOjfiGNk7+vlhDm+diWP4UypGcjsVFhg/cC9WKF7OJi3Ze/ZjZFV4kfY4CzVj/ejs=
X-Received: by 2002:a1c:8b0d:: with SMTP id n13-v6mr5215088wmd.46.1532277042900; Sun, 22 Jul 2018 09:30:42 -0700 (PDT)
MIME-Version: 1.0
References: <20180707191900.7jjaxklib3tlixgb@nic.fr> <CAM1xaJ_jcMunvfuqqgoe-5hTSE1t=A4ELWF1j0SBsztoZ_1S=w@mail.gmail.com> <CAOdDvNpWs3_+c3=pdYjxm+UrEfBUawcTKXY4ks0VbuGSts+q7Q@mail.gmail.com> <CADyWQ+HwNsvgs0BnQ3NqnEob6xZrcbmk_qVOX58UCW4rFrmahg@mail.gmail.com> <CAOdDvNq65kGho6oCX=mMw+qebHOqzJq6qJ7kAWdO53wAKeyj2A@mail.gmail.com> <CAM1xaJ8nsqreqBz7f2fG_HOaB6dc5JOS_S9Oxj5pyiOaPiyvsA@mail.gmail.com> <CAOdDvNrMrz0Vx74xued7MrSR1jx5RpBmn1TsWcp-rOmg2H3J8w@mail.gmail.com> <2dba57f3-6ea5-2d6b-f244-a9e4846aa159@bellis.me.uk>
In-Reply-To: <2dba57f3-6ea5-2d6b-f244-a9e4846aa159@bellis.me.uk>
From: Warren Kumari <warren@kumari.net>
Date: Sun, 22 Jul 2018 12:30:31 -0400
Message-ID: <CAHw9_i+twDakNvy7=rhDy+aiJFug9LV9op+ha7EHjv+X9bar1Q@mail.gmail.com>
To: Ray Bellis <ray@bellis.me.uk>
Cc: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d705720571990cde"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bvIB5FAWbHbjJMvivMjfTs_L8qw>
Subject: Re: [DNSOP] [internet-drafts@ietf.org: I-D Action: draft-rescorla-tls-esni-00.txt]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jul 2018 16:30:48 -0000

On Thu, Jul 19, 2018 at 3:37 PM Ray Bellis <ray@bellis.me.uk> wrote:

> On 19/07/2018 15:07, Patrick McManus wrote:
>
> > Am I correct in saying that what you're getting at is not so much a wire
> > issue as a convention among configuration and implementations? i.e.
> > wildcards are synthesized - they aren't actually sent as responses that
> > clients use in some kind of short-cut kind of way?
>
> That's correct - wildcards are expanded on the DNS server, not by the
> client.
>

That's true, but there also some more subtly here -- with DNSSEC, the
server also sends the wildcard label to allow the client to know that this
happened - this doesn't change the above argument, but is worth knowing...

W


> FWIW the same issue appears to arise with the current specification for
> carrying the ALTSVC information as a DNS RR, again because of its use of
> underscore prefix labels.
>
> Ray
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf

v2.23.0 | Report a Bug | By Email