Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

Nico Williams <nico@cryptonector.com> Thu, 26 February 2015 16:41 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 559E91A0218 for <ietf@ietfa.amsl.com>; Thu, 26 Feb 2015 08:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNYu76O2PQqa for <ietf@ietfa.amsl.com>; Thu, 26 Feb 2015 08:41:55 -0800 (PST)
Received: from homiemail-a85.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 8394F1A0171 for <ietf@ietf.org>; Thu, 26 Feb 2015 08:41:55 -0800 (PST)
Received: from homiemail-a85.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTP id 2BC54BBA06A; Thu, 26 Feb 2015 08:41:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=CXUg1pC/US6ODR GVKLrVNOI7fjQ=; b=xNf+itvrygGN8swwxSO8Qw4mdqWrEHu4X1a5sneWaXs9xc wro2zl4zEZfYs9JpBcYml+DGlIdr5g1HyQy0zEMtIYp8BVYuJYmNPWUi/F8ogcfx VwvZLNnARHM6u7KXsCH+CaQ5c2Z/B7cgWOq/UFyldE2Z9keSPmiwO6mlPU6Z4=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTPA id 4A88FBBA087; Thu, 26 Feb 2015 08:41:03 -0800 (PST)
Date: Thu, 26 Feb 2015 10:41:03 -0600
From: Nico Williams <nico@cryptonector.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard
Message-ID: <20150226164101.GA9895@localhost>
References: <20150223153757.GI1260@mournblade.imrryr.org> <20150223155241.GJ1260@mournblade.imrryr.org> <tsl8ufoh9ko.fsf@mit.edu> <2DF7230C-D1D8-4B21-9003-B336108A38CB@vpnc.org> <20150224172649.GX1260@mournblade.imrryr.org> <tslvbircj0d.fsf@mit.edu> <0325DF3F-17F3-4400-BDEA-EDB5334BF35C@frobbit.se> <20150225180227.GT1260@mournblade.imrryr.org> <7AB921D35A7F9B23A53BD11A@JcK-HP8200.jck.com> <tslvbip8io6.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <tslvbip8io6.fsf@mit.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/VuyIZG8pbLmhdd3XfqIIswifTDg>
Cc: John C Klensin <john-ietf@jck.com>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 16:41:56 -0000

On Wed, Feb 25, 2015 at 10:18:17PM -0500, Sam Hartman wrote:
> >>>>> "John" == John C Klensin <john-ietf@jck.com> writes:
> 
>     John> I think the rest is a bit of a judgment call.  While I'd be
>     John> happy to see a comprehensive document that would address all
>     John> of those issues, I would also like to get a good description
>     John> of the RRTYPE published somewhere soon, ideally a couple of
>     John> years ago.  It seems to me that making a complete analysis of
>     John> security alternatives, or a complete analysis of the URI
>     John> situation as it relates to this RRTYPE, much less both are
>     John> likely to be a _lot_ of effort and that, if we want to get the
>     John> document published, what should be done should probably be
>     John> confined to explicitly noting the issues, e.g., that any
>     John> indirection through the DNS raises security issues that need
>     John> careful understanding and for which there is no magic bullet.
> 
> I'm happy with an informational document that does the above and claims
> only to describe the existing RR type.
> I'm not happy with a standards-track document that fails to cover the
> security issues in significantly better detail.

An Informational RFC that merely describes the RR type as it is already
registered with the IANA would add little value unless it came with a
warning about the unexplored security space.

We do need a Standards-Track RFC for this RR because uses of it are
starting to pop-up that really could use more information about how to
use URI RRs securely.

Also, I don't see why we're even talking about publishing as FYI before
the shepherding AD and I-D authors decide how to continue.  ISTM that
the right thing to do here is to give the authors a chance to choose
whether to address the comments made here fully, or fall back on the
simpler FYI approach.  It's not like there's any urgency to publish an
FYI here...

Nico
--