IETF Logo Mail Archive

Re: [regext] Review of draft-ietf-regext-dnsoperator-to-rrr-protocol-04

Patrick Mevzek <pm@dotandco.com> Mon, 28 May 2018 02:33 UTC

Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8400A127058 for <regext@ietfa.amsl.com>; Sun, 27 May 2018 19:33:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=M7XLcooW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MuGZsya8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id szV34bv23aVr for <regext@ietfa.amsl.com>; Sun, 27 May 2018 19:33:05 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81DA9124BAC for <regext@ietf.org>; Sun, 27 May 2018 19:33:05 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id CCD9C21AFE for <regext@ietf.org>; Sun, 27 May 2018 22:33:04 -0400 (EDT)
Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Sun, 27 May 2018 22:33:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=Arwlhs6N/w7MIELobdOqZrAWoiisk j4enjlhKPkuu7k=; b=M7XLcooWasD/dckc3XlvXrrhBEhZfoT0BAG91FTKG/dZB aGcSuk3ezCrzcpjYjDJ2e2mQPfWNu4errKjDaMLq+vr5FYiamAT5bP/3vmt4AkfB dJVVWOldDCEM7isxn1oq6C497San0kzCKQPuvutgxc5sjmaiygmkVrrUH1gQTSHx bT+pHzyeXQwnqNz/sjLW1yEAy3w+LEw1qHM+y0Eo4bbmrNlfthq4ERMVtARv9mnI jP6D+eEdhH7TY2fUefqbdCT5TJNIAdlfzgnRq3P6eY9nrnAXIMUEAVJeP4edlTuY XnfOKsweVCHpzXx2p+kdLWjJ/DBLXbSyKRaL2zuMA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Arwlhs 6N/w7MIELobdOqZrAWoiiskj4enjlhKPkuu7k=; b=MuGZsya8SdnMj9Pq9hvAI/ 5ZrXYHAPcOzrNBce00pU3sfMrQKaMDgLUD6zgKNnFMo+Jzit0AE6Q3To9AlODHra kaZcxpqdfm1A6P7Dve4yl8yM/ewNkxDZp0vzZBm6cF96QFl+4qo04Z/eg9KGmsBb SUF2AStZNEyRWpjMWPluE3AuQv/tDLsXPK75vkPAsMjdSUNtc+xXtpnTm98BvFzz zppInLSpMd4I+/x5Z9s8ORZE231sT/V74Ku9Trui8le3ZX0AWtsQt8Uq1pK1TYd3 4+k3Ehm8rUWbTboLU63sbJt0jcTyDHvl10PvUj2H1b3kxGzZmIUKUPO3D20wls7Q ==
X-ME-Proxy: <xmx:YGoLW5epdi67Ftx2A2AMMMP7HbEwAvDtG7JjT2KWODy6g_wdKX-Vow>
X-ME-Proxy: <xmx:YGoLW0vCBSg6m2FqXS9kTaCpxsSfB2O6rVtqNqx4PCkYfeeiv_Mhig>
X-ME-Proxy: <xmx:YGoLW1IP7fsH3R4w3EqbyW3zhCU5eDIWecSZh9s0txiuQP8LCqk9Zw>
X-ME-Proxy: <xmx:YGoLW4Z_wkJnxqCS07t6OnPIvEM1MmOTQbc0weJ-QUJXio3efOA47Q>
X-ME-Proxy: <xmx:YGoLW4n3ah-3vmiTn_MFl9lPPApz3YsvQHxF_O7ASgbBS5nCA2OWsg>
X-ME-Proxy: <xmx:YGoLW-twAnGAxv8TfWx-yZLVwY4bxl1vUsw0dgE99zauTQjeyCzoPw>
X-ME-Sender: <xms:YGoLW8yMle6cojXAQ5feelAN3p3-JEMNYr2vNGNW8jv2pQ9vGkox6nArUCs>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 55F7A9E19E; Sun, 27 May 2018 22:33:04 -0400 (EDT)
Message-Id: <1527474784.1762457.1387551184.037F1EC2@webmail.messagingengine.com>
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-29e6b281
References: <1513922622.1586600.1213090824.498EBB04@webmail.messagingengine.com> <1515367691.2357788.1227317864.0AC012AC@webmail.messagingengine.com> <CAAiTEH_RM0cYomxvh15sfEZgpL5dKpGi3fAM10AT7sLHrVOWYQ@mail.gmail.com>
Date: Mon, 28 May 2018 04:33:04 +0200
In-Reply-To: <CAAiTEH_RM0cYomxvh15sfEZgpL5dKpGi3fAM10AT7sLHrVOWYQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Ku-QYoY4lhMuAtDlEjp0-LEuUPg>
Subject: Re: [regext] Review of draft-ietf-regext-dnsoperator-to-rrr-protocol-04
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2018 02:33:08 -0000


On Tue, Apr 24, 2018, at 21:02, Matthew Pounsett wrote:
> On 7 January 2018 at 18:28, Patrick Mevzek <pm@dotandco.com> wrote:
> 
> >
> >
> > On Fri, Dec 22, 2017, at 07:03, Patrick Mevzek wrote:
> > > Hello authors,
> > >
> > > Please find below my review of your draft.
> >
> > Please also have a look at
> > https://tools.ietf.org/id/draft-hildebrand-deth-00.txt
> > as it covers related goals (it is more generic than just NS/DS needs)
> >
> > I do not know where it is discussed nor its current status.
> >
> > It may however be of interest to this WG.
> >
> 
> I've seen that draft before.  It's a sort of "DNS UPDATE over HTTPS"
> system.  While there may be some overlap in what it provides, it doesn't
> have the same goals or applicability of our draft.  We're trying to write
> something that can be inserted into the existing ecosystem with limited
> overhead.  Something like draft-hildebrand-deth requires authentication,
> whereas this scheme doesn't.
> 
> We've also received a fair bit of push-back to any suggestion that we might
> expand this protocol to allow updates of NS records.


I still think that at soon as you have a mechanism to be able to change something, like DNSSEC related materials in your case, people will ask to be able to change other things. This does not mean that all should be covered by a single mechanism but you may always find other ideas in other proposals that could help or not, and at least include some working in your own specification to clearly say: this is suitable to do X, but could be extended to do Z but probably not to do W.

BTW, see how they use the "_deth" label in the DNS to identify the endpoint, as suggested in your case to defend against any hardcoding and having to name precisely the endpoint for everyone, as anyone knows that the naming is the hardest part of computer science.


-- 
  Patrick Mevzek
  pm@dotandco.com

v2.23.0 | Report a Bug | By Email