Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt

Hugo Salgado <hsalgado@nic.cl> Mon, 11 April 2022 16:49 UTC

Return-Path: <hsalgado@nic.cl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001923A1606 for <dnsop@ietfa.amsl.com>; Mon, 11 Apr 2022 09:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v3pf3qA5eHF6 for <dnsop@ietfa.amsl.com>; Mon, 11 Apr 2022 09:49:42 -0700 (PDT)
Received: from mail.nic.cl (mail.nic.cl [200.1.123.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 795583A15F1 for <dnsop@ietf.org>; Mon, 11 Apr 2022 09:49:42 -0700 (PDT)
Received: from mail.nic.cl (localhost [127.0.0.1]) by mail.nic.cl (Postfix) with ESMTP id 7201F195D6346; Mon, 11 Apr 2022 12:49:39 -0400 (-04)
Received: from pepino (unknown [IPv6:2800:150:126:65:4a3d:968a:4938:f63c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nic.cl (Postfix) with ESMTPSA id 4C12D195D6328; Mon, 11 Apr 2022 12:49:39 -0400 (-04)
Date: Mon, 11 Apr 2022 12:49:38 -0400
From: Hugo Salgado <hsalgado@nic.cl>
To: Dick Franks <rwfranks@gmail.com>
Cc: Joe Abley <jabley@hopcount.ca>, IETF DNSOP WG <dnsop@ietf.org>, Paul Vixie <paul=40redbarn.org@dmarc.ietf.org>
Message-ID: <20220411164938.GA3640@pepino>
References: <1f62c1db-b9d4-f7d5-fdfa-c298541875d4@redbarn.org> <7155233A-DB48-4CFF-95A2-F48E32088EDB@hopcount.ca> <CAKW6Ri6SNmvqFhRJOLs8fxNCdpWZcAoj4tJPc+hJtyt5o-8w9g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI"
Content-Disposition: inline
In-Reply-To: <CAKW6Ri6SNmvqFhRJOLs8fxNCdpWZcAoj4tJPc+hJtyt5o-8w9g@mail.gmail.com>
X-Virus-Scanned: ClamAV using ClamSMTP on Mon Apr 11 12:49:39 2022 -0400 (-04) (mail.nic.cl)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kF46YuLudpl440VUi_jzROthccU>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-rrserial-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2022 16:49:47 -0000

On 21:24 07/04, Dick Franks wrote:
> On Thu, 7 Apr 2022 at 19:44, Joe Abley <jabley@hopcount.ca> wrote:
> >
> > On Apr 7, 2022, at 21:10, Paul Vixie <paul=40redbarn.org@dmarc.ietf.org> wrote:
> >
> > > but it seems to me you'd be better off with a zero-length option called SERIAL which if set in the query causes the SOA of the answer's zone to be added to the authority section (similar to an RFC 2308 negative proof) and which option would only be echoed in the answer's OPT if the option was supported. you'd want to specify that the SOA in this case is not optional and that its truncation would cause the TC bit to be set.
> >
> > That sounds like a lovely and clean way to do this. I like it.
> >
> 
> This is an excellent idea, requiring trivial client-side support.
> 
> PV did not say so, but I would expect the SOA's RRSIG to be included
> in the response.
> 

The idea of having the complete SOA + RRSIG was proposed before[1]
and were discussed its disadvantages regarding size increase[2], query
amplification[3], authority/additional epistemological grief[4][5]
with changes in processing[6].

I personally believe that the path of including the full SOA is
dangerously close to multi-qtype[7][8], which has historically failed
for various reasons.

Finally, the full SOA prevents us from going down the path of using a
zone versioning other than SOA serial, which allows other
implementations to indicate useful data, as we discussed last week[9].

It is our understanding that the complete SOA path was rejected by the
group, and that the path through the EDNS extension that also allows
other types of versioning data would have greater consensus.

Thanks,

Hugo

[1]: https://mailarchive.ietf.org/arch/msg/dnsop/JMMKO7Q6WfFq25pqMQ5Yjsklywc
[2]: https://mailarchive.ietf.org/arch/msg/dnsop/Oy6DeGp9xiGenV8IsYy3faQbn1A
[3]: https://mailarchive.ietf.org/arch/msg/dnsop/kGTyENBGDnNwR1YOALurQFMNB8g
[4]: https://mailarchive.ietf.org/arch/msg/dnsop/D5ZYnZf-E_TOhZmTLjkaFWxO_P0
[5]: https://mailarchive.ietf.org/arch/msg/dnsop/1F24G6vtreg3q5c5PxEOndXCI68
[6]: https://mailarchive.ietf.org/arch/msg/dnsop/0kynqLc8Ksicv4JDX3opB3nYyfI
[7]: https://mailarchive.ietf.org/arch/msg/dnsop/07ISssrct9IXXyMpOgwGBXUczlw
[8]: https://mailarchive.ietf.org/arch/msg/dnsop/0kynqLc8Ksicv4JDX3opB3nYyfI
[9]: https://mailarchive.ietf.org/arch/msg/dnsop/VGTgsYAPXF_KsHCi2ruNa57QWYU