Re: snarls in real life

Michael Thomas <> Wed, 21 April 2021 18:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7A9933A3207 for <>; Wed, 21 Apr 2021 11:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uNiOR6EFeIur for <>; Wed, 21 Apr 2021 11:21:04 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3FE4F3A3202 for <>; Wed, 21 Apr 2021 11:21:04 -0700 (PDT)
Received: by with SMTP id q10so30682826pgj.2 for <>; Wed, 21 Apr 2021 11:21:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=TwqfPCCZOguHZBj3dEgkg6Zva3ZiZSIe9L6GmZZflcA=; b=bhqLkzH4FvtYgIvHAnJU/taDwulN0GQoTtxTys4wSjJ7l8NUdxOJRjA2f+YKrqJyqH 5bFOo9DptHDNmuuW8vGYIN1y4UtZC4HT57GXP+55x0qV7wUaa4alcL6toCBpXMlsBHNT g2pPmWYp+ngfbGruEKsr53W7fmUw0OroYnhaJ8r8aTw7exehIOCfticWcBFvxfRTNwy8 ct4SzdPxvc+URXjrDzqz4MAj+LQvCWyYsAkjMgzTt83NRfUzcj5Hfd6ik4FLSWLmuxIn P/A70xShZTRiC3DzQxUE6uYZYYqYRd0rIFawHwUX8Wid5I/XwuBAJfnyn3H7cWn6GZUq urqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=TwqfPCCZOguHZBj3dEgkg6Zva3ZiZSIe9L6GmZZflcA=; b=ZTJiCwDcWdynYCZ8rgH/T5jIr0r5MypNtW37YijabyDnCEw31W571C9L6l4VGa+Pdy ixygDNQZv04M7iKDC86sRDPJ67aAjIovp/kfoajHRkgyhG4TlrxtjcGzzKrbnJd8LlSb gp2pRw7QBOIdUimK9jGTUYTctfPOkRYKS7bxzEKdiSLErJ/+AvxY3S162g4SVJoHQKcD 67Q9vbhPQJnpNxkRxP2DoXsPgeoyTGqcw1+9E9qPUJX/9Bia90RVn2fpfnlzz1eczOaf 37mbT8PewlCqc84uIdP/VLEW8uGmd8UqGaSduiuER+0mJjBb+1oNNUx9fOt7HXMGqu8B KT7w==
X-Gm-Message-State: AOAM532bio6nC7rIRU+vfpwVHMup9smdHMUZ1TPaj6HtGGkGYwJlbzf1 lvbLV4t6De5mAi8F8+Sl5FiQuAy2b6g6RA==
X-Google-Smtp-Source: ABdhPJwZ/zBTXnDyNXhTA+BfmYXx841n/wuPYU1FzhalGTS85a5dBfh4Ymni7mXP3/Ju9XQbzGNlcg==
X-Received: by 2002:a17:90b:ed8:: with SMTP id gz24mr12311593pjb.98.1619029262448; Wed, 21 Apr 2021 11:21:02 -0700 (PDT)
Received: from mike-mac.lan ( []) by with ESMTPSA id w1sm111056pgh.26.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 21 Apr 2021 11:21:02 -0700 (PDT)
Subject: Re: snarls in real life
To: Christian Huitema <>,
References: <> <> <> <> <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Wed, 21 Apr 2021 11:21:00 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Apr 2021 18:21:09 -0000

On 4/21/21 11:03 AM, Christian Huitema wrote:
> The meta question is whether that is so off topic that it needs to be 
> officially shut down with the working group chairs. The technical 
> merits are what they are. What I was told in no uncertain terms is 
> that I am not allowed to even ask the question. Is that appropriate?
> There are a couple of topics that would be clearly appropriate for the 
> QUIC working group. A document describing your experience deploying 
> QUIC+DANE, for example, would be on topic. If there are issue 
> preventing mutually agreeing clients and servers from using QUIC and 
> DANE, that too would be very much on topic. On the other hand, your 
> latter posts focused on the development of the Chrome browser, its 
> level of support for DANE, and Google's willingness to deploy DNSSEC 
> in their domains. That very much off topic for theĀ  QUIC WG.
The reason I wrote my post is precisely because I *don't* have the 
resources to do such an experiment, and even if I had all of the code 
and signed domain my experience would be anecdotal at best. Only one of 
the big browser vendors could meaningfully run such an experiment. The 
overarching problem here though is *where* is the appropriate venue to 
ask questions or make observations? I got told to go elsewhere, well 
where is this "elsewhere" precisely?

That said, one of the interesting things coming out of this is that 
maybe there really are some fundamental issues surrounding DNSSec 
deployment. Why have none of the browser vendors signed their zones?