[DNSOP] End-to-end _underscore arguments (was: Re: [art] Another look - draft-ietf-dnsop-attrleaf-05.txt)
Dave Crocker <dhc@dcrocker.net> Wed, 28 March 2018 15:29 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BF53127444 for <dnsop@ietfa.amsl.com>; Wed, 28 Mar 2018 08:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBWCCBGBNxNR for <dnsop@ietfa.amsl.com>; Wed, 28 Mar 2018 08:29:57 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C542120047 for <dnsop@ietf.org>; Wed, 28 Mar 2018 08:29:57 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w2SFVNhk015794 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Wed, 28 Mar 2018 08:31:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1522251083; bh=aS4EbVuDA4LTWo5sK4i7jMLEoexDiMsU2HYWyVuAZ3o=; h=From:Subject:References:Reply-To:To:Date:In-Reply-To:From; b=auvNTV8nLDGyjK6/2gzYYhauA24eyLDzWrrx8/Y633KH38x2F2t1sCUXWB71ip+dz LNtOjxd7oMcE8ICPOOqrimxb7pF4p5H7KhTAb32HkVDY9GUY4lpdOChriHlSc2b8Qs +6STygfou/+l2enCJhK/st8BqK7+G4nK5WmCly24=
From: Dave Crocker <dhc@dcrocker.net>
References: <f7b85bac-b050-5003-2df0-a48b1ef2f929@dcrocker.net> <A7711F58-5145-49E8-9158-B2F94D0EABBF@redbarn.org> <7c168dc1-2ea7-d47e-78b7-0380e5d0aa84@dcrocker.net> <alpine.OSX.2.21.1803211104210.9553@ary.local> <5244d327-f8ea-1590-c663-1d92e0b194c4@dcrocker.net> <5F44FA5B42805C52479DE491@PSB> <alpine.OSX.2.21.1803211507380.9666@dhcp-935d.meeting.ietf.org> <1DF1564CC2B88726B2B54CF4@PSB> <20180326171842.0eacbdc4@smaug.local.partim.de> <667675d4-0ff8-b236-eded-31f795b84af1@dcrocker.net> <20180326175609.497ffb10@smaug.local.partim.de> <348a61bf-fb46-1da8-2222-03d2a25db971@bbiw.net> <3945bb2c-baac-cf5e-ba15-3983f33fd592@bellis.me.uk> <68e68890-a4ba-0dbd-40d0-8bc704936beb@bbiw.net> <10f9a809-8e13-ab35-ca8a-3e340be71197@bellis.me.uk> <a7d34076-f094-bae2-db05-3da9dfc2c6ce@bbiw.net> <2f6a9412-be32-d5fa-fec0-2eede69ed3d7@bellis.me.uk> <f3ccc629-930f-2e45-9694-df16098c1fab@bbiw.net> <65ced29a-c413-946d-b1b3-a564ab04a35e@bellis.me.uk>
X-Priority: 2 (High)
Organization: Brandenburg InternetWorking
Reply-To: dcrocker@bbiw.net
To: dnsop <dnsop@ietf.org>
Message-ID: <de1a424d-d7e5-d326-44cc-a94ba199641f@dcrocker.net>
Date: Wed, 28 Mar 2018 08:29:51 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <65ced29a-c413-946d-b1b3-a564ab04a35e@bellis.me.uk>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jOreY3UIkcLGwoeKHKyNweZuSeI>
Subject: [DNSOP] End-to-end _underscore arguments (was: Re: [art] Another look - draft-ietf-dnsop-attrleaf-05.txt)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2018 15:29:59 -0000
Folks, (long note. couldn't make it shorter...) This has been an unusually challenging journey. None of the recent comments in support of a 'simplifying' view for this registry resonated. Quite the opposite. In effect, it seemed to me as if RR type would be a lookup key, which frankly sounds a bit nuts. OK in theoretical terms, perhaps, but problematic in practical terms, especially since -- given my understanding of what people were saying -- the use of the RR apparently would need to come into the lookup process just below the first underscore name... On the other hand, when a variety of serious, knowledgeable folk support a view, there's an obligation to put serious effort into finding their f'ing pony... It finally occurred to me that the current draft already has language that hints at the essential point that is probably what is actually being made, although it wasn't put there for that purpose or with that intended meaning: A given name defines a specific, constrained context for one or more RR records, in which use of such records MUST conform to the defined constraints. Within this scope, other resource records that are not specified MAY be used. The second sentence is the one with the larger meaning than I'd intended. But the first one sets the larger point, though again, I wasn't seeing it. One purpose of a registry to is prevent or resolve contention between publishers, for whatever is being listed. The other is so that producers and consumers can rendezvous. The current draft's approach to doing the underscore work has focused on regulating domain name labels because, well, that's where the underscore is and it's been the obvious place where there has been no coordination. The draft has been driven by a classic view of registration for a domain name. Domain name registries concern possible contention between different organizations or people wanting a name. So obviously that's what an underscore registry should worry about... The essential point that I was missing was that the domain name is /not/ the contention to worry about, or at least, not much. It's still essential that producers and consumers use the same rules for formulating the names, but that's about documentation and not contention. The potential contention is in use of the RRs under a given name. (That is, after all, the point of the first sentence, quoted above.) Having two different uses of the same RR in the same leaf is explicitly problematic. So in end-to-end terms, the issue is the RR and not the path (name) to it. As long as there is no contention in the production or use of a given RR appearing in a given leaf, then it doesn't matter if there are other actors using the same DNS node names (path) to get to their /other/ RRs. Stated that way, this seems to me pretty obvious, but I really hadn't been seeing it. The 'this' is: The DNS Global Underscore Registry MUST have entries that are unique with