Re: new RRTYPEs, was DNSSEC architecture vs reality
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 14 April 2021 19:26 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2628C3A1C8F for <ietf@ietfa.amsl.com>; Wed, 14 Apr 2021 12:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cbxCBvhskwdm for <ietf@ietfa.amsl.com>; Wed, 14 Apr 2021 12:26:53 -0700 (PDT)
Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D6B93A1C4E for <ietf@ietf.org>; Wed, 14 Apr 2021 12:26:53 -0700 (PDT)
Received: by mail-yb1-f182.google.com with SMTP id y2so21306974ybq.13 for <ietf@ietf.org>; Wed, 14 Apr 2021 12:26:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uGO6XC9pExR4Q6vh75aGvczeEZbc978OOPI/aU+ubWA=; b=Koy/9aio/LONtWG1rztvxw0ySO7nRZEVUWknEP4Gbho2cRxHbKtttvj99qWFnqiP8Y FDJkUNdM2pZHr/fx7syp/FNW9irbsyV6GlFrRCecKW4YzaQpjD/yUfhvFBFJzEjtUCcV Zoyhv+dza9ybyoyCJkPSoUKJDRhCWOpjRiax0HkI/x+ezratpc0iZ+0FbhouRLUjq9IS etwAfN/z0Lu+VkFG+7YUAGE1Cymm4vZnLPPeBIDOmZeJb+RgXO3A6THa79pA8GgCRaHp Ye6NfcXhMmo4EC/fvm/SmAag2HNxHrPftdNmr5M4cO8Dn9R6S7eiMICZjAv7s2Z9r/Qu ac3A==
X-Gm-Message-State: AOAM531Pft7AFddkXbCpbgSJ4TbQgcQM8eBNSMKBwee8cLKcrVoSS1xb B6/hrCn8lbIisjrrdHT7OGEWLMTlkU0X3X4bPBLbo2VomQs=
X-Google-Smtp-Source: ABdhPJwvUGBxa5P1lPcrA8KE4bTdWBZMI1Cl5npJ3a8Vmg48B1Od1U2qcGu3EcEzs28BlGQqg+05hM0lOwyhwB287BY=
X-Received: by 2002:a25:7752:: with SMTP id s79mr48739486ybc.522.1618428412054; Wed, 14 Apr 2021 12:26:52 -0700 (PDT)
MIME-Version: 1.0
References: <20210413015000.9297272C47BA@ary.qy> <C8C39247-226E-4C78-88E8-3AC215F2FF21@isc.org> <1c90249a-a9ad-52dd-bbc5-5e4bc6e6bdf@taugh.com> <CAMm+LwhEmiQOYtP807n2Gm2MKq7cGhMoCB_hkJxPZCQ9uatW8Q@mail.gmail.com> <20210414182644.GO9612@localhost>
In-Reply-To: <20210414182644.GO9612@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 14 Apr 2021 15:26:40 -0400
Message-ID: <CAMm+Lwg55vLRbfw_NHLBb1TL-OFNdC_HcgRSdd+LEgemm7awZg@mail.gmail.com>
Subject: Re: new RRTYPEs, was DNSSEC architecture vs reality
To: Nico Williams <nico@cryptonector.com>
Cc: John R Levine <johnl@taugh.com>, IETF general list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000098604705bff3ba5a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lZpFJ8Qy_EoX4JIPOf7GMpUEv0Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 19:26:56 -0000
On Wed, Apr 14, 2021 at 2:26 PM Nico Williams <nico@cryptonector.com> wrote: > On Wed, Apr 14, 2021 at 12:48:05PM -0400, Phillip Hallam-Baker wrote: > > I did propose a TXT record that could be used for unstructured config > > and the DNS folk rejected it (as they always do). So I really don't > > care how upset they get about the uses their comment field is being > > put to. > > If we were starting from scratch we might well not bother with > non-textual RDATA, or domainname compression (we'd zlib-compress all > message payloads). > > As tempting as just-one-last-new-RRtype would be, a TXT-like RR with a > sub-type prefix of its textual RDATA, the fact that there would be no > easy way to select for RRs of this type and with a particular sub-type > prefix means we'd probably end up being unhappy with it. Knowing little > else about this, I'm inclined to believe that that "the DNS folk > rejected it" with good reason. > So your argument is that you don't know what my proposal was so you will invent your own proposal which is stupid and then conclude that it was rightfully dismissed as stupid. If you don't understand someone's proposal, better to ask them rather than making up stories. It isn't that difficult to make prefixed records delegate correctly either. I proposed a way to do that. But folk would much rather insist that their way of doing things is right and that everyone else is in the wrong for ignoring them. TXT records are a means of publishing policy information in the DNS. The principled approach is to use a prefixed record. That this breaks wildcarding in DNSSEC is a DNSSEC issue, not a DNS policy issue. If as John Klensin claims, there is a need for comments in the DNS, create a REM RRType for that purpose. The lack of selectors is irrelevant as they are merely comments. Why not just do the job in a scalable fashion? The reason DNS names cost $10/yr is that the protocol is broken and requires the TLDs to be published by means of an interactive query protocol even though the data being published almost never changes. Push that task out to the party providing authoritative query service for the zone and over 99% of the costs of running the registry disappear: Mathematical Mesh 3.0 Part VII: Mesh Callsign Service (ietf.org) <https://www.ietf.org/archive/id/draft-hallambaker-mesh-callsign-00.html> Building out a PKI to validate names already assigned is a really hard problem. Building out a PKI as the names are assigned is a very different matter. But of course, nobody will read my proposal, you will just complain afterwards that I did it all wrong.
- Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Stephane Bortzmeyer
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: DNS vs PKI, was Quic: the elephant in the room John Levine
- Re: DNS vs PKI, was Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: th… Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic… Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality (was: Re: Quic… Viktor Dukhovni
- Re: Quic: the elephant in the room Andrew McConachie
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality Marco Davids
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Salz, Rich
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John Levine
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Mark Andrews
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Andrew McConachie
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Eliot Lear
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John R Levine
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Jim Fenton
- Re: DNSSEC architecture vs reality Masataka Ohta
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Donald Eastlake
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Viktor Dukhovni
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Vittorio Bertola
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: Fwd: Quic: the Elephant in the Room Michael Thomas
- Fwd: Quic: the Elephant in the Room Lars Eggert
- RE: Fwd: Quic: the Elephant in the Room Vasilenko Eduard
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker