Re: new RRTYPEs, was DNSSEC architecture vs reality

Mark Andrews <marka@isc.org> Tue, 13 April 2021 03:03 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7920B3A0FCD for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 20:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.875
X-Spam-Level:
X-Spam-Status: No, score=-0.875 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=ig2dA2tG; dkim=pass (1024-bit key) header.d=isc.org header.b=PjhbJ7af
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rf3WdFUVFaYQ for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 20:03:29 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CF6D3A0FCB for <ietf@ietf.org>; Mon, 12 Apr 2021 20:03:29 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 6AC183AB020; Tue, 13 Apr 2021 03:03:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1618283006; bh=RnO0oMbEDXvb9GUYyOYhbYf+8IysnU8ZiPNfUZF/3G0=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=ig2dA2tGA+9Kk38kBP2KI4e1pS1sfFEGXLY+G6F1N1R1TwT4CwJhjxFafe2oX6L2X /r/eMXHzOKRMLyyaIhW55Eqri2p0cL1nQYByFP3T9EQScWIR9cWHvwtlpu3lw+BWpX AX7m0Bh9i01Pb1y64JAb1goRJM4GY31lIo+7q4sw=
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 4E8F8160076; Tue, 13 Apr 2021 03:03:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 2B736160071; Tue, 13 Apr 2021 03:03:26 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmx1.isc.org 2B736160071
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1618283006; bh=LFIySZ9RcTh5/nlwPJz8yVfIlAhWO3h9qSpUDR6BAM0=; h=Content-Type:Mime-Version:Subject:From:Date: Content-Transfer-Encoding:Message-Id:To; b=PjhbJ7afcxwOhI1vx/Cgnvj/mM/w+WKtHro5hh+MfIQ5QVo9Cpj4bh0QSMykLoiSw ofbTf1Mvoisy29KAwgu9CuNWuzx49+iWQevXMpFGxpzgsoEGVZWoqcE7jNIkX9Ohmj GEdOs2GkyCDxE6vLdrIFtlmhot5bEQRyESjq/O5s=
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Ee75VOgSMTdd; Tue, 13 Apr 2021 03:03:26 +0000 (UTC)
Received: from [172.30.42.67] (n49-177-132-25.bla3.nsw.optusnet.com.au [49.177.132.25]) by zmx1.isc.org (Postfix) with ESMTPSA id DA81616003D; Tue, 13 Apr 2021 03:03:24 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
Subject: Re: new RRTYPEs, was DNSSEC architecture vs reality
From: Mark Andrews <marka@isc.org>
In-Reply-To: <20210413015000.9297272C47BA@ary.qy>
Date: Tue, 13 Apr 2021 13:03:22 +1000
Cc: ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <C8C39247-226E-4C78-88E8-3AC215F2FF21@isc.org>
References: <20210413015000.9297272C47BA@ary.qy>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Z6Uw24xPECH-ja07-iK5oJr71IE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2021 03:03:35 -0000

John,
	please show how this would be used to parse a HTTPS record
without extending the format?

HTTPS:65 HTTPS Record
     I2:SvcPriority
     N:TargetName
     Z[SvcParm,M0]:SvcParams

The problem with the draft is that you are hiding the complexity in
"Miscellaneous fields” section of the draft which would need to be
updated for many new RR types.  SVCB/HTTPS is just a case in point.

Mark

> On 13 Apr 2021, at 11:49, John Levine <johnl@taugh.com> wrote:
> 
> It appears that Michael Thomas  <mike@mtcc.com> said:
>>> But DNS itself shouldn't have to change to implement new RR types, 
>>> more than (perhaps) adding a line to a table that says RR type NN has 
>>> ASCII name XX and the following types of parameters. And that table 
>>> should be globally and securely accessible. Encode the table in DNS 
>>> somehow, put it in the root zone or other zone managed by the root, 
>>> give it a very long TTL, and sign it with DNSSEC.
> 
> Hey, what a good idea.  Oh, look someone wrote it up as an I-D starting ten years ago:
> 
> https://datatracker.ietf.org/doc/draft-levine-dnsextlang/
> 
> And here's a python library to implement it with encoder, decoder, and
> a dictionary of field types you can use to create and decode web forms:
> 
> https://pypi.org/project/dnsextlang/
> 
> For perl users, it's built into recent versions of Net::DNS.
> 
>> Uh, think the long tail of UI's. Even $megacorps use them. And they 
>> don't look kindly to monkey patches either.
> 
> No kidding. You extend the UI once to use the extesion language to
> create and parse forms for rrtypes, then fetch the rrtype descriptions from the
> DNS. It really works, I use it in my own DNS provisioning crudware.
> 
> But as far as I can tell, nobody else does.
> 
> R's,
> John
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org