IETF Logo Mail Archive

[DNSOP] Re: [art] Artart Last Call review of draft-ietf-dnsop-structured-dns-error-12

Brian Rosen <br@brianrosen.net> Wed, 23 April 2025 16:15 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 633F32018C84 for <dnsop@mail2.ietf.org>; Wed, 23 Apr 2025 09:15:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=brianrosen.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wytuGJfDeHx3 for <dnsop@mail2.ietf.org>; Wed, 23 Apr 2025 09:15:07 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 135562018C6B for <dnsop@ietf.org>; Wed, 23 Apr 2025 09:15:07 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-47686580529so104461cf.2 for <dnsop@ietf.org>; Wed, 23 Apr 2025 09:15:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen.net; s=google; t=1745424906; x=1746029706; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=P6a/ITeYhAb/QsrCuuOYcdEmjVq4MjYnOEqIAS1GlxY=; b=gvXFCXHF/8U/fer+rJ/LaBn9w1tj1b6tOFLJGGwlrCrDtCSG2dTMMuB2K5CA3Oz4sD r/vIs6yk/95at+/hkc2/eOrKv1EqfFB8AVXXCHpRowgmQNQamM1USWd6PeF3hkNqbCXJ vW7smDGbf9c7TM/2cs2dMFcIuZjvrX6A079EE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745424906; x=1746029706; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P6a/ITeYhAb/QsrCuuOYcdEmjVq4MjYnOEqIAS1GlxY=; b=tjThiinDF4vHqQy3BvQKxRwMxpjmdXgueOUrmtpwY0hyTatOALm5vIXTWHSqWchi++ ILqD/G6yB29Rp21wD8+4Q1smAA/X/HZWgJLb3AD6POGunXUiE3FysuezI+bmRU+K3j2j MoNdyg62eo+3gj5vzsV9ANmPiUPpKYmOdqQUiqsNfIjAZ/Tg9xKkFRZLqsNiU11atV6O Pv7AGZ5GN55ROXQemYXSu50YtU0qDNNgbg9Oi4o2ofXQaSo3KxftzeI8FAKz2wr5OKFV 9QbcV8GFVaQIciBrtfArrKO7oUhVDBDi1LSViIWZENrl9D2wZm7MBQz6axZEb1YOZpFu +MCQ==
X-Forwarded-Encrypted: i=1; AJvYcCUgfQw4I+NGBMKx8AbiF1EUcZK7rZOrwCzlI/DAiTtbrsbb4BIYm58CVeR7oPHoHgcdl8FCFw==@ietf.org
X-Gm-Message-State: AOJu0YxPDZtHEciuEI4GpEQ9vgHZrDOham5bnR4dezbtNCD/ojyx0fro pzOZ5PA84U9EY17krprQSr5GUQpVhFlqGURxYaUdutfuKmi0R/a9tMF1xEjJd+Y=
X-Gm-Gg: ASbGncv5zWXBrCCKGGdj2R2HkL/kvcOsBq4hA3ressSIkeoB3THPbO0woYKur+rW53h w4SFCjAWVMX8ibOLDRyjjVKIslKFeOOkcDk3YYb9C0lL1DEHJv4rJ+pG9jQFZxVTfbw3/xT4RK7 M1SFvFWBFgMXq+e3fOIziVck/4siG0ZmwcSlHn0PV8AUqAO/VlSYXgaKyBQt0s7ICBywgKyMUyf vZ371ARUclNBKczDoPFKS3uViGsV5gLHK/GCBDZIMPHXhJEeVyrsrqeuupNTcz6nY174ssNbPsJ so7fufZvaci+zuqb3ZE/EXgnvjUOqbAgK1E4b9tgBnwhMLuzXMGuz3nXwPlhxA3ThMF7eWMGWO5 L8Et2YdsCbbthu/N9eSjf56PMfrx1JNvP27YE
X-Google-Smtp-Source: AGHT+IE0nwNNzqGPuaRZet20kR6OSeOH25uJ2byy8jdR82eqxWfQai6JXJZfLj92ZHpR/I4XuuZVvg==
X-Received: by 2002:a05:6214:5290:b0:6e8:eabf:fd55 with SMTP id 6a1803df08f44-6f2c46bada8mr331377686d6.39.1745424906274; Wed, 23 Apr 2025 09:15:06 -0700 (PDT)
Received: from smtpclient.apple (dynamic-acs-24-239-212-11.zoominternet.net. [24.239.212.11]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6f2c2c21c61sm71958256d6.109.2025.04.23.09.15.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Apr 2025 09:15:05 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <0144c35a-53cb-47d8-9a8c-19e8ab2a0ef1@alum.mit.edu>
Date: Wed, 23 Apr 2025 12:14:54 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D2129C77-7934-4620-B2C0-7354A0ECF8B4@brianrosen.net>
References: <5a128fd4-d4bc-4d89-a693-114f135cbe4c@alum.mit.edu> <CAFpG3gdQ3jRQPEtc1i8uvz4xznVP-1pDQgJP2cGm_aZ1_j0fog@mail.gmail.com> <0144c35a-53cb-47d8-9a8c-19e8ab2a0ef1@alum.mit.edu>
To: Paul Kyzivat <pkyzivat=40alum.mit.edu@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3826.400.131.1.6)
Message-ID-Hash: R2V5ZLUHALMG2C43MQVP6QRY2ZMQAAVT
X-Message-ID-Hash: R2V5ZLUHALMG2C43MQVP6QRY2ZMQAAVT
X-MailFrom: br@brianrosen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tirumal reddy <kondtir@gmail.com>, art@ietf.org, draft-ietf-dnsop-structured-dns-error.all@ietf.org, last-call@ietf.org, dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [art] Artart Last Call review of draft-ietf-dnsop-structured-dns-error-12
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z1NtztA8mTUcCpwi4JyYO-bemTQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

