Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
Erik Nygren <erik+ietf@nygren.org> Thu, 29 September 2022 13:16 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB85C1524CB for <dnsop@ietfa.amsl.com>; Thu, 29 Sep 2022 06:16:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.406
X-Spam-Level:
X-Spam-Status: No, score=-6.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pXtoeQabMEB for <dnsop@ietfa.amsl.com>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F407C1524BF for <dnsop@ietf.org>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
Received: by mail-pg1-f170.google.com with SMTP id q9so1415386pgq.8 for <dnsop@ietf.org>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=0/QMVwwz6ADQAJ4mG2/jHDpSPzRfhgX1Y0WArWT9FjM=; b=5a3nfbaa+iVdMjVvap2btHppQM4j+mrXUm3ukfFC1aJG8a6lJFPB+fpENSeTZoBkkh ceacOY5Q9YT2v3CVwV3IGfF/hcp9/FurHWWefE0ZqDA9e8tq/QZg0Gj9X93TJRYqE13R qftcr5ir5Jpvxi9H4LGKGCtSw2XJfCnJvQ7XqS+4DWqJ1RYRCtLDOBjrJp1dMS5/cdNg L2fB80lQFo6S4yOpEllp4TsPxpnnJ23auNH/Th+FPLW42KUFtkKFQj/LlkqQV30PlctY tCVV7Bx1oh/He1h7rUvzji2z2cAxaGqCHGawIthdSejN37OczcVmMURuknXcROYZy3W8 A1hQ==
X-Gm-Message-State: ACrzQf0b3LEpo93rjs0qT4FPNWtOzSRj1OW8tiUfwTP5bUmdZUu3r6Tr ZmQfHUaJ4wPIFQKdwaTOPQVT0Tg5jiSdSYVPTcruj+Ev/zg=
X-Google-Smtp-Source: AMsMyM5zbqoAzQG2tbDwHtUfJo4hSJnNrwkBNI1Kg/kOK3/pJuwL1ZKl0LoMYzg2YvdBO060XvdDOpGFMdHHHJCeWmM=
X-Received: by 2002:a63:942:0:b0:43c:428d:16a9 with SMTP id 63-20020a630942000000b0043c428d16a9mr2794173pgj.423.1664457411765; Thu, 29 Sep 2022 06:16:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAHw9_iJg7yTECPbPvSNxac21My4SqPjMjhYS4tFRWBzFmjkLjg@mail.gmail.com> <CAH1iCipoo2u2h8XtJp8iwrg-bonMC785RehC3bVzbMKaLv+Kpg@mail.gmail.com> <0203FD85-487D-4B64-88BF-818B5BE0BC70@apple.com> <CAHbrMsCZSkakKvnxTsqQ0JmywNAHwVC1DyN0aVJ72sH7fgy6pA@mail.gmail.com> <CAHw9_iLNSnwUyZomkQ49Czhk-evy1Z4LjL7CfVhP7EFvZpBh5A@mail.gmail.com> <Yxk1Iikv8XazQa7o@straasha.imrryr.org> <Yxk7ycs0274UMSSh@straasha.imrryr.org> <0A4F52A8-378F-4222-9E5A-041A82E97C79@icann.org> <CAH1iCiriUcqprYj+LJGoo40o-dRsYyGmOFU_6VWbTXBt8+xnJw@mail.gmail.com> <A222DD8A-517D-4D7C-AB8E-2EEB99FF1C7E@icann.org> <YxoLstfurrWgGZUs@straasha.imrryr.org> <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org> <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com> <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com>
In-Reply-To: <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Thu, 29 Sep 2022 09:16:40 -0400
Message-ID: <CAKC-DJghdd0JOpsWerAe52P_fAn3T8bweB+kPwuL2jgw-8KhSA@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c5abe805e9d0b03b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zRwibFWjJggpV9BlPsRZicUHb90>
Subject: Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 13:16:56 -0000
One item discussed above that the authors would like to clarify is to be consistent about whether the alternative endpoint name (TargetName) is a hostname or a domain name. In all but one place in the doc we refer to it as a "domain name" but there is one reference that calls it a "hostname". In particular in these current sentences: 1) An "alternative endpoint" is a hostname, port number, and other associated 2) TargetName: The domain name of either the alias target (for AliasMode) or the alternative endpoint (for ServiceMode). 3) TargetName is a <domain-name> ({{!RFC1035, Section 5.1}}), 4) In AliasMode, the TargetName will be the name of a domain that resolves to SVCB, We'd like to change the first of these to be: 1) An "alternative endpoint" is a domain name, port number, and other associated for consistency with the rest. As this isn't explicitly covered in Warren's summary we thought it worth checking here as well: https://mailarchive.ietf.org/arch/msg/dnsop/LhEufm0a8IjoXZ_ck0b9RTSkDTc/ Best, Erik On Mon, Sep 12, 2022 at 9:51 AM Warren Kumari <warren@kumari.net> wrote: > > Hi all, > > Firstly, and most importantly, thank y'all for keeping this civil, > friendly and productive; I really appreciate it. > > I've (informally) checked with the IESG on the proposed change in the > PR and also including Erik's proposed operational note ("Some > implementations may not allow A or AAAA records on names starting with an > underscore due to various interpretations of RFCs. This could be an > operational issue when the TargetName contains an attrleaf label, as well > as using an TargetName of "." when the owner name contains an attrleaf > label.") and everyone seems fine with it. > > So, I'm ask the authors to cut a new version with these changes in > (basically, accept the PR and add the proposed text) and I will then email > the IESG with a diff to get "official" consensus on the change. > > Dealing with process exception handling is always stressful, so thanks all > again for keeping this moving along nicely. > Also, a reminder that while we *can* make changes after approval (and > before RFC publication) we really really avoid doing so, and so this should > only happen under exceptional circumstances[0]. > > W > > [0]: I'm not convinced that this situation rose to the "exceptional > circumstances" bar, but seeing as I'd already paused it (not knowing what > all the issues were) and because the changes are clarifications, I'm > willing to accepting it. > > On Thu, Sep 08, 2022 at 12:34 PM, Erik Nygren <erik+ietf@nygren.org> > wrote: > >> There seem to be two topics: >> >> 1) Victor's clarification makes sense, although the wording is a little >> awkward and perhaps we can improve that sentence. >> The section was already implying that meaning (ie, that the fallback >> addition of the QNAME was for the AliasMode case) >> but clarifying this in a more normative way seems worthwhile and not >> a technical change. >> I'd propose we refine this PR and incorporate it as the "clarifying >> sentence" that Warren was willing to accept. >> >> 2) There is the issue of whether attrleaf labels are valid owner names >> for A/AAAA records. >> This document does not seem like the place to land that, and it seems >> like it may be open for interpretation >> as different implementations may have interpreted it differently. If >> anything, we might add a non-normative sentence like: >> >> "Some implementations may not allow A or AAAA records on names >> starting with an underscore >> due to various interpretations of RFCs. This could be an >> operational issue when the TargetName contains an attrleaf label, >> as well as using an TargetName of "." when the owner name >> contains an attrleaf label." >> >> This wouldn't be a normative change but just an operational warning >> --- would this be acceptable to include at this stage? >> Further clarification of this seems worth a draft in its own right >> since the existing RFCs are inconsistent >> on this topic and there is room for multiple interpretations, as shown >> in some implementations. >> >> >> >> On Thu, Sep 8, 2022 at 12:05 PM Paul Hoffman <paul.hoffman@icann.org> >> wrote: >> >>> On Sep 8, 2022, at 8:35 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> >>> wrote: >>> > This is a bug fix, the proposed behaviour makes no sense when $QNAME >>> > is the unaltered (attrleaf prefixed) starting point. The current >>> > meaning was not intended. If the edit can be made without any >>> > major process, just a note to the RFC editor, it'll save errata, >>> > and possible confusion later. >>> >>> A technical change made after the IESG review requires, at a minimum, >>> another IESG review. The IESG could ask for another IETF review, if they >>> want. It's up to Warren, the responsible AD, to decide if that's "major >>> process". >>> >>> --Paul Hoffman >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >>> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > >
- [DNSOP] Questions / concerns with draft-ietf-dnso… Warren Kumari
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Warren Kumari
- Re: [DNSOP] Questions / concerns with draft-ietf-… Brian Dickson
- Re: [DNSOP] Questions / concerns with draft-ietf-… Stephen Farrell
- Re: [DNSOP] Questions / concerns with draft-ietf-… Martin Thomson
- Re: [DNSOP] Questions / concerns with draft-ietf-… Stephen Farrell
- Re: [DNSOP] Questions / concerns with draft-ietf-… Viktor Dukhovni
- Re: [DNSOP] Questions / concerns with draft-ietf-… Eric Orth
- Re: [DNSOP] Questions / concerns with draft-ietf-… Viktor Dukhovni
- Re: [DNSOP] Questions / concerns with draft-ietf-… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Eric Orth
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Ben Schwartz
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Ben Schwartz
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Tommy Pauly
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Ben Schwartz
- Re: [DNSOP] [Ext] Questions / concerns with draft… Erik Nygren
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Warren Kumari
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- [DNSOP] HSTS on receiving a signed HTTPS record (… Martin Thomson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Warren Kumari
- Re: [DNSOP] Questions / concerns with draft-ietf-… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] HSTS on receiving a signed HTTPS reco… Eric Orth
- Re: [DNSOP] HSTS on receiving a signed HTTPS reco… Brian Dickson
- Re: [DNSOP] HSTS on receiving a signed HTTPS reco… Eric Orth
- Re: [DNSOP] [Ext] Questions / concerns with draft… Tommy Pauly
- Re: [DNSOP] HSTS on receiving a signed HTTPS reco… Ben Schwartz
- Re: [DNSOP] [Ext] Questions / concerns with draft… Ben Schwartz
- Re: [DNSOP] [Ext] Questions / concerns with draft… Warren Kumari
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Martin Thomson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Brian Dickson
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Viktor Dukhovni
- Re: [DNSOP] [Ext] Questions / concerns with draft… Paul Hoffman
- Re: [DNSOP] [Ext] Questions / concerns with draft… Erik Nygren
- Re: [DNSOP] [Ext] Questions / concerns with draft… Warren Kumari
- Re: [DNSOP] [Ext] Questions / concerns with draft… Erik Nygren
- Re: [DNSOP] [Ext] Questions / concerns with draft… Erik Nygren