IETF Logo Mail Archive

Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)

Erik Nygren <erik+ietf@nygren.org> Thu, 08 September 2022 16:34 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC79DC1522D8 for <dnsop@ietfa.amsl.com>; Thu, 8 Sep 2022 09:34:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.404
X-Spam-Level:
X-Spam-Status: No, score=-1.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiU8VoRUJtt7 for <dnsop@ietfa.amsl.com>; Thu, 8 Sep 2022 09:34:37 -0700 (PDT)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAB53C152576 for <dnsop@ietf.org>; Thu, 8 Sep 2022 09:34:28 -0700 (PDT)
Received: by mail-pj1-f43.google.com with SMTP id j6-20020a17090a694600b00200bba67dadso3007463pjm.5 for <dnsop@ietf.org>; Thu, 08 Sep 2022 09:34:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=Pj462gbdw3niEyi2Yd6FxYOYWXKWN7bKW2JGUPPoXqo=; b=3gACi2dkoWNTyi9Jmq4JCUH22vaYX76GQCKacZcNQn8dfcgO0dhWDghjl4DlH1FY1A xvByjLiR6SMQgGTSI18Bq1fgMyiQq0XUJrT5n2x4gFxxL6cr/vwtp0mtzGXBgzTwYH8N gAZKQkFT8M74SCq6cLV98xsvg3aFanjglu/jaID9HoiLGcrQW8IAWW7I3tIqjCHxJO5O VA9Jp55EEAIlhSm0yGnrQDbNBbnFU6zrblPP/30tTvvAhIG2RTJRXX0j9NOpkUlL+S6R qNruy7dgzu1Zmmvjhxt9MP2+vMOOAk6c+FpeJos/HUW0Bmx77k2Fo60fMkJwc1g2TnRf eVkg==
X-Gm-Message-State: ACgBeo2FlFKhOoPgyIdjF3Q/Jo81WdyL/2WDQa6QkixRZiFI6Yezd6+E peHVsiwtJIpLmH5LtvQWEg9Jj7PFwsLs/UMu7EItD8nKg9g=
X-Google-Smtp-Source: AA6agR6j8cJeorYMqu3j7Wb0+qnXc3JMA6LUvEC173CgHRE68f0sQ1DT9SbYPoHbwIhvw/TZTBJQMf6aa7EkSMA6tl8=
X-Received: by 2002:a17:902:ec88:b0:175:d8f:44b with SMTP id x8-20020a170902ec8800b001750d8f044bmr9640526plg.84.1662654868070; Thu, 08 Sep 2022 09:34:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAHw9_iJg7yTECPbPvSNxac21My4SqPjMjhYS4tFRWBzFmjkLjg@mail.gmail.com> <CAH1iCipoo2u2h8XtJp8iwrg-bonMC785RehC3bVzbMKaLv+Kpg@mail.gmail.com> <0203FD85-487D-4B64-88BF-818B5BE0BC70@apple.com> <CAHbrMsCZSkakKvnxTsqQ0JmywNAHwVC1DyN0aVJ72sH7fgy6pA@mail.gmail.com> <CAHw9_iLNSnwUyZomkQ49Czhk-evy1Z4LjL7CfVhP7EFvZpBh5A@mail.gmail.com> <Yxk1Iikv8XazQa7o@straasha.imrryr.org> <Yxk7ycs0274UMSSh@straasha.imrryr.org> <0A4F52A8-378F-4222-9E5A-041A82E97C79@icann.org> <CAH1iCiriUcqprYj+LJGoo40o-dRsYyGmOFU_6VWbTXBt8+xnJw@mail.gmail.com> <A222DD8A-517D-4D7C-AB8E-2EEB99FF1C7E@icann.org> <YxoLstfurrWgGZUs@straasha.imrryr.org> <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org>
In-Reply-To: <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Thu, 08 Sep 2022 12:34:16 -0400
Message-ID: <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cba7c405e82d0041"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yDUPUeCmb0n68XSLD9rQGKkQaQo>
Subject: Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2022 16:34:38 -0000

There seem to be two topics:

1) Victor's clarification makes sense, although the wording is a little
awkward and perhaps we can improve that sentence.
    The section was already implying that meaning (ie, that the fallback
addition of the QNAME was for the AliasMode case)
    but clarifying this in a more normative way seems worthwhile and not a
technical change.
    I'd propose we refine this PR and incorporate it as the "clarifying
sentence" that Warren was willing to accept.

2) There is the issue of whether attrleaf labels are valid owner names for
A/AAAA records.
    This document does not seem like the place to land that, and it seems
like it may be open for interpretation
    as different implementations may have interpreted it differently.  If
anything, we might add a non-normative sentence like:

       "Some implementations may not allow A or AAAA records on names
starting with an underscore
        due to various interpretations of RFCs. This could be an
operational issue when the TargetName contains an attrleaf label,
        as well as using an TargetName of "." when the owner name contains
an attrleaf label."

   This wouldn't be a normative change but just an operational warning ---
would this be acceptable to include at this stage?
   Further clarification of this seems worth a draft in its own right since
the existing RFCs are inconsistent
   on this topic and there is room for multiple interpretations, as shown
in some implementations.



On Thu, Sep 8, 2022 at 12:05 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> On Sep 8, 2022, at 8:35 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
> wrote:
> > This is a bug fix, the proposed behaviour makes no sense when $QNAME
> > is the unaltered (attrleaf prefixed) starting point.  The current
> > meaning was not intended.  If the edit can be made without any
> > major process, just a note to the RFC editor, it'll save errata,
> > and possible confusion later.
>
> A technical change made after the IESG review requires, at a minimum,
> another IESG review. The IESG could ask for another IETF review, if they
> want. It's up to Warren, the responsible AD, to decide if that's "major
> process".
>
> --Paul Hoffman
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email