More follow up:

Paul is correct: most implementations do not use sips, and only use sip.  Many implementations support TLS with sip:.  I would suggest you specify sip or sips and have a note that says sip is only to be used when TLS is supported.

Brian


> On Apr 23, 2025, at 11:22 AM, Paul Kyzivat <pkyzivat=40alum.mit.edu@dmarc.ietf.org> wrote:
> 
> Tiru,
> 
> You have mostly addressed my concerns. I've included a few followup questions below.
> 
> On 4/23/25 1:42 AM, tirumal reddy wrote:
> 
>>    1) NIT: Section 4 - c: (contact)
>>    This allows sips but not sip URIs. Sips is not widely used.
>>    Please consider allowing sip URLs.
>> Allowing "sip" URI introduces security issues, "sips" offers encrypted transport for SIP messages.
> 
> I'm aware of that. Yet, AFAIK sips URIs are rarely used in sip implementations. (They were added to get through the security review for RFC3261.) I think there would often be trouble invoking a sips URI. Also, why isn't there similar concern for the security of mailto?
> 
> But if you think you can't get through a security review with sip then so be it.
> 
>>    3) ISSUE: Section 8 - Extended DNS Error Code
>>    The phrasing here, for both the section title and the content, is odd
>>    and confusing. For clarity and consistency with section 7, I suggest a
>>    title of "New Extended DNS Error Code Definition".
>>    And then the body could start with: "This document defines the
>>    following
>>    new IANA-registered Extended DNS Error Code." The existing text will
>>    then require some tweaking to align with this rephrasing.
>>    And then to avoid confusion, perhaps change the title of section
>>    11.4 to
>>    "New Extended DNS Error Code Registration".
>> No, the section title and its body is consistent with the sections in RFC 8914 defining Extended DNS Error Codes, please see https://datatracker.ietf.org/doc/html/rfc8914#section-4 <https://datatracker.ietf.org/doc/html/rfc8914#section-4>
> 
> OK, I see why you want to phrase these this way. But it doesn't read the same way here as in rfc8914. This is because rfc8914 has comparable definitions as subsections of section 4 titled "Defined Extended DNS Errors", which gives context.
> 
> You could create a similar structure to provide the context. E.g.,
> 
> 8. New Extended DNS Errors
> 
>   This document defines an addition to the EDE codes defined in
>   [RFC8914].
> 
> 8.1 Extended DNS Error Code TBA1 - Blocked by Upstream DNS Server
> 
>   ...
> 
> I realize it looks a little odd to have a section with only one subsection, but it does make the document easier to follow.
> 
>>    6) ISSUE: Section 11.2 - New Registry for Contact URI Scheme
>>    Could you please add some text describing the role and responsibilities
>>    of the Change Controller? What sort of changes are allowed? More than
>>    additions?
>> IETF review is required to update the registry, see https://datatracker.ietf.org/doc/html/rfc8126#section-4.8 <https://datatracker.ietf.org/doc/html/rfc8126#section-4.8>, change controller is IETF.
> 
> I think you are missing my point. I'm looking for a more in-depth definition of the role of "Change Controller". I checked, and this term is currently not used in Domain Name System (DNS) Parameters.
> 
> I just realized that your definitions of new IANA registries fail to specify Registration Procedures, which is required. I think you can achieve what you want by specifying that the Registration Procedure is "IETF Review", "Standards Action", or "IESG Approval". Then you can omit all mention of Change Controller.
> 
>>    7) ISSUE: Section 11.3 - New Registry for DNS SubError Code...
>>    Also, again, could you please add some text describing the role and
>>    responsibilities of the Change Controller? What sort of changes are
>>    allowed? More than additions?
> 
> See above.
> 
> 	Thanks,
> 	Paul
> 
> _______________________________________________
> art mailing list -- art@ietf.org
> To unsubscribe send an email to art-leave@ietf.org

v2.35.0 | Report a Bug | By Email | System Status