IETF Logo Mail Archive

Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)

Erik Nygren <erik+ietf@nygren.org> Thu, 29 September 2022 13:16 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB85C1524CB for <dnsop@ietfa.amsl.com>; Thu, 29 Sep 2022 06:16:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.406
X-Spam-Level:
X-Spam-Status: No, score=-6.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pXtoeQabMEB for <dnsop@ietfa.amsl.com>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F407C1524BF for <dnsop@ietf.org>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
Received: by mail-pg1-f170.google.com with SMTP id q9so1415386pgq.8 for <dnsop@ietf.org>; Thu, 29 Sep 2022 06:16:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=0/QMVwwz6ADQAJ4mG2/jHDpSPzRfhgX1Y0WArWT9FjM=; b=5a3nfbaa+iVdMjVvap2btHppQM4j+mrXUm3ukfFC1aJG8a6lJFPB+fpENSeTZoBkkh ceacOY5Q9YT2v3CVwV3IGfF/hcp9/FurHWWefE0ZqDA9e8tq/QZg0Gj9X93TJRYqE13R qftcr5ir5Jpvxi9H4LGKGCtSw2XJfCnJvQ7XqS+4DWqJ1RYRCtLDOBjrJp1dMS5/cdNg L2fB80lQFo6S4yOpEllp4TsPxpnnJ23auNH/Th+FPLW42KUFtkKFQj/LlkqQV30PlctY tCVV7Bx1oh/He1h7rUvzji2z2cAxaGqCHGawIthdSejN37OczcVmMURuknXcROYZy3W8 A1hQ==
X-Gm-Message-State: ACrzQf0b3LEpo93rjs0qT4FPNWtOzSRj1OW8tiUfwTP5bUmdZUu3r6Tr ZmQfHUaJ4wPIFQKdwaTOPQVT0Tg5jiSdSYVPTcruj+Ev/zg=
X-Google-Smtp-Source: AMsMyM5zbqoAzQG2tbDwHtUfJo4hSJnNrwkBNI1Kg/kOK3/pJuwL1ZKl0LoMYzg2YvdBO060XvdDOpGFMdHHHJCeWmM=
X-Received: by 2002:a63:942:0:b0:43c:428d:16a9 with SMTP id 63-20020a630942000000b0043c428d16a9mr2794173pgj.423.1664457411765; Thu, 29 Sep 2022 06:16:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAHw9_iJg7yTECPbPvSNxac21My4SqPjMjhYS4tFRWBzFmjkLjg@mail.gmail.com> <CAH1iCipoo2u2h8XtJp8iwrg-bonMC785RehC3bVzbMKaLv+Kpg@mail.gmail.com> <0203FD85-487D-4B64-88BF-818B5BE0BC70@apple.com> <CAHbrMsCZSkakKvnxTsqQ0JmywNAHwVC1DyN0aVJ72sH7fgy6pA@mail.gmail.com> <CAHw9_iLNSnwUyZomkQ49Czhk-evy1Z4LjL7CfVhP7EFvZpBh5A@mail.gmail.com> <Yxk1Iikv8XazQa7o@straasha.imrryr.org> <Yxk7ycs0274UMSSh@straasha.imrryr.org> <0A4F52A8-378F-4222-9E5A-041A82E97C79@icann.org> <CAH1iCiriUcqprYj+LJGoo40o-dRsYyGmOFU_6VWbTXBt8+xnJw@mail.gmail.com> <A222DD8A-517D-4D7C-AB8E-2EEB99FF1C7E@icann.org> <YxoLstfurrWgGZUs@straasha.imrryr.org> <11DAF42E-DFDA-49EA-A021-91A6979992E6@icann.org> <CAKC-DJhwHh1UTDOt20wA_1JDYjnpp0chV2fqii3rLhF_nUGzdA@mail.gmail.com> <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com>
In-Reply-To: <CAHw9_iLoJ2ZFAP1vWCrD17_RvEs1LP=MqtzVhyfuHjn9LPmS3w@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Thu, 29 Sep 2022 09:16:40 -0400
Message-ID: <CAKC-DJghdd0JOpsWerAe52P_fAn3T8bweB+kPwuL2jgw-8KhSA@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c5abe805e9d0b03b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zRwibFWjJggpV9BlPsRZicUHb90>
Subject: Re: [DNSOP] [Ext] Questions / concerns with draft-ietf-dnsop-svcb-https (in RFC Editor queue)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 13:16:56 -0000

One item discussed above that the authors would like to clarify is to be
consistent
about whether the alternative endpoint name (TargetName) is a hostname
or a domain name.  In all but one place in the doc we refer to it as a
"domain name"
but there is one reference that calls it a "hostname".

In particular in these current sentences:

1) An "alternative endpoint" is a hostname, port number, and other
associated

2) TargetName: The domain name of either the alias target (for AliasMode)
or the alternative endpoint (for ServiceMode).

3) TargetName is a <domain-name> ({{!RFC1035, Section 5.1}}),

4) In AliasMode, the TargetName will be the name of a domain that resolves
to SVCB,

We'd like to change the first of these to be:

1) An "alternative endpoint" is a domain name, port number, and other
associated

for consistency with the rest.

As this isn't explicitly covered in Warren's summary we thought it worth
checking here as well:
https://mailarchive.ietf.org/arch/msg/dnsop/LhEufm0a8IjoXZ_ck0b9RTSkDTc/

Best, Erik








On Mon, Sep 12, 2022 at 9:51 AM Warren Kumari <warren@kumari.net> wrote:

>
> Hi all,
>
> Firstly, and most importantly, thank y'all for keeping this civil,
> friendly and productive; I really appreciate it.
>
> I've (informally) checked with the IESG on the proposed change in the
> PR and also including Erik's proposed operational note ("Some
> implementations may not allow A or AAAA records on names starting with an
> underscore due to various interpretations of RFCs. This could be an
> operational issue when the TargetName contains an attrleaf label, as well
> as using an TargetName of "." when the owner name contains an attrleaf
> label.") and everyone seems fine with it.
>
> So, I'm ask the authors to cut a new version with these changes in
> (basically, accept the PR and add the proposed text) and I will then email
> the IESG with a diff to get "official" consensus on the change.
>
> Dealing with process exception handling is always stressful, so thanks all
> again for keeping this moving along nicely.
> Also, a reminder that while we *can* make changes after approval (and
> before RFC publication) we really really avoid doing so, and so this should
> only happen under exceptional circumstances[0].
>
> W
>
> [0]: I'm not convinced that this situation rose to the "exceptional
> circumstances" bar, but seeing as I'd already paused it (not knowing what
> all the issues were) and because the changes are clarifications, I'm
> willing to accepting it.
>
> On Thu, Sep 08, 2022 at 12:34 PM, Erik Nygren <erik+ietf@nygren.org>
> wrote:
>
>> There seem to be two topics:
>>
>> 1) Victor's clarification makes sense, although the wording is a little
>> awkward and perhaps we can improve that sentence.
>>     The section was already implying that meaning (ie, that the fallback
>> addition of the QNAME was for the AliasMode case)
>>     but clarifying this in a more normative way seems worthwhile and not
>> a technical change.
>>     I'd propose we refine this PR and incorporate it as the "clarifying
>> sentence" that Warren was willing to accept.
>>
>> 2) There is the issue of whether attrleaf labels are valid owner names
>> for A/AAAA records.
>>     This document does not seem like the place to land that, and it seems
>> like it may be open for interpretation
>>     as different implementations may have interpreted it differently.  If
>> anything, we might add a non-normative sentence like:
>>
>>        "Some implementations may not allow A or AAAA records on names
>> starting with an underscore
>>         due to various interpretations of RFCs. This could be an
>> operational issue when the TargetName contains an attrleaf label,
>>         as well as using an TargetName of "." when the owner name
>> contains an attrleaf label."
>>
>>    This wouldn't be a normative change but just an operational warning
>> --- would this be acceptable to include at this stage?
>>    Further clarification of this seems worth a draft in its own right
>> since the existing RFCs are inconsistent
>>    on this topic and there is room for multiple interpretations, as shown
>> in some implementations.
>>
>>
>>
>> On Thu, Sep 8, 2022 at 12:05 PM Paul Hoffman <paul.hoffman@icann.org>
>> wrote:
>>
>>> On Sep 8, 2022, at 8:35 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
>>> wrote:
>>> > This is a bug fix, the proposed behaviour makes no sense when $QNAME
>>> > is the unaltered (attrleaf prefixed) starting point.  The current
>>> > meaning was not intended.  If the edit can be made without any
>>> > major process, just a note to the RFC editor, it'll save errata,
>>> > and possible confusion later.
>>>
>>> A technical change made after the IESG review requires, at a minimum,
>>> another IESG review. The IESG could ask for another IETF review, if they
>>> want. It's up to Warren, the responsible AD, to decide if that's "major
>>> process".
>>>
>>> --Paul Hoffman
>>>
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>>>
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>
>

v2.23.0 | Report a Bug | By Email