IETF Logo Mail Archive

[DNSOP]Re: [IANA #1362913] expert review for draft-ietf-dnsop-dnssec-bootstrapping (dns-parameters)

Paul Wouters <paul@nohats.ca> Fri, 10 May 2024 13:02 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA3EAC1D6208 for <dnsop@ietfa.amsl.com>; Fri, 10 May 2024 06:02:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.431
X-Spam-Level:
X-Spam-Status: No, score=-6.431 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJcApmbqklBw for <dnsop@ietfa.amsl.com>; Fri, 10 May 2024 06:02:08 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C378C1D4CCA for <dnsop@ietf.org>; Fri, 10 May 2024 06:02:02 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4VbTYM6RBDz3DB; Fri, 10 May 2024 15:01:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1715346119; bh=JjZ0L1I3IAKB6iSPSWBfcjjAPt3CHBKgVGDQ4mGv6Tw=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=itWO/ZtDTr2tMXQttsDcGHyTAx2hcfwMHzzxo8ZHc4LjhbGBWM+FO0deu9eCe0g4q oKqh1+JvKbZJJdCdtwlc1iC/XMB8/Ru5z2V4nm1eP2wzSjN3JQlihcVB11JmEKA7p7 pDgX74g99fwr5ryikSZYKc/zcxebNIbrIWHUo05A=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id RH58rYjXBpf2; Fri, 10 May 2024 15:01:58 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 10 May 2024 15:01:58 +0200 (CEST)
Received: from smtpclient.apple (unknown [193.110.157.208]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id C15A011EE01C; Fri, 10 May 2024 09:01:57 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Fri, 10 May 2024 09:01:46 -0400
Message-Id: <23626DA5-CF02-46A8-9C11-EC8A5CF5A8A8@nohats.ca>
References: <0194B743-3C16-4E49-B025-E37747A9D75B@strandkip.nl>
In-Reply-To: <0194B743-3C16-4E49-B025-E37747A9D75B@strandkip.nl>
To: jabley@strandkip.nl
X-Mailer: iPhone Mail (21E236)
Message-ID-Hash: 32GKGAS6D2G7ZO4LIVNO3UCBW7AJXKZD
X-Message-ID-Hash: 32GKGAS6D2G7ZO4LIVNO3UCBW7AJXKZD
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tim Wicinski <tjw.ietf@gmail.com>, "John R. Levine" <johnl@taugh.com>, dnsop@ietf.org, libor.peltan@nic.cz
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP]Re: [IANA #1362913] expert review for draft-ietf-dnsop-dnssec-bootstrapping (dns-parameters)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/pRApBqnoyKRcZggUWnUoaS8T5jw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On May 10, 2024, at 05:36, jabley@strandkip.nl wrote:
> 
> I'm interested in where this guidance comes from.
> 
> RFC 2782 to me is the grandfather of underscore labels, and it pretty much goes out of its way to encourage a hierarchy of underscore labels to anchor SRV records under, e.g. under _tcp.name and _udp.name.

But if you look at more recent RFCs such as TLSA records, it is narrowed to one specific protocol and port, eg _25._tcp.mx.nohats.ca

> I'm not really arguing with conclusion, but I find the guidance vague. If we really think it's important to make clear statements about this, perhaps we should write something down in a document and talk about it. Personally I'm not convinced it's that important, though.

I am not against that but I also feel there is some common sense that applies here. For example, experience has shown TXT record parsing of the APEX can cause lots of noisy logging because the TXT at APEX is used by widely different things that are not aware of each other.

I think _dsboot or _dnssec or _dns would all be better choices and greatly reduce the risk of getting overloaded by something else, and is useful even if overloading is mostly harmless.

Paul

(I also liked the suggestion _dasboot 😀, it’s a great intense movie!)

v2.31.3 | Report a Bug | By Email | System Status