Re: [DNSOP] Murray Kucherawy's No Objection on draft-ietf-dnsop-nsec3-guidance-08: (with COMMENT)
Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Mon, 16 May 2022 14:15 UTC
Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EFD9C185B26; Mon, 16 May 2022 07:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.957
X-Spam-Level:
X-Spam-Status: No, score=-3.957 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VkKMLo_6XtZ; Mon, 16 May 2022 07:15:18 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2573C180A91; Mon, 16 May 2022 07:15:15 -0700 (PDT)
Received: from [IPV6:2001:1488:fffe:6:254d:255b:b488:9573] (unknown [IPv6:2001:1488:fffe:6:254d:255b:b488:9573]) by mail.nic.cz (Postfix) with ESMTPSA id CF0BF1405A5; Mon, 16 May 2022 16:15:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1652710512; bh=6ma07PMHZvayOWUWg3DJ5RPQzJyfQZmom8vBg7DBCHo=; h=Date:Subject:To:Cc:From:From; b=pqqj2DlEuWpy1q25ZlB8tbBroF5MDPnJMenvt2dZqmgpMN9KcRwm6GUwxqGyGz7se FbjQ4XznH6zVnEXPXXLqiAjeL8ES978E/l47/QTo5dduQe6I4A8tCKioy0Q3he80cA D7AvR0gCuXn2gj4b8RCFLxHPcTsmcTXmhuGBxuAs=
Message-ID: <2520b3f8-d7bb-0dee-ce55-953451e0f168@nic.cz>
Date: Mon, 16 May 2022 16:15:11 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-nsec3-guidance@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, tjw.ietf@gmail.com
References: <165221253037.14194.8564840834151465618@ietfa.amsl.com>
From: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
In-Reply-To: <165221253037.14194.8564840834151465618@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.103.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xTiuWEQ5j-MsPpQWzT4ZhhBJCNI>
Subject: Re: [DNSOP] Murray Kucherawy's No Objection on draft-ietf-dnsop-nsec3-guidance-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2022 14:15:22 -0000
On 10/05/2022 21.55, Murray Kucherawy via Datatracker wrote: > Regarding the SHOULD in Section 3.2, what other action might a resolver > legitimately return, and why? Extended errors (RFC8914) generally aren't "mandatory", so they may return none. In practice I also see quite some leeway in which EDE(s) to return, because there are more complex cases than matching a single one and implementing everything precisely might be very difficult. (For example, one error got encountered and then the resolver retried against with a different RRSIG record or asked a different server and got a different error or none.) > Same question for the SHOULD in Section 4. Here it's a tradeoff, and not all operators/vendors will have exactly the same view. Some are very sensitive about producing "unnecessary" resolution errors (SERVFAILs in this case) and are willing to pay by (possibly) doing more CPU work, etc. --Vladimir | knot-resolver.cz
- [DNSOP] Murray Kucherawy's No Objection on draft-… Murray Kucherawy via Datatracker
- Re: [DNSOP] Murray Kucherawy's No Objection on dr… Vladimír Čunát