IETF Logo Mail Archive

Re: [Uta] draft-ietf-uta-mta-sts-07 STS policy removal.

Daniel Margolis <dmargolis@google.com> Thu, 10 August 2017 17:02 UTC

Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEE33132190 for <uta@ietfa.amsl.com>; Thu, 10 Aug 2017 10:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UbzAgQuGYtGy for <uta@ietfa.amsl.com>; Thu, 10 Aug 2017 10:02:45 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D3EC131CEA for <uta@ietf.org>; Thu, 10 Aug 2017 10:02:45 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id 76so16427781ith.0 for <uta@ietf.org>; Thu, 10 Aug 2017 10:02:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Rpc1qXdxhