IETF Logo Mail Archive

Re: [dnsext] draft-mohan-dns-query-xml-00.txt

Ted Hardie <ted.ietf@gmail.com> Mon, 03 October 2011 17:29 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB3721F8C60; Mon, 3 Oct 2011 10:29:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1317662998; bh=XwRA0BwmZb4OW2y8icX/9yLVFUU8aCBz7qqfDMnyxkA=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:From:To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Sender; b=mhO5iCsvTCSzP8vAq8JAu4/nIGRqnWqWymqXKY+/c7orc3mu8VTOljZ8UXJPqb9KD KuGScLzIdSh0WGDApYLKwJ4zuKaNQRLDOs9fmp+ZYWK+j5K2EcDabtcZ+Rzd5OFeqg +riz71Lfm8qP/EP5yM7vf/BG1RVkrqFuYP2McOsE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA6B621F8B4A for <dnsext@ietfa.amsl.com>; Mon, 3 Oct 2011 10:29:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.503
X-Spam-Level:
X-Spam-Status: No, score=-3.503 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uF7WyM4CDt2b for <dnsext@ietfa.amsl.com>; Mon, 3 Oct 2011 10:29:56 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 840CC21F8C60 for <dnsext@ietf.org>; Mon, 3 Oct 2011 10:29:44 -0700 (PDT)
Received: by ywm3 with SMTP id 3so1336508ywm.31 for <dnsext@ietf.org>; Mon, 03 Oct 2011 10:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LWz+4jRLcVajWoZO/EVa0b4N7/756t5+R3mOYzGKPlI=; b=FPlQFcSMgzHFrO+COdVppkCs61Ti464WZvAv8b2d8RzLrRpxkBjFMh5Qnxe/rjo5G4 3QXbRlUvMiCPKdgakiCnoL9ZnWKWm/VLQMtqzUW0KDjYAdwOcQxWtpn8zinPWTjik1N2 RyLKQ46MFNvhPUH8B1h8phH/fbP9Hr3Omnp3A=
MIME-Version: 1.0
Received: by 10.236.191.71 with SMTP id f47mr1021120yhn.125.1317663167208; Mon, 03 Oct 2011 10:32:47 -0700 (PDT)
Received: by 10.236.105.169 with HTTP; Mon, 3 Oct 2011 10:32:47 -0700 (PDT)
In-Reply-To: <54E677EE-0720-4220-9FB8-17EDE978E904@vpnc.org>
References: <CACU5sDnBx5AijEgFXKNPjtcVdtBnBJamsn-f_ye0Jm3TQq0mvw@mail.gmail.com> <201110010458.26859.vixie@isc.org> <8F26AB69-C5BD-47BD-B3F4-6D840E419A23@verisign.com> <201110031713.20103.vixie@isc.org> <54E677EE-0720-4220-9FB8-17EDE978E904@vpnc.org>
Date: Mon, 3 Oct 2011 10:32:47 -0700
Message-ID: <CA+9kkMDT+=eBd_xMmZN_ceNdHKDxoCDH8rbyNtGs+OoN8=d25Q@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5693091120639250699=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Mon, Oct 3, 2011 at 10:21 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

>
> +1. The slight increase in programming difficulty of using POST vs. GET
> buys you a huge amount of flexibility in queries. It's not just about
> cache-prevention.
>
>
All silver linings have their clouds...  The only unfortunate thing about
POST, in my view, is that the flexibility can trend you away from
interoperability as people add and change things at  different  speeds at
different hosts.  If you want standard behavior the descending list goes:
New Method, GET, POST, at least in my view.

Since new methods are notoriously hard to get deployed, POST seems like the
best choice if you want something that can handle any DNS operation.  If it
is meant to be only retrieval, then I would personally say that keeping it
within GET is the best choice.

I'm also increasingly of the opinion that this should have the validation
bits sets by default.  Allowing a web site to update the local DNS cache for
a client system by including a reference and a DNS result for the reference
causes my paranoia to ratchet up a few notches.  The only other defense
against it I see is using Web results only in same-origin web contexts, and
that's going to be very hard to make work.

Ted

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.8.7 | Report a Bug | By Email