[DNSOP] Re: Fwd: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-05.txt

John Levine <johnl@taugh.com> Tue, 09 July 2024 22:36 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8979C14F6EC for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2024 15:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="nvEFt6GU"; dkim=pass (2048-bit key) header.d=taugh.com header.b="fQGOxf1N"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cElrP1_Jnjzh for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2024 15:36:20 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0B98C14F6F4 for <dnsop@ietf.org>; Tue, 9 Jul 2024 15:36:19 -0700 (PDT)
Received: (qmail 27339 invoked from network); 9 Jul 2024 22:36:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=6ac9668dbb62.k2407; bh=FegLZdMFnuVOf/SSesGykqdIz73+bAL3IPF7V4cWsy0=; b=nvEFt6GUoKTaA5r4VUJMoFv15K9nsNFovLQbL0gXVOehs8nRXWDzplfp2HhXpd8RLMflx8SbSKdZO9nHERWT/3oSRTAifsmoscKfDjwcZRFwSyVIfrV0ocwOkdQxqOy7jgoj/ODKaXL4bBexbZ89a2IEzS5TMpXha9YPKdlvbJ4nYHQtfU43MzdwwcqkuDnNEWNarwLlhnwh606lTwSVIgnHwZLfbBZYBSuLqDWB75gA/i/ELNN0HKBGUuwrb8C5ixMjxqmSIfrhPyYhjcl3rnzu0wlIkoaw83oivYzyz1Y79NCDuMH5ZoHo7cTsQSn6SXZSNhcWkUn/98Zs8nwLAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=6ac9668dbb62.k2407; bh=FegLZdMFnuVOf/SSesGykqdIz73+bAL3IPF7V4cWsy0=; b=fQGOxf1NUup5wlN8kHymZqsI+mEbgTHjwZyRCaMut8BXHZlkrr1DBiOhrbYADhZyzU1d/drJbZKPCWyM36fZC50TorZ3Se6Szl1rNUFhxbgSXjdIECickKTp+H/3wxrvY0ATODYL+/xtC+NqfyMghvKUAz57rSmsKl7YElf8bl2YQ0RIyC5dPcJCPF3caGhsg1A4c57Ix71lLb2pRuMv2/2YVYbknaH/552bE1iD9CX2F0Kd8a5/z2wNftSpymNlFp5aolKWiocxgmEkhJw49nfZ/41RGSv031FUp6NXKkqwuBmyhdy0X5ATfY2fpRQKaUbHQn1PLlc8wzOZxcVyaw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 09 Jul 2024 22:36:18 -0000
Received: by ary.qy (Postfix, from userid 501) id 9C34B8F46224; Tue, 9 Jul 2024 18:36:17 -0400 (EDT)
Date: Tue, 09 Jul 2024 18:36:17 -0400
Message-Id: <20240709223617.9C34B8F46224@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <1E8C3D2F-0F69-4A4F-B29B-C4EA9A5566F3@verisign.com>
Organization: Taughannock Networks
References: <172047471396.458153.12797163404923712142@dt-datatracker-5f88556585-j5r2h> <CADyWQ+GMHrL2ABd6hMhWujMEO=pDtDXsc3tGDPx72uYqxa4JbQ@mail.gmail.com> <1E8C3D2F-0F69-4A4F-B29B-C4EA9A5566F3@verisign.com>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: 3XFUEFPJICANW4YDQQ6SN4VKNVRBCZQZ
X-Message-ID-Hash: 3XFUEFPJICANW4YDQQ6SN4VKNVRBCZQZ
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dwessels@verisign.com
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-05.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ns-BymfReE359sMUQFAmwyf9yb8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

It appears that Wessels, Duane <dwessels@verisign.com> said:
>> the full response. Not all networks properly transport DNS over TCP
>> and some DNS software mistakenly believe TCP support is optional
>> ([RFC9210]).
>
>I have mixed feelings about this.  While perhaps factually true, I think broken DNS-over-TCP shouldn’t be a reason for
>not lumping validation records together.  There are other valid reasons to avoid that practice and networks with broken
>DNS-over-TCP shouldn’t be coddled.

DNS over TCP works fine and has for a long time. That ship has sailed.

The TXT response for stanford.edu is 3900 bytes, for harvard.edu is
3016, cmu.edu is 3699. If their DNS weren't working, you'd think one
of them would have noticed.

There are reasons not to load up your apex with junk but DNS failure is not one of them.

R's,
John