Re: Last Call: <draft-ietf-httpbis-http2-16.txt> (Hypertext Transfer Protocol version 2) to Proposed Standard

Måns Nilsson <mansaxel@besserwisser.org> Sun, 04 January 2015 12:23 UTC

Return-Path: <mansaxel@besserwisser.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04F671A882F for <ietf@ietfa.amsl.com>; Sun, 4 Jan 2015 04:23:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.911
X-Spam-Level:
X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3_mt0QIwgLt for <ietf@ietfa.amsl.com>; Sun, 4 Jan 2015 04:23:14 -0800 (PST)
Received: from jaja.besserwisser.org (jaja.besserwisser.org [192.36.115.55]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0B01A882C for <ietf@ietf.org>; Sun, 4 Jan 2015 04:23:14 -0800 (PST)
Received: by jaja.besserwisser.org (Postfix, from userid 1004) id 89B759D03; Sun, 4 Jan 2015 13:23:11 +0100 (CET)
Date: Sun, 4 Jan 2015 13:23:11 +0100
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: Eliot Lear <lear@cisco.com>
Subject: Re: Last Call: <draft-ietf-httpbis-http2-16.txt> (Hypertext Transfer Protocol version 2) to Proposed Standard
Message-ID: <20150104122310.GF13599@besserwisser.org>
References: <CAK3LatFh3ZU8ACk8grzLA9oCv2qqUHttz2z83b66xKnfs78mRA@mail.gmail.com> <54A7DBFC.8010800@cisco.com> <20150103143226.GC13599@besserwisser.org> <89DB2965-68B1-43D0-BBEB-FF49DB666A6D@frobbit.se> <54A81E9A.1020700@cisco.com> <20150103215310.D533D26FFFCD@rock.dv.isc.org> <54A8F75B.80007@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="L2Brqb15TUChFOBK"
Content-Disposition: inline
In-Reply-To: <54A8F75B.80007@cisco.com>
X-URL: http://vvv.besserwisser.org
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/I_vKwnrBxpTceDP-vRPLV-A0c0I
Cc: Delan Azabani <delan@azabani.com>, ietf@ietf.org, Patrik =?utf-8?B?RsOkbHRzdHLDtm0=?= <paf@frobbit.se>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jan 2015 12:23:23 -0000

Subject: Re: Last Call: <draft-ietf-httpbis-http2-16.txt> (Hypertext Transfer Protocol version 2) to Proposed Standard Date: Sun, Jan 04, 2015 at 09:18:35AM +0100 Quoting Eliot Lear (lear@cisco.com):
> 
> On 1/3/15 10:53 PM, Mark Andrews wrote:
> 
> >
> > SRV doesn't require lots of parallel DNS queries.  I suspect in
> > most cases there would be a single SRV record pointing to the hosting
> > service.  
> 
> Again, a lot of enterprises in particular cut the zone at _tcp, and so
> you can't do authoritative responses in your additional data.

A lot of enterprises do not run even the same operating system or
management software for their internal non-IANA fakeroot systems as the
external one, so one needs to be careful about the source of that data ;-)

However, zone cut does of course not have to mean server change, so,
if we continue at the same usual practice of cutting at _protocol and
then running a separate zone on the same server, the Additional is still
sent with signatures. Test case:

dig _phantasy._sctp.besserwisser.org SRV +dnssec +norec @primary.se

...which returns:

_phantasy._sctp.besserwisser.org. 27 IN	SRV	0 0 4711 some.sub.besserwisser.org.

Name server primary.se holds besserwisser.org, _sctp.besserwisser.org,
sub.besserwisser.org and primary.se. All are signed and the delegations
are secure[0]. Asking for a  SRV record as above returns data from the two
children, the zone for the name server, and implicitly (if this had been
a full-service resolver) DNSKEY and RRSIG materials for besserwisser.org
as well, because they of course are needed to validate the chain from
the SEP.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
The PILLSBURY DOUGHBOY is CRYING for an END to BURT REYNOLDS movies!!

[0] thanks to Holger Zuleggers zkt. Marvellous piece of kit.