IETF Logo Mail Archive

Re: [DNSOP] status of the aname and svcb/httpsvc drafts

Dan York <york@isoc.org> Wed, 26 February 2020 22:35 UTC

Return-Path: <york@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A653A0968 for <dnsop@ietfa.amsl.com>; Wed, 26 Feb 2020 14:35:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K640c6tR6UZj for <dnsop@ietfa.amsl.com>; Wed, 26 Feb 2020 14:35:34 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20618.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::618]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55CE3A0967 for <dnsop@ietf.org>; Wed, 26 Feb 2020 14:35:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jm23jrG3Ggs1YM2ejmPw7ltoqDsryDSOJQVsjyhNsOn5LIGeBgaAQaeLbyLEdeON2dKlSf9sCjN3Lz4hN6qegOdTn8ekuNBKYTGzJRDiopMKPOX09ocjUU5KuJBueN4syJ5XPOhq7uzEtUBgnygOlccJPY4Fljj7QRj3HVuNu5ZVignDZnS7YqqXHfwHEMXqim2EjYVwJ4U2Mdtw49VKscvZEU+u2RDqjF8s/AskAmX7fLDPafUfPY1RgJ9oS+Ms2UvZBwT9aFrgnIDSxGboAWvQeYYzdIyNmh25HqH1f1/DeYtUGiWMo+cIshnE7gnuwSkkOP2wKso5RlF2vrG4mQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3zyV1/MhjG3karTPPENuAFA2kPcmNgafbl2/dcqjUtU=; b=avYJQ2ouveSe7F4TiKOL+GUacXVPLB+dTpk2xYCKIaoyd50eOo77wqDvkwN1V4eloeo4YKV0DWNd1H7CSBlt5yhQHWfDZ/gFqEqTigX5aNLAWK2hjzfnMMbmDx0qbQ0iHkgCoweKqwJ8iVVS1qSfiW3qwyELZNsaLSMZzQpO0sXQy6t3kaowMCyJH3l14AliD5H6eatLyk7h7BTcElMhuW1W22QreNsoxAbcFsnRTUfzI0/1v5cF73i6rrjyGQLIjBgDBdkZVA4Kl9QSC/bTz70UPnW5EYOw5UlODKDBwxFxmKZ1vJg+QsybhHHYnEMgenykTtVDf8v5c6BiRvF1eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3zyV1/MhjG3karTPPENuAFA2kPcmNgafbl2/dcqjUtU=; b=0nlHLkV9USaJDDn4+GWpi4YPTTS1puX1sJX6Or13yQdXVVmvN1ZuxqYjvPMjxWCfv7Hfmc+0ar9TsU1rqztI+rSwJennDlJs9+YE5mJWm+yDOd0YoHc8HdFAxCJFAn7sFB5W4yo7ohYzhjG5nX0KqOnWHcI5ImO5blcYG5JagnM=
Received: from BL0PR06MB4530.namprd06.prod.outlook.com (2603:10b6:208:5a::16) by BL0PR06MB5011.namprd06.prod.outlook.com (2603:10b6:208:6e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14; Wed, 26 Feb 2020 22:35:30 +0000
Received: from BL0PR06MB4530.namprd06.prod.outlook.com ([fe80::4100:32c:5ad:2f3e]) by BL0PR06MB4530.namprd06.prod.outlook.com ([fe80::4100:32c:5ad:2f3e%4]) with mapi id 15.20.2772.012; Wed, 26 Feb 2020 22:35:30 +0000
From: Dan York <york@isoc.org>
To: Evan Hunt <each@isc.org>
CC: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>, "Andrew M. Hettinger" <AHettinger@prominic.net>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Thread-Topic: [DNSOP] status of the aname and svcb/httpsvc drafts
Thread-Index: AQHV5m7e7YCCRUonqEqGr6ttc+T7G6ghIOUAgAKh/ICAAOa3gIADQlQAgAATpoCAAnctgIAB2guAgAFGK4CAAEqHAIAAO78A
Date: Wed, 26 Feb 2020 22:35:30 +0000
Message-ID: <4461B348-6C35-421E-B039-ABBA5B578051@isoc.org>
References: <b34f1b0d-fa65-23d4-1b2b-761b965a2aae@knipp.de> <CAG8jCEzO7zrfL5G5CzdJ=c5wipJgqqHfyeA-a3-QjquoyPYgvg@mail.gmail.com> <3ead518d-f166-1c36-c3e9-18aeb355d160@pletterpet.nl> <20200220221517.GA16177@isc.org> <alpine.DEB.2.20.2002222349530.27562@grey.csi.cam.ac.uk> <CAH1iCiq+rOxs9c8zoJhAWbB6-0SP_WC5onF-DrbekwX=8iR49Q@mail.gmail.com> <CA+nkc8Coe8D1ECfrRwRUnzJ3azyJfXXUq3HMy63AL-4SOvmaaw@mail.gmail.com> <OF4062C1E9.B42128F1-ON86258519.006893C9-86258519.00690F29@prominic.net> <f5f17c26-e673-119e-e7aa-bc88f8ef46a3@nic.cz> <20200226190140.GA59757@isc.org>
In-Reply-To: <20200226190140.GA59757@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=york@isoc.org;
x-originating-ip: [2601:198:4100:84b0:35e4:4324:2588:9bd4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a3f8c4ac-d102-4d82-cb51-08d7bb0c2f8e
x-ms-traffictypediagnostic: BL0PR06MB5011:
x-microsoft-antispam-prvs: <BL0PR06MB501138E045E849CA72ECE797B7EA0@BL0PR06MB5011.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0325F6C77B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(39850400004)(376002)(366004)(136003)(199004)(189003)(316002)(66574012)(6506007)(8936002)(81156014)(186003)(8676002)(81166006)(54906003)(2616005)(64756008)(36756003)(33656002)(66556008)(66446008)(76116006)(71200400001)(86362001)(966005)(478600001)(2906002)(6512007)(5660300002)(4326008)(53546011)(6916009)(6486002)(66476007)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR06MB5011; H:BL0PR06MB4530.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iUCoE4velSecUXIiv7vStZNEP0sKX8ztMEYznZDX9Edx48ebRNO3yT729sR8a6u30HlCSObagAJBnfCwT57fe/J9aQBwiPeaSkuHSSY9sE1G1mwn6gRwlLMCc7/glpThSCfpbxH+NzTgidsU4PZnYRJd3Qy2IXhMHPw1jGHeYIQDEftJDpR30FF+vPo1hlBSByvcw+/dpBXHgZPEgkLFziFL7vgaThJPH8fqieGpP0+RLhsQ4OsoTgkLSN8LDkwocq+ol0E+yPQ+XNToHJ6XS87uS1mkY9KhNsA1vdBF5niqWVl65tPVIpPIt09fDttZvxGaazhbzqSTnR6wsBXjqcwK4Tp92bgx7bNQKMh5hGdGoTheuWrjPVJV0gqzRbYocAMBGWqin2Hb2RZ8iQpdR6VRZJcQ6IfDh6RxX0ogfWv9HcGn1Ymnfjy6T7tLAEpbiDhr19ybvEZYIiNzKvgPTkyx5h5vldeLtXA8Bedcy+zik22UAWIQda68iXBDljfMmAP3Kiztt7y3rsuQWUPkXw==
x-ms-exchange-antispam-messagedata: DreYlTR1U62CixXyMenoj5eYBZxdokkjo7JhPzL/xGCPMYJpBZTlZm+0LnP1RACzGGUury6cNu0vvN6wRbs1WpfmDQ0xtUSIzUaUvnEN/K/IbAdh90fQuUCAfGw0/TkLuEsDjwqUjwdEyXpBtmK2bfeYinv+IQsQz7D8rRSkF+HLCFxae92Y/J8lmKU6I8bfV1u6jY/3B8NuFqyi/9mMZQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_4461B3486C35421EB039ABBA5B578051isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: a3f8c4ac-d102-4d82-cb51-08d7bb0c2f8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2020 22:35:30.7104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0xZ4uqfYrEALjhMw2VrF5PbJbjFOOThnc3Kq3RzwsVedbBRFS9v/cQBvI3ubYlgy
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR06MB5011
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tGg2etkow_OXDuyl2KrwKUYrzeA>
Subject: Re: [DNSOP] status of the aname and svcb/httpsvc drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 22:35:39 -0000


On Feb 26, 2020, at 2:01 PM, Evan Hunt <each@isc.org<mailto:each@isc.org>> wrote:

On Wed, Feb 26, 2020 at 03:34:55PM +0100, Vladimír Čunát wrote:
I don't think it's so simple.  The current ANAME draft specifies new
behavior for resolvers, and there I'd expect even slower overall
upgrades/deployment than in browsers.

I agree with this. Browsers often upgrade themselves these days; resolvers
sit for years. (A few years ago there were still BIND 4 instances ticking
away out there.)

Very much agree with this. A few years ago a couple of us wrote a draft about all the pieces of the DNS infrastructure that need to be updated to support a new DNSSEC algorithm: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-06

While a new RR type is obviously different from a crypto algorithm, the “system upgrade” is similar:

- resolvers have to be upgraded to support the new behavior of the ANAME record
- authoritative servers need to upgraded to process the ANAME record
- DNS hosting providers (which can often also be registrars) need to have updated software to allow customers to enter ANAME records
- DNSSEC signing software may need to be updated to sign the ANAME record (section 4.2 in the ANAME draft notes the sibling resolution that must occur before signing)

All of that will take some time, and probably a long time in the case of resolvers and the GUIs of DNS hosting providers.

Now, some element of this will ALSO be true for rolling out the HTTPSVC record, (ex. DNS configuration GUIs) but it may not be quite as challenging as getting resolvers updated. (For example, all the resolvers found in “home routers” distributed by ISPs.)

Which is not to say that we shouldn’t pursue ANAME or other new RR types… we just have to acknowledge that it may be a loooonnnngggg time before the functionality is available to a large number of users.

Dan

v2.23.0 | Report a Bug | By Email