Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Brian Dickson <> Sat, 15 May 2021 01:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DB07A3A0DD5 for <>; Fri, 14 May 2021 18:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id edxZbUiwdMyu for <>; Fri, 14 May 2021 18:11:51 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0C5D73A0DD2 for <>; Fri, 14 May 2021 18:11:50 -0700 (PDT)
Received: by with SMTP id j10so799292lfb.12 for <>; Fri, 14 May 2021 18:11:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=s3sBQSIsEw3OKfoLM0I4xFIjdL847djpTtEjromGXHA=; b=UH1E6De4raMEWkuaFCfMzdK0dy1G3gfdJ7Xj/4P5jQ2n384Gsj3ueufJ9L+dnjwXvl GScZH1WGAUe8kqFF3WWgMnmdbyoY62QVfMHYiN0TTVXt/nIrU2csHGCuQ9LfSNlJVkff 0lWKNgarXrf0QMRZdoaObjczBpgThjJNM2eEH1akOI5DpPHlK0bcEm/jUhrxRrhOMSn7 tedRVrDEdjydaIIFzhS8VR6UTYPPcTlqHflc+wb78YQGBnVul1R2/03sZAUhm0wqSDSF 6LFBBg4IFwgmHR31E1A2xmXpT8XnKULATlEdnTCnQx+LnXi7WcSZefPLtc4Tb0WZpyom b2aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=s3sBQSIsEw3OKfoLM0I4xFIjdL847djpTtEjromGXHA=; b=nFlMeIUjZVHdINiJLBLFQK58HbuXbUCNzGT85bqGea0pmCHtSgQbUG1UQcFGelAQyv sLj0mYiWqdvPUCJWotEKI2dlBVd76hMPa2LOsUC2BS9SZaI2lK9hJOD7bNK9t6FdNAig X08oPaC7PUe4BHSejY9iZGnoTjLs/a+CSN2oOvtF6nsCgGDNF3KvNO+ohWMCJAmsFYGv 7FPk8Q79+uU/qQbRoB1sYc74GzY5GDAhgJB5e6DUPkpUhzPlTjDX3jKSPAZvQmPFZxsp dm9i4+rwsER7+6TVebE/VR4JtY3XBdYA1oxHaJNWSRssLv4FLBKeS8L24OHmWGYmP5Yd f5VA==
X-Gm-Message-State: AOAM5329aG5aBTbSjfGoZWNReX2cUDHJj6sXWBr2aRioh3PzncZeok7n svARDaHo/AiNtDlKP1uNI4kzatmDf1MPUkh0BWz08Jk/
X-Google-Smtp-Source: ABdhPJy42yw1k/OeoakhuOrlb7GSkPsREvwRzDJNwRzxtr3TlfdC/qGF6XOOnsWyjAhCgOE0a1BukRrjeNcgb60cTr8=
X-Received: by 2002:a05:6512:1326:: with SMTP id x38mr5707105lfu.62.1621041107683; Fri, 14 May 2021 18:11:47 -0700 (PDT)
MIME-Version: 1.0
References: <> <20210515004716.8726E7D082E@ary.qy>
In-Reply-To: <20210515004716.8726E7D082E@ary.qy>
From: Brian Dickson <>
Date: Fri, 14 May 2021 18:11:35 -0700
Message-ID: <>
To: John Levine <>
Cc: " WG" <>
Content-Type: multipart/alternative; boundary="00000000000063cb6605c2540b3b"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 May 2021 01:11:56 -0000

On Fri, May 14, 2021 at 5:47 PM John Levine <> wrote:

> It appears that Brian Dickson  <> said:
> >I said you weren't going to like it.
> No disagreement there.
> >I think it should be taken as a safe assumption, that for the vast
> majority
> >of end users, they will either be using some kind of UI (good, bad, or
> >ugly) that is (eventually) aware of the relevant RRTYPE(s), or using one
> or
> >more tools that do validation of the zone file (as part of the process of
> >adding new records), or using software for serving the zone(s) which does
> >the necessary checks as part of the start-up or zone-loading process (and
> >prevents illegal stuff, including things like "CNAME and other RRTYPE at
> >same owner name", or "Multiple CNAMEs at same owner name".
> Perhaps, or in a lot of cases, the web hosting provider gives the customer
> the
> DNS records to copy and paste into their DNS provider's console.

While it may not have yet achieved ubiquitous use in the web hosting space,
DomainConnect is a method used by quite a few providers, and supported by a
number of DNS providers.

DomainConnect uses a template mechanism, where the service provider (in
this case, web hosting provider) supplies values that correspond to
variable in the template.

In that particular use case, having a template that has simple encoding
makes the interoperability much more reliable.

The biggest benefit of using a scheme with one key/value pair per line, is
the substitution is dead easy. No escaping or quoting problems.

It isn't necessarily meant to be read by the user, but if they choose, it
is visible.

(The particulars of DomainConnect are basically, the service provider has a
UI thing that takes the user to an auth page for the DNS provider, and
after authenticating, magic happens.)