respect to the combination of the listed resource record and the listed, global underscore node name (RR, _Node Name). Alas, seeing this doesn't resolve all the issues.... While (typeA, _label1) does not collide with (typeA, _label2), it obviously does collide with some other specification's use of (typeA, _label1). Since permitting multiple services to use the same RR type is the explicit goal, we need procedures that ensure that these independent generators don't generate the same global underscore name. The classic, boring approach to the underscore naming registry that I was taking fixes this problem, by ensuring there is only one controller of a given leaf, even with the simplest name registration FCFS approach. The alternative being proposed does not accomplish this in an obvious way, since the requirement for uniqueness does not hinge on a single table entry value. I think the best way to handle that issue is to make the global underscore registry subject to expert review, with very careful consensus language directing the expert on what to look for/ensure. So... 1. Please comment on the above 2. I've submitted a new draft version based on this highly revised view 3. Besides changes to reflect the above, it also eliminates concern for any lower-level underscore usage: uniqueness is only in terms of the RR and the global (first) underscore node name use. This is a simplifying point that could be argued, to have uniqueness depend on the full sequence of underscore lables, but I think it does not impose a significant burden. 3. The Expert Review is only for this registry entry. Any other issues with the document specifying that entry would be outside of the scope of this review, but might be covered by some other process, such as the existing DNS RR review requirement. 4. I've punted on the details for the URI RR, given some complexities in RFC 6117. If anyone wants to suggest specific text for this, it would be greatly appreciated. 5. There is still a second document needed, to fix the various documents that specify global underscore names, so that these documents are updated to cite the registry. Once things settle down for this main draft, I'll work on that one. Thoughts? d/ ps. Another round of hearty thanks to Ray Bellis for his offlist interactions with me on this, though of course he gets none of the blame for my getting any of this wrong... -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [DNSOP] Fwd: New Version Notification for draft-i… Dave Crocker
- Re: [DNSOP] Fwd: New Version Notification for dra… tjw ietf
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Crocker
- Re: [DNSOP] Fwd: New Version Notification for dra… John R. Levine
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Crocker
- Re: [DNSOP] New Version Notification for draft-ie… John R. Levine
- Re: [DNSOP] New Version Notification for draft-ie… P Vix
- Re: [DNSOP] New Version Notification for draft-ie… Dave Crocker
- Re: [DNSOP] New Version Notification for draft-ie… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John C Klensin
- Re: [DNSOP] [art] New Version Notification for dr… Paul Vixie
- Re: [DNSOP] [art] New Version Notification for dr… Paul Vixie
- Re: [DNSOP] [art] redefining SRV, New Version Not… John R. Levine
- Re: [DNSOP] [art] redefining SRV, New Version Not… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John R. Levine
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… Alexey Melnikov
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] redefining SRV, New Version Not… Ray Bellis
- [DNSOP] Attrleaf _second-Level modifications (was… Dave Crocker
- Re: [DNSOP] Attrleaf _second-Level modifications Ray Bellis
- Re: [DNSOP] [art] New Version Notification for dr… John Levine
- Re: [DNSOP] [art] New Version Notification for dr… Andrew Sullivan
- Re: [DNSOP] [art] New Version Notification for dr… Dave Crocker
- Re: [DNSOP] [art] New Version Notification for dr… John R Levine
- Re: [DNSOP] [art] Attrleaf _second-Level modifica… John Levine
- [DNSOP] Another look - draft-ietf-dnsop-attrleaf-… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John R. Levine
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Martin Hoffmann
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Martin Hoffmann
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Kurt Andersen (b)
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… John C Klensin
- [DNSOP] _openpgpkey & _smimecert (was: Re: [art] … Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Paul Vixie
- [DNSOP] namespace and substring reservations (was… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Ray Bellis
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- [DNSOP] Additional uses of underscore labels (was… Martin Hoffmann
- Re: [DNSOP] Additional uses of underscore labels Dave Crocker
- [DNSOP] End-to-end _underscore arguments (was: Re… Dave Crocker
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Warren Kumari
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Dave Crocker
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Warren Kumari
- Re: [DNSOP] Another look - draft-ietf-dnsop-attrl… Paul Vixie
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John C Klensin
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Adam Roach
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Dave Crocker
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… Paul Vixie
- Re: [DNSOP] [art] Another look - draft-ietf-dnsop… John R. Levine