Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Paul Wouters <paul@nohats.ca> Thu, 20 May 2021 01:08 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEF123A273C for <dnsop@ietfa.amsl.com>; Wed, 19 May 2021 18:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdvrXUFCy5I6 for <dnsop@ietfa.amsl.com>; Wed, 19 May 2021 18:08:16 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6375F3A2739 for <dnsop@ietf.org>; Wed, 19 May 2021 18:08:16 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4Fls705chlzFNG; Thu, 20 May 2021 03:08:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1621472892; bh=jaQQ93dWbPHZxV3hd45r2ZaNXNy4+jFeQUw9wKWrAyo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=s3xLxCfwxPDPbLdrQ7L/0otQXDCkl7knjqqTWNUSyb0DHw1/bAcYnBkCQHIrBmYbf 7eFclSheeptqWdRT2pRF50dHNnxqYy5m6DF3/tOK3O3cP01SToqgnbHk7QQGCjyP2p tSog2jygc/mJgI2049N90l+ztrVvJ36BwO4RcbLI=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id sQ-dZmz7QnkF; Thu, 20 May 2021 03:08:11 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 20 May 2021 03:08:11 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 294025C6B6; Wed, 19 May 2021 21:08:10 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 228505C6B5; Wed, 19 May 2021 21:08:10 -0400 (EDT)
Date: Wed, 19 May 2021 21:08:10 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Martin Thomson <mt@lowentropy.net>
cc: dnsop@ietf.org
In-Reply-To: <9a138693-60a0-4b75-99f5-6a7544f935a0@www.fastmail.com>
Message-ID: <ac374c21-ee5d-5399-5dc-235b1387cb3@nohats.ca>
References: <7ADF1FB2-97A4-4C49-8F25-8BF03BE01640@hopcount.ca> <CAH1iCipW_-BSMQZ-S+m18pyzfxTGsCrmG9Pc-b35_VRiLhxh4w@mail.gmail.com> <CAHbrMsDvEkYAxee4xjW5LsQmr0PgBf+UmMAuME-_UvRMg4jJeA@mail.gmail.com> <CAH1iCiq4zJZBv5=f7T2EDRWKa7bAZx66SMKkf+AiDsDPTZokhQ@mail.gmail.com> <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com> <CAKC-DJj3nPAZp=qpwjBJ_3yG_EO-q-bcJbaizUNw9uq6deVZjg@mail.gmail.com> <C3734365-D5F7-4F9A-A463-5EFBB841A583@apple.com> <CAH1iCiod61M5aHnF_qrpP6=Oc3nBL+McaSui5NUnLd1GbS=okw@mail.gmail.com> <CAH1iCipcjnHdBcc7VCpLr9rP6vbbTHKYPHtqBkQu_achzpohcg@mail.gmail.com> <D10F7DCD-71AE-4AFC-9835-C9E1F03D831F@icann.org> <CAH1iCiphr71C0MjhP-amR4S5FpDzKc4qkDvsU3qMXhdLNhiwyw@mail.gmail.com> <CAH1iCiqSFk0XP_We+cUfe0xFvmDMusPc3weHxSK-e5CLT6jLwg@mail.gmail.com> <CAKC-DJhH=OK_mraWK1pVEx6a_hiPSPF-KQwd+mDy_2mg_a17CQ@mail.gmail.com> <CAH1iCip=Y0MTh4=ATqWPdWSDot4dmBge96Y-cdL86hk3dk3ddg@mail.gmail.com> <9a138693-60a0-4b75-99f5-6a7544f935a0@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yZic_TIRtPBhkyOx9xscRU4Uk2g>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 01:08:22 -0000

On Thu, 20 May 2021, Martin Thomson wrote:

> I also want to add to what Tommy (P) said about deployment.  We've deployed the current wire format (that's what you get when you assign a codepoint people!)  Changes would have serious implications.

It looks like the early code point was assigned at 2020-06-30, at
draft-ietf-dnsop-svcb-https version 00. I think that might have been
premature, as that is technically at the same time the IETF _starts_
looking at it. This unfortunately makes it appear the IETF was only
to be used to rubberstamp it.

Documents are adopted as a starting point for discuccion, not as the
final code point definition with no wiggle room for change.

Not changing a document when concerns have been raised will have
the possibility of future "serious implications" that would in
fact be, more serious, as then we have an even larger install base
dealing with the problem.

This discussion should be around reasonable and secure wire and
presentation formats, not about "but we already deployed this".
It should surely be taken into account if changing at this point
gives enough benefits, but the idea of changing should not be
dismissed out of hand.

Paul