Re: [DNSOP] status of the aname and svcb/httpsvc drafts
Dan York <york@isoc.org> Wed, 26 February 2020 22:35 UTC
Return-Path: <york@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A653A0968 for <dnsop@ietfa.amsl.com>; Wed, 26 Feb 2020 14:35:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K640c6tR6UZj for <dnsop@ietfa.amsl.com>; Wed, 26 Feb 2020 14:35:34 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20618.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::618]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55CE3A0967 for <dnsop@ietf.org>; Wed, 26 Feb 2020 14:35:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jm23jrG3Ggs1YM2ejmPw7ltoqDsryDSOJQVsjyhNsOn5LIGeBgaAQaeLbyLEdeON2dKlSf9sCjN3Lz4hN6qegOdTn8ekuNBKYTGzJRDiopMKPOX09ocjUU5KuJBueN4syJ5XPOhq7uzEtUBgnygOlccJPY4Fljj7QRj3HVuNu5ZVignDZnS7YqqXHfwHEMXqim2EjYVwJ4U2Mdtw49VKscvZEU+u2RDqjF8s/AskAmX7fLDPafUfPY1RgJ9oS+Ms2UvZBwT9aFrgnIDSxGboAWvQeYYzdIyNmh25HqH1f1/DeYtUGiWMo+cIshnE7gnuwSkkOP2wKso5RlF2vrG4mQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3zyV1/MhjG3karTPPENuAFA2kPcmNgafbl2/dcqjUtU=; b=avYJQ2ouveSe7F4TiKOL+GUacXVPLB+dTpk2xYCKIaoyd50eOo77wqDvkwN1V4eloeo4YKV0DWNd1H7CSBlt5yhQHWfDZ/gFqEqTigX5aNLAWK2hjzfnMMbmDx0qbQ0iHkgCoweKqwJ8iVVS1qSfiW3qwyELZNsaLSMZzQpO0sXQy6t3kaowMCyJH3l14AliD5H6eatLyk7h7BTcElMhuW1W22QreNsoxAbcFsnRTUfzI0/1v5cF73i6rrjyGQLIjBgDBdkZVA4Kl9QSC/bTz70UPnW5EYOw5UlODKDBwxFxmKZ1vJg+QsybhHHYnEMgenykTtVDf8v5c6BiRvF1eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3zyV1/MhjG3karTPPENuAFA2kPcmNgafbl2/dcqjUtU=; b=0nlHLkV9USaJDDn4+GWpi4YPTTS1puX1sJX6Or13yQdXVVmvN1ZuxqYjvPMjxWCfv7Hfmc+0ar9TsU1rqztI+rSwJennDlJs9+YE5mJWm+yDOd0YoHc8HdFAxCJFAn7sFB5W4yo7ohYzhjG5nX0KqOnWHcI5ImO5blcYG5JagnM=
Received: from BL0PR06MB4530.namprd06.prod.outlook.com (2603:10b6:208:5a::16) by BL0PR06MB5011.namprd06.prod.outlook.com (2603:10b6:208:6e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14; Wed, 26 Feb 2020 22:35:30 +0000
Received: from BL0PR06MB4530.namprd06.prod.outlook.com ([fe80::4100:32c:5ad:2f3e]) by BL0PR06MB4530.namprd06.prod.outlook.com ([fe80::4100:32c:5ad:2f3e%4]) with mapi id 15.20.2772.012; Wed, 26 Feb 2020 22:35:30 +0000
From: Dan York <york@isoc.org>
To: Evan Hunt <each@isc.org>
CC: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>, "Andrew M. Hettinger" <AHettinger@prominic.net>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Thread-Topic: [DNSOP] status of the aname and svcb/httpsvc drafts
Thread-Index: AQHV5m7e7YCCRUonqEqGr6ttc+T7G6ghIOUAgAKh/ICAAOa3gIADQlQAgAATpoCAAnctgIAB2guAgAFGK4CAAEqHAIAAO78A
Date: Wed, 26 Feb 2020 22:35:30 +0000
Message-ID: <4461B348-6C35-421E-B039-ABBA5B578051@isoc.org>
References: <b34f1b0d-fa65-23d4-1b2b-761b965a2aae@knipp.de> <CAG8jCEzO7zrfL5G5CzdJ=c5wipJgqqHfyeA-a3-QjquoyPYgvg@mail.gmail.com> <3ead518d-f166-1c36-c3e9-18aeb355d160@pletterpet.nl> <20200220221517.GA16177@isc.org> <alpine.DEB.2.20.2002222349530.27562@grey.csi.cam.ac.uk> <CAH1iCiq+rOxs9c8zoJhAWbB6-0SP_WC5onF-DrbekwX=8iR49Q@mail.gmail.com> <CA+nkc8Coe8D1ECfrRwRUnzJ3azyJfXXUq3HMy63AL-4SOvmaaw@mail.gmail.com> <OF4062C1E9.B42128F1-ON86258519.006893C9-86258519.00690F29@prominic.net> <f5f17c26-e673-119e-e7aa-bc88f8ef46a3@nic.cz> <20200226190140.GA59757@isc.org>
In-Reply-To: <20200226190140.GA59757@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=york@isoc.org;
x-originating-ip: [2601:198:4100:84b0:35e4:4324:2588:9bd4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a3f8c4ac-d102-4d82-cb51-08d7bb0c2f8e
x-ms-traffictypediagnostic: BL0PR06MB5011:
x-microsoft-antispam-prvs: <BL0PR06MB501138E045E849CA72ECE797B7EA0@BL0PR06MB5011.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0325F6C77B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(39850400004)(376002)(366004)(136003)(199004)(189003)(316002)(66574012)(6506007)(8936002)(81156014)(186003)(8676002)(81166006)(54906003)(2616005)(64756008)(36756003)(33656002)(66556008)(66446008)(76116006)(71200400001)(86362001)(966005)(478600001)(2906002)(6512007)(5660300002)(4326008)(53546011)(6916009)(6486002)(66476007)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR06MB5011; H:BL0PR06MB4530.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iUCoE4velSecUXIiv7vStZNEP0sKX8ztMEYznZDX9Edx48ebRNO3yT729sR8a6u30HlCSObagAJBnfCwT57fe/J9aQBwiPeaSkuHSSY9sE1G1mwn6gRwlLMCc7/glpThSCfpbxH+NzTgidsU4PZnYRJd3Qy2IXhMHPw1jGHeYIQDEftJDpR30FF+vPo1hlBSByvcw+/dpBXHgZPEgkLFziFL7vgaThJPH8fqieGpP0+RLhsQ4OsoTgkLSN8LDkwocq+ol0E+yPQ+XNToHJ6XS87uS1mkY9KhNsA1vdBF5niqWVl65tPVIpPIt09fDttZvxGaazhbzqSTnR6wsBXjqcwK4Tp92bgx7bNQKMh5hGdGoTheuWrjPVJV0gqzRbYocAMBGWqin2Hb2RZ8iQpdR6VRZJcQ6IfDh6RxX0ogfWv9HcGn1Ymnfjy6T7tLAEpbiDhr19ybvEZYIiNzKvgPTkyx5h5vldeLtXA8Bedcy+zik22UAWIQda68iXBDljfMmAP3Kiztt7y3rsuQWUPkXw==
x-ms-exchange-antispam-messagedata: DreYlTR1U62CixXyMenoj5eYBZxdokkjo7JhPzL/xGCPMYJpBZTlZm+0LnP1RACzGGUury6cNu0vvN6wRbs1WpfmDQ0xtUSIzUaUvnEN/K/IbAdh90fQuUCAfGw0/TkLuEsDjwqUjwdEyXpBtmK2bfeYinv+IQsQz7D8rRSkF+HLCFxae92Y/J8lmKU6I8bfV1u6jY/3B8NuFqyi/9mMZQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_4461B3486C35421EB039ABBA5B578051isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: a3f8c4ac-d102-4d82-cb51-08d7bb0c2f8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2020 22:35:30.7104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0xZ4uqfYrEALjhMw2VrF5PbJbjFOOThnc3Kq3RzwsVedbBRFS9v/cQBvI3ubYlgy
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR06MB5011
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tGg2etkow_OXDuyl2KrwKUYrzeA>
Subject: Re: [DNSOP] status of the aname and svcb/httpsvc drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 22:35:39 -0000
On Feb 26, 2020, at 2:01 PM, Evan Hunt <each@isc.org<mailto:each@isc.org>> wrote: On Wed, Feb 26, 2020 at 03:34:55PM +0100, Vladimír Čunát wrote: I don't think it's so simple. The current ANAME draft specifies new behavior for resolvers, and there I'd expect even slower overall upgrades/deployment than in browsers. I agree with this. Browsers often upgrade themselves these days; resolvers sit for years. (A few years ago there were still BIND 4 instances ticking away out there.) Very much agree with this. A few years ago a couple of us wrote a draft about all the pieces of the DNS infrastructure that need to be updated to support a new DNSSEC algorithm: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-06 While a new RR type is obviously different from a crypto algorithm, the “system upgrade” is similar: - resolvers have to be upgraded to support the new behavior of the ANAME record - authoritative servers need to upgraded to process the ANAME record - DNS hosting providers (which can often also be registrars) need to have updated software to allow customers to enter ANAME records - DNSSEC signing software may need to be updated to sign the ANAME record (section 4.2 in the ANAME draft notes the sibling resolution that must occur before signing) All of that will take some time, and probably a long time in the case of resolvers and the GUIs of DNS hosting providers. Now, some element of this will ALSO be true for rolling out the HTTPSVC record, (ex. DNS configuration GUIs) but it may not be quite as challenging as getting resolvers updated. (For example, all the resolvers found in “home routers” distributed by ISPs.) Which is not to say that we shouldn’t pursue ANAME or other new RR types… we just have to acknowledge that it may be a loooonnnngggg time before the functionality is available to a large number of users. Dan
- [DNSOP] status of the aname and svcb/httpsvc draf… Klaus Malorny
- Re: [DNSOP] status of the aname and svcb/httpsvc … Olli Vanhoja
- Re: [DNSOP] status of the aname and svcb/httpsvc … Eric Orth
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tommy Pauly
- Re: [DNSOP] status of the aname and svcb/httpsvc … Rob Sayre
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tommy Pauly
- Re: [DNSOP] status of the aname and svcb/httpsvc … Warren Kumari
- Re: [DNSOP] status of the aname and svcb/httpsvc … Erik Kline
- Re: [DNSOP] status of the aname and svcb/httpsvc … Erik Nygren
- Re: [DNSOP] status of the aname and svcb/httpsvc … Matthijs Mekking
- Re: [DNSOP] status of the aname and svcb/httpsvc … Klaus Malorny
- Re: [DNSOP] status of the aname and svcb/httpsvc … Shane Kerr
- Re: [DNSOP] status of the aname and svcb/httpsvc … Matthijs Mekking
- Re: [DNSOP] status of the aname and svcb/httpsvc … Evan Hunt
- Re: [DNSOP] status of the aname and svcb/httpsvc … Paul Vixie
- Re: [DNSOP] status of the aname and svcb/httpsvc … Benno Overeinder
- Re: [DNSOP] status of the aname and svcb/httpsvc … Klaus Malorny
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Dan York
- Re: [DNSOP] status of the aname and svcb/httpsvc … Klaus Malorny
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tim Wicinski
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Klaus Malorny
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Erik Nygren
- Re: [DNSOP] status of the aname and svcb/httpsvc … Ben Schwartz
- Re: [DNSOP] status of the aname and svcb/httpsvc … Brian Dickson
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tony Finch
- Re: [DNSOP] status of the aname and svcb/httpsvc … Brian Dickson
- Re: [DNSOP] status of the aname and svcb/httpsvc … Bob Harold
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tony Finch
- Re: [DNSOP] status of the aname and svcb/httpsvc … Andrew M. Hettinger
- Re: [DNSOP] status of the aname and svcb/httpsvc … Joe Abley
- Re: [DNSOP] status of the aname and svcb/httpsvc … Joe Abley
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tony Finch
- Re: [DNSOP] status of the aname and svcb/httpsvc … Evan Hunt
- Re: [DNSOP] status of the aname and svcb/httpsvc … Olli Vanhoja
- Re: [DNSOP] status of the aname and svcb/httpsvc … Lanlan Pan
- Re: [DNSOP] status of the aname and svcb/httpsvc … Paul Vixie
- Re: [DNSOP] status of the aname and svcb/httpsvc … Erik Nygren
- Re: [DNSOP] status of the aname and svcb/httpsvc … Andrew M. Hettinger
- Re: [DNSOP] status of the aname and svcb/httpsvc … Dan York
- Re: [DNSOP] status of the aname and svcb/httpsvc … Joe Abley
- Re: [DNSOP] status of the aname and svcb/httpsvc … Lanlan Pan
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Vladimír Čunát
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tony Finch
- Re: [DNSOP] status of the aname and svcb/httpsvc … Anthony Eden
- Re: [DNSOP] status of the aname and svcb/httpsvc … Matthijs Mekking
- Re: [DNSOP] [External] status of the aname and sv… Andrew M. Hettinger
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tim Wicinski
- Re: [DNSOP] status of the aname and svcb/httpsvc … Tony Finch