Re: [DNSOP] draft-ietf-dnsop-refuse-any: points from Richard Gibson
Richard Gibson <rgibson@dyn.com> Wed, 26 July 2017 18:50 UTC
Return-Path: <rgibson@dyn.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF52C131E17 for <dnsop@ietfa.amsl.com>; Wed, 26 Jul 2017 11:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dyn.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BjesjxYs9Cq for <dnsop@ietfa.amsl.com>; Wed, 26 Jul 2017 11:50:46 -0700 (PDT)
Received: from mail-ua0-x245.google.com (mail-ua0-x245.google.com [IPv6:2607:f8b0:400c:c08::245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6CD8131DA5 for <dnsop@ietf.org>; Wed, 26 Jul 2017 11:50:45 -0700 (PDT)
Received: by mail-ua0-x245.google.com with SMTP id k43so87954105uaf.6 for <dnsop@ietf.org>; Wed, 26 Jul 2017 11:50:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dyn.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q6aR+erylrIM7RK9XNNzX6xTcuYnwxWIlx8kvUvs3mw=; b=I20KYUFVuZPnSJdrLUZC2Z0Sfh+5Bw6wNkICJPdnElta7zBsjGgLxiNpvp3VPDJ7CA VnNxhW+jrKFG50Hwktf9K7nZb7fmHb+eMPfK2QQ4RoLKObOcDKXt8YlcXfZwAWaJN5jK oTAYxXw+Zxn4bpPthnHwvOoqzuu8Gd51jlEFg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q6aR+erylrIM7RK9XNNzX6xTcuYnwxWIlx8kvUvs3mw=; b=YjNuSeKTe9NU3V/timnIVrrbVMgz1sv5EiApEb1WfCa80Q1VfWfxxVUhj/XPu9a3N/ SPkDbShF8Q2poulB6tIB6Ki0wMkCpJHH1o2PE/OJoF1loOI6eIoHFVVAORJN6SSjlrK9 5ncTmcxJBIS/06nCgsRKYTjRD1DUh/SOuz8qTrvFZFUCTiHzi8t/m9zlB9djtSaWYH70 l4GXFbI2vwO3bSfiqAKojJr521clIKqiFZRPFbkUmKVZcbN3iZSAY3grwdJT8PTpeArR Ibp1ILjkBPDx2G74e1ZH71IQy/EjTy4MHEeZ1lGwssJA8n9kUYMlpPssN6LvjrfmZrBO PmKg==
X-Gm-Message-State: AIVw112blnIMwyLZRAKyVsoKJLuFxIQH5Ep/DyHQWDeypu6LZZuaKQT+ 1/2Dq/7FYMb1UStxnP2yfaOXqwGZUsgH
X-Received: by 10.176.7.70 with SMTP id h64mr1282691uah.134.1501095044945; Wed, 26 Jul 2017 11:50:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.85.83 with HTTP; Wed, 26 Jul 2017 11:50:24 -0700 (PDT)
In-Reply-To: <2E157D56-EEFB-475A-B122-F85C142E3010@hopcount.ca>
References: <083C34A2-92B9-4A9F-A331-9C38E22417C7@hopcount.ca> <CAC94RYYYrb8AXFhwqW89jh79QvPOTtrK4esupL8YbFToUP3+Aw@mail.gmail.com> <2E157D56-EEFB-475A-B122-F85C142E3010@hopcount.ca>
From: Richard Gibson <rgibson@dyn.com>
Date: Wed, 26 Jul 2017 14:50:24 -0400
Message-ID: <CAC94RYYipYaezJDCb+bGHD3aWoVZuAoqY5kYOPjOovy5o7LKhQ@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c12339aee454505553cec48"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/j6ziHuGPDSAgdUHXhOlsQKtDngI>
Subject: Re: [DNSOP] draft-ietf-dnsop-refuse-any: points from Richard Gibson
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 18:50:51 -0000
On Wed, Jul 26, 2017 at 2:24 PM, Joe Abley <jabley@hopcount.ca> wrote: > > On 26 Jul 2017, at 13:28, Richard Gibson <rgibson@dyn.com> wrote: > > > The need for such a signal also came up recently in > https://tools.ietf.org/html/draft-wkumari-dnsop-multiple- > responses-05#section-10 . But in this case particularly, middleboxes > should be a complete non-issue... anyone expecting QTYPE=ANY passthrough is > already asking for trouble. > > We may be imagining different things by "middlebox" -- I think you're > thinking of a resolver, whereas I'm thinking more broadly about stateful > inspection, firewalls, ALGs, proxies, forwarders, etc. I think there's an > entirely reasonable and observable expectation that QTYPE=ANY passthrough > works in that broader sense. Mark's <https://www.ietf.org/ > proceedings/92/slides/slides-92-dnsop-7.pdf> was an easy-to-find example > of trouble in the real world. > Yes, color me corrected on vocabulary but unconvinced on interference... those slides seem to mostly demonstrate noncompliance by name servers theirselves with respect to EDNS data in queries, whereas the data I'm suggesting would only appear in responses. I will plan to add text to acknowledge the lack of signalling but not to > change the mechanism to introduce any. People should throw rocks if that > seems bad. That works. And I'm all out, so you're safe from me. > 2. Section 4.1 appears to have some errors in grammar and use RFC 2119 > terms, and should be reworded (removals in strikethrough, additions in > bold): > > Strikethrough and bold, eh? OK. :-) Suggestions are good, many thanks! > Ha! I'll use Markdown conventions in the future.
- [DNSOP] draft-ietf-dnsop-refuse-any: points from … Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-refuse-any: points f… Richard Gibson
- Re: [DNSOP] draft-ietf-dnsop-refuse-any: points f… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-refuse-any: points f… Richard Gibson
- Re: [DNSOP] draft-ietf-dnsop-refuse-any: points f… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-refuse-any: points f… Tony Finch