Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal
Joe Abley <jabley@hopcount.ca> Tue, 10 July 2018 16:34 UTC
Return-Path: <jabley@hopcount.ca>
X-Original-To: driu@ietfa.amsl.com
Delivered-To: driu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9633D13101B for <driu@ietfa.amsl.com>; Tue, 10 Jul 2018 09:34:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvAeiDwy-3lB for <driu@ietfa.amsl.com>; Tue, 10 Jul 2018 09:34:41 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF672131010 for <driu@ietf.org>; Tue, 10 Jul 2018 09:34:40 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 1-v6so17183637ljv.9 for <driu@ietf.org>; Tue, 10 Jul 2018 09:34:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc:content-transfer-encoding; bh=RhOwDeizS2p1sDwMvQJpECvp62XALlw/l7BD48f8O0Q=; b=IyH9v9MEpD3onkQOraCj1qlObMwPrP4rA3G0nIFK5gpGgsOfkOUvMGU8njqdifHky/ 8NT14mdS//rC2adaxFv+A4yWyWfhfWrgAUKtSpeZTpuTsIPIhpeEpJVcK2/j7W+8o2RH Whp9rf5a9MlCekbQJGxQV7Y3GcJBqOuQVVA5E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc:content-transfer-encoding; bh=RhOwDeizS2p1sDwMvQJpECvp62XALlw/l7BD48f8O0Q=; b=UvbG8/DTcm7f0SQ7AkONArqy2ilVHXTGFyR7cp2N8L2wSQBcQWeoCE0/m/4520PfJN fyFr6EIIUaKg6NfFpHWYKx3WXs8v19/yooxLl0jiuEwyknH6YGGNDPSqknyygu2Lom5v hoH2jvhtVXV0Zbfh8lI+3SbdeK3i+TCaZYVghIoczjlEI8BJlC75zePKOjq7qW53RuFU APc+Q3qMDXZxf0aHQOeK5uoIeAdCjiuOrYJtpajhu0m4qwfCj3Rl9L/9DnaxCSyRbmUq OK0BWCsxbI5U4NSQL2v1Bh3nNz7jQ3m0U0YVi6cm3NQ3Eq5PepbhdEhjKKZVVQTCI1wR BeCA==
X-Gm-Message-State: APt69E111Z5yaABKB2AvtD79fnqs3p6qzUYqIwXyJy8BroDygGSDTekj ltPAf2gJv1XVSPd5CY+ervZT8vnyz6ne2EIMGyyDYQ==
X-Google-Smtp-Source: AAOMgper5iC5ciWT5QSOvbIfNf6C6wptrj2+IxkwIumOQxfjmkMTjaAHuYnX5/TaPLQ3dJmbX3RViLPifzrbV9roP5Q=
X-Received: by 2002:a2e:7815:: with SMTP id t21-v6mr9092751ljc.61.1531240479262; Tue, 10 Jul 2018 09:34:39 -0700 (PDT)
Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Tue, 10 Jul 2018 09:34:38 -0700
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <m1fcoe5-0000GuC@stereo.hq.phicoh.net> <alpine.LRH.2.21.1807101056140.5219@bofh.nohats.ca> <4a845808-5348-d6e4-dda2-59aaf0e85c14@nostrum.com> <3DF5A66C-CCBF-4116-A1FC-35CF8E05808B@hopcount.ca> <e1675184-f0bc-670d-3db1-b99a9daf1657@nostrum.com>
In-Reply-To: <e1675184-f0bc-670d-3db1-b99a9daf1657@nostrum.com>
Date: Tue, 10 Jul 2018 09:34:38 -0700
Message-ID: <CAJhMdTOZtOpF_aK-ZzP0DfkDMcAtTKFLdSpKkrSPvP1cOgnOjQ@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: DoH WG <doh@ietf.org>, driu@ietf.org, Philip Homburg <pch-dnsop-3@u-1.phicoh.com>, dnsop@ietf.org, Patrick McManus <pmcmanus@mozilla.com>, Paul Wouters <paul@nohats.ca>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/driu/L2rEG14tIFT7lDkaK_ENhgQQRHE>
Subject: Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal
X-BeenThere: driu@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <driu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/driu>, <mailto:driu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/driu/>
List-Post: <mailto:driu@ietf.org>
List-Help: <mailto:driu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/driu>, <mailto:driu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 16:34:44 -0000
On Jul 10, 2018, at 17:22, Adam Roach <adam@nostrum.com> wrote: > Basically, you're describing a solution space that could be realized as something like: > > <img src="https://example.com/img/f.jpg" ip="192.0.2.1"> Ok, interesting. I would suggest considering a richer scheme that accommodates address families and multiple addresses with priorities, but I see how that kind of thing would allow a client to do so certificate matching and resource retrieval without using the DNS. > But this is really equivalent in just about every important way to sending the normal <img src="https://example.com/img/f.jpg"> along with a pushed DNS record that indicates that "example.com" resolves to "192.0.2.1" -- and this latter thing is (to my understanding, at least) in scope of the conversation that Patrick is proposing to have. My question is why you would involve the DNS at all if all the performance-based resolution decisions can be made without it. You're just adding cost and complexity without benefit. > Note: I'm not saying anything about the trust issues that arise in either case, and I'm not trying to gloss over the need to perform a really careful analysis; Likewise. However, I think DNS protocol advice is probably more useful as input to the analysis if it's clear that the DNS is necessarily involved. Joe
- Re: [Driu] [DNSOP] Resolverless DNS Side Meeting … Patrick McManus
- Re: [Driu] [Doh] Resolverless DNS Side Meeting in… manu tman
- Re: [Driu] [DNSOP] Resolverless DNS Side Meeting … Philip Homburg
- Re: [Driu] [DNSOP] Resolverless DNS Side Meeting … Paul Vixie
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Tim Wicinski
- Re: [Driu] [Doh] Resolverless DNS Side Meeting in… Patrick McManus
- Re: [Driu] [DNSOP] Resolverless DNS Side Meeting … Paul Wouters
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Paul Wouters
- Re: [Driu] Resolverless DNS Side Meeting in Montr… Patrick McManus
- Re: [Driu] Resolverless DNS Side Meeting in Montr… Ted Lemon
- [Driu] Resolverless DNS Side Meeting in Montreal Patrick McManus
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Joe Abley
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Joe Abley
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Ted Lemon
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Joe Abley
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Ted Lemon
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Patrick McManus
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Philip Homburg
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Dave Lawrence
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Joe Abley
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Adam Roach
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Paul Wouters
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Dave Lawrence
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Ryan Sleevi
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Dave Lawrence
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Daniel Kahn Gillmor
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Tony Finch
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Mike Bishop
- Re: [Driu] [DNSOP] [Doh] Resolverless DNS Side Me… Ryan Sleevi
- [Driu] SRV and HTTP Mark Nottingham
- Re: [Driu] [DNSOP] SRV and HTTP Ólafur Guðmundsson
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] [DNSOP] SRV and HTTP Mark Nottingham
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] [DNSOP] SRV and HTTP Dave Lawrence
- Re: [Driu] [DNSOP] SRV and HTTP Dave Lawrence
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] SRV and HTTP - 18:30 Tuesday Mark Nottingham
- Re: [Driu] [DNSOP] SRV and HTTP Patrik Fältström
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Petr Špaček
- Re: [Driu] SRV and HTTP Leif Hedstrom
- Re: [Driu] [DNSOP] SRV and HTTP Patrik Fältström
- Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Me… Mike Bishop
- Re: [Driu] [DNSOP] SRV and HTTP Nico Williams
- Re: [Driu] [Doh] [DNSOP] SRV and HTTP Joseph Lorenzo Hall
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] [DNSOP] SRV and HTTP Nico Williams
- Re: [Driu] [DNSOP] SRV and HTTP Mark Andrews
- Re: [Driu] SRV and HTTP - 18:30 Tuesday (room cha… Mark Nottingham
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Shane Kerr
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Jim Reid
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Tim Wicinski
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Ray Bellis
- Re: [Driu] Resolverless DNS Side Meeting in Montr… Patrick McManus
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Sebastiaan Deckers
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Adam Roach
- Re: [Driu] [Doh] SRV and HTTP - 18:30 Tuesday (ro… Adam Roach