Re: [TLS] Two Multi-CDN proposals
Christopher Wood <christopherwood07@gmail.com> Thu, 28 February 2019 00:54 UTC
Return-Path: <christopherwood07@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A77012D829 for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 16:54:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cm1D57laeEjS for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 16:54:54 -0800 (PST)
Received: from mail-yw1-xc35.google.com (mail-yw1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F242126C15 for <tls@ietf.org>; Wed, 27 Feb 2019 16:54:54 -0800 (PST)
Received: by mail-yw1-xc35.google.com with SMTP id x21so9732335ywx.11 for <tls@ietf.org>; Wed, 27 Feb 2019 16:54:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=F1ukMzSCQEEp5aQgkX8jUhC1paNE2IjaOxHdu1apFU8=; b=Gx4zEaR8XBr22dPIe5lKjHJJHC2Rc7VUYHbao59ve8nes2MDcM5mPjWp8JsDTZhxXY pmbP/0Bc4IFtPJJPAT/WOCoDGQ3gt/785MIG5Cd1j9PqNL7b6iVh6UzWr3qh4WjhAmjm B1VRW5FibgwFzHRSYAztFwqK27aZj8vReYmh+3lOBdF7BYjaWSQV0wFFoHrslbJYXzh/ aTepLLHrN+5VBsyOqRCv41XUOHgMkrOCWd0AlNUn72IaVR3ueYctlRYePxr5jyr1kS8m 8kzTLQJFj2vNf5qKq2CXXciFbfMp8Ic1fMndFy6XwG6UqWmzpwH4qa3UrEPS6iaqtKhf cYVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F1ukMzSCQEEp5aQgkX8jUhC1paNE2IjaOxHdu1apFU8=; b=Vz/bK9kAhjlY8cgBiSJUFntdvLi42f0thGW1akK3ga+7yhZHf8pQicPdSyicg7VJjq 17EuI5ccloIyaiwCGfEU8PeOnL+8/FCLwLXrdDTqSlDUDqpBD6N5qR8bxH0eBvVnRjV+ vWW7nTykZGSHSrkQouhmzFPfLVe7MkUkqv9dRKaA9XZs3adIt7L2kYEBpMSO7rcUdrpk JTBeBYBoFHWOyhGRaisnBzXEm+IBx1DZTcj2d6Bya1vqZnRCohnzanpjZZW9XL77gbqQ j3Tu8hngJsew6gwuudVJ+ABGnj/KaSfumc4hvFn0SCUIS98z/0YWgVlpxMiAapzAZBSH udeQ==
X-Gm-Message-State: AHQUAuYoQVBh2O+wY20lvb79j94xt7wWcravopMi3spkWEP8iBUYMToF iEtKam6wG0VcuC1MbnMsW+uhOgrNuh/47YYNgZ+28Mh8NZ8=
X-Google-Smtp-Source: AHgI3IYNhZhwDGxHdyWQwujcbpVchF9Cn6burWU3AQo+kYvvOs/Mx8lut62OavILghfL/OvUVld890AnAP8JX2SGXso=
X-Received: by 2002:a25:7650:: with SMTP id r77mr4419275ybc.206.1551315292906; Wed, 27 Feb 2019 16:54:52 -0800 (PST)
MIME-Version: 1.0
References: <CAO8oSX=sPoLo78oX4qEEyeuck7CxM_uAqYPHEsY7BuYqBUaorg@mail.gmail.com> <CY4PR22MB098340D8B4C6FD7D9EB9C32EDA750@CY4PR22MB0983.namprd22.prod.outlook.com>
In-Reply-To: <CY4PR22MB098340D8B4C6FD7D9EB9C32EDA750@CY4PR22MB0983.namprd22.prod.outlook.com>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Wed, 27 Feb 2019 16:54:41 -0800
Message-ID: <CAO8oSXms6juQVMP339mh3Z1K1sL5GahaeV5rbbN59HOrGwsuXg@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/z841-LRpR3IFGBRvXus923gnwT4>
Subject: Re: [TLS] Two Multi-CDN proposals
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 00:54:56 -0000
On Wed, Feb 27, 2019 at 4:36 PM Mike Bishop <mbishop@evequefou.be> wrote: > > Despite the additional complexity of #137, I think it's probably the better approach (and I would be fine with the simplification, if that makes it more palatable). Particularly when multi-CDN is used, there's a lot of logic involved in generating the "right" A/AAAA record in response to a request. #136 essentially lets the ESNIKeys result override the A/AAAA, which means ESNIKeys needs to be equally tailored and duplicate all the existing logic for a new record type. In #137, the ESNIKeys essentially contains enough information to check that the A/AAAA results came from the same entity as the ESNIKeys result but leaves the DNS complexity where it already exists. (It has the option to override, and removing that would be the simplification.) > > The tripping point of #137, however, is that it may need a recovery path (i.e. a second A/AAAA resolution) in case the records come from mismatched providers. We don't currently have data on how often that would happen -- whether it's 10% or 0.001% of the time would make a big difference. Thanks, Mike! I agree with the technical descriptions of both approaches. Since each design uses an extension, could we pursue them simultaneously? I'm not sure we must necessarily choose one or the other here. (Perhaps I should have emphasized that in my original message. Oops.) Best, Chris
- [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Nick Sullivan
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- [TLS] More issues with current ESNIKEYS DNS appro… Erik Nygren
- Re: [TLS] More issues with current ESNIKEYS DNS a… Stephen Farrell