Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt

Warren Kumari <warren@kumari.net> Wed, 31 January 2018 00:30 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7779912EB59 for <dnsop@ietfa.amsl.com>; Tue, 30 Jan 2018 16:30:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkZN7FayzNiR for <dnsop@ietfa.amsl.com>; Tue, 30 Jan 2018 16:30:18 -0800 (PST)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C3512DFDB for <dnsop@ietf.org>; Tue, 30 Jan 2018 16:30:17 -0800 (PST)
Received: by mail-wm0-x236.google.com with SMTP id t74so4706848wme.3 for <dnsop@ietf.org>; Tue, 30 Jan 2018 16:30:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2X8Eb+4Qs1Uwfvc3QiNGWaj1/16bosMPkOO9iT8rIko=; b=oip7y+VwhVRVVFdsMN6bHOWsd7acAVrijXJFrcZngpbvMkST//BRZjVelSDaF70y5E VxX7iZVVhJymvjyTt1+XG+g+QMht+b7+mJes6ph2zs8Jt4D7u9M2q4lS7ocyMmVg63d8 5cvwP0+atul17gWbTOxWIP6Hf7wcvYSNmGJktf/+NY3a4XdHoC9nVHYr+xmRHy4Lm9Im uAiyllo/fGrkrvorsvtqY3sur0s1azJJ4CqUvaIVJONHwQ8udaEfKzzar0yFYeKCyESo MZbNfBjK48mAARxARsXfsKHmvbSkuwt8IUSa7XKnnTMQ39ULOxnGjqlE8xLdHP2YO2BP GgsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2X8Eb+4Qs1Uwfvc3QiNGWaj1/16bosMPkOO9iT8rIko=; b=M4s8loqLk1VRKEwCUZwqGoj0QM8PmXu8exCegvNenkIGN3lk0JjgNePiRtQKPIRFIV oKYyoFrPaXRwD3JYVSGHDUPv9+axitG0jSYlPgDvnMxrrgTF3gXGB9aml5+KxJYbqubj hh6TQeA5EteZ8gXR0og2UtQYtzYygYbTwr1UW7WGCcC8AyBybloN3ESPGWp/3A4f8KwF SllXpaIxkVVmCZhYSqVj9B/Tj8ebT+vZas4Y1QYinoTnLsvvgsjqi6cGh4CWsp9Z6q9x FgN583AKNN/jGODv/EXbMfEtaqvQ0WTWvSPVmsy03eqbkvI4+QAZBHzUcszoTXlVRarv qsQw==
X-Gm-Message-State: AKwxytfeospbF+mFubS+Aeo79UeVCXZZCZAbyRQJl3SnwaUQiqWmohuX SJF1V3DpPX0/CfAWFAujVWb4x/uz5yt9GbKJxjFGZEet
X-Google-Smtp-Source: AH8x225NEgUemR30uBjhj1y3w+tB6tHn+DPXzxC6kafwTAMw+a968QpTL4R/a5hZ36WHRLJvnetq+1rjBsrx48wJfHQ=
X-Received: by 10.28.184.82 with SMTP id i79mr22218008wmf.6.1517358615940; Tue, 30 Jan 2018 16:30:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.152.242 with HTTP; Tue, 30 Jan 2018 16:29:35 -0800 (PST)
In-Reply-To: <CAKr6gn0LSjtJL_zci1i=aUYq6bd7vDos_QfiEiS=W0kygXS_MQ@mail.gmail.com>
References: <151062636258.5917.14497839377888768972@ietfa.amsl.com> <20180128080134.24987d69@titan.int.futz.org> <CAHw9_iLDid5-3JJ5gffdsR_PMCAEwwxB3i7ORLiBVtKwmt0khQ@mail.gmail.com> <20180129233755.3697ee79@grisu.home.partim.org> <20180130152459.GE18485@mx4.yitter.info> <9787FD03-4E91-46DC-92E0-85513D6A9B40@hopcount.ca> <20180130185128.GI19193@mx4.yitter.info> <CAKr6gn0LSjtJL_zci1i=aUYq6bd7vDos_QfiEiS=W0kygXS_MQ@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 30 Jan 2018 19:29:35 -0500
Message-ID: <CAHw9_iJObyd4KPL9BsnARDCf-qaS_eYCMuWnn0SV+10OeYzgoQ@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
Cc: Andrew Sullivan <ajs@anvilwalrusden.com>, dnsop WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/d06CpW5hsQzn526Mx91hn4BP56I>
Subject: Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2018 00:30:20 -0000

On Tue, Jan 30, 2018 at 6:44 PM, George Michaelson <ggm@algebras.org> wrote:
> I think we're rat holing. I'm not an author on this draft, but I know
> them both, and I work with one, and I believe the draft is basically
> in the right space and .. well.. we're rat holing.
>
> So, noting my disclaimer of bias, can we .. move on? Is there real
> matters of substance left on this one? It feels like its close.

There is one matter of substance (but, IMO, very minor substance!) --
the original document said that the names are of the form:
_is-ta-[key].example.com
_not-ta-[key].example.com

This works, but some implementations really don't like having A/AAA
records for names which start with an underscore... So, we are
proposing to use instead:
xm--is-ta-[key].example.com
xm--not-ta-[key].example.com

Why XM--? Well, we wanted some sort of identifier (that isn't an
underscore), and XM-- felt "similar" to XN--. A quick look through the
.com and .net zonefiles didn't show any collisions (yes, I realize
that this is a tiny slice of the namespace, but it was quick and
easy), nor did looking in various passive-dns and similar places.

For folk who would like try this, I have a PoC / toy implementation at
https://www.ksk-test.net  - note that this uses JS and I'm *so* not a
JavaScript programmer. It works on the browsers that I tested, that's
all I'll commit to :-)

The document could really benefit from a better introduction /
explanation of how this will be used (similar to my earlier
conversational description) and integrating the comments received.
The authors intend to publish this soon.

W


>
> -G
>
> On Wed, Jan 31, 2018 at 4:51 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
>> On Tue, Jan 30, 2018 at 10:42:15AM -0500, Joe Abley wrote:
>>>
>>> I realise that the following is not what anybody means in this thread
>>
>> Hmm.  Actually, I wasn't sure :-)
>>
>>> I probably missed some. Anyway, I think when people are saying "address record" here they actually mean "IP address record".
>>>
>>
>> We should probably say that, then, and also of course we should fix
>> the poor text in the teminology document to point this out.
>>
>> A
>>
>> --
>> Andrew Sullivan
>> ajs@anvilwalrusden.com
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf