IETF Logo Mail Archive

Re: [dnsext] draft-mohan-dns-query-xml-00.txt

Mohan Parthasarathy <suruti94@gmail.com> Mon, 03 October 2011 19:19 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59B821F8DFE; Mon, 3 Oct 2011 12:19:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1317669585; bh=qnwDi9LTE1JV+BZV03B5L6D4Ok1/Es8GcUpYGCtlkc4=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:From:To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=I4L0qz7gtcnDbK0QlRBounAyK5RYvOFTtcI/+3L4wkvtlsOs8EqZY/96oYBfnMmSM h/tRq8vbE1nE2mFRihdmttIlQ/zu1OzdyHB/dhPsp2fT7Bi9iH2DHJNijmBJ5oxw4f wL9TkLOeDPxk9eBsWPcOk8KhmiHRSaNJZfJgDFVM=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F71E21F8DF6 for <dnsext@ietfa.amsl.com>; Mon, 3 Oct 2011 12:19:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DCf4QPZU87C4 for <dnsext@ietfa.amsl.com>; Mon, 3 Oct 2011 12:19:43 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7621821F8DF2 for <dnsext@ietf.org>; Mon, 3 Oct 2011 12:19:43 -0700 (PDT)
Received: by vws5 with SMTP id 5so4768874vws.31 for <dnsext@ietf.org>; Mon, 03 Oct 2011 12:22:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=KA+zT1JCYg9azbNo9wfA2JYfHVuvj32UI4veAuvhigg=; b=g+eonugDV1fzlrsUjhAFQ5vsJA3yatH7HLM6WVayoilFUhhGZOtJ7FxDxZhk+cR1Bi wXsRFC7ndwrQAPWsnJuSyNWiVUOuig9RldOupCEvhjyCVL2gti9AQ554gq2L/xb5JdOl 4nBKJdRGA3oxMvHAo8uDrrBVULF20kT+1+bck=
MIME-Version: 1.0
Received: by 10.68.19.2 with SMTP id a2mr3417718pbe.72.1317669765081; Mon, 03 Oct 2011 12:22:45 -0700 (PDT)
Received: by 10.68.46.200 with HTTP; Mon, 3 Oct 2011 12:22:44 -0700 (PDT)
In-Reply-To: <CA+9kkMDT+=eBd_xMmZN_ceNdHKDxoCDH8rbyNtGs+OoN8=d25Q@mail.gmail.com>
References: <CACU5sDnBx5AijEgFXKNPjtcVdtBnBJamsn-f_ye0Jm3TQq0mvw@mail.gmail.com> <201110010458.26859.vixie@isc.org> <8F26AB69-C5BD-47BD-B3F4-6D840E419A23@verisign.com> <201110031713.20103.vixie@isc.org> <54E677EE-0720-4220-9FB8-17EDE978E904@vpnc.org> <CA+9kkMDT+=eBd_xMmZN_ceNdHKDxoCDH8rbyNtGs+OoN8=d25Q@mail.gmail.com>
Date: Mon, 3 Oct 2011 12:22:44 -0700
Message-ID: <CACU5sDmurSriLgrD9Pn_xAarfBxrjY0x9sRdJPrdkvJiJ6FJZQ@mail.gmail.com>
From: Mohan Parthasarathy <suruti94@gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Mon, Oct 3, 2011 at 10:32 AM, Ted Hardie <ted.ietf@gmail.com> wrote:
> On Mon, Oct 3, 2011 at 10:21 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>>
>> +1. The slight increase in programming difficulty of using POST vs. GET
>> buys you a huge amount of flexibility in queries. It's not just about
>> cache-prevention.
>>
>
> All silver linings have their clouds...  The only unfortunate thing about
> POST, in my view, is that the flexibility can trend you away from
> interoperability as people add and change things at  different  speeds at
> different hosts.  If you want standard behavior the descending list goes:
> New Method, GET, POST, at least in my view.
>
> Since new methods are notoriously hard to get deployed, POST seems like the
> best choice if you want something that can handle any DNS operation.  If it
> is meant to be only retrieval, then I would personally say that keeping it
> within GET is the best choice.
>
> I'm also increasingly of the opinion that this should have the validation
> bits sets by default.  Allowing a web site to update the local DNS cache for
> a client system by including a reference and a DNS result for the reference
> causes my paranoia to ratchet up a few notches.  The only other defense
> against it I see is using Web results only in same-origin web contexts, and
> that's going to be very hard to make work.
>

I am not sure I understand this concern fully. I guess you mean that
you want to use this only with CD =1 which also implies that you want
to use only with DNSSEC . Though this is the primary use case that
this draft is trying to address, should we restrict it ? Previously,
your concern was cache poisoning of the HTTP proxies having an impact
on DNS. If we require HTTPS and POST, is this still a concern ?

-mohan

> Ted
>
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
>
>
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.8.7 | Report a Bug | By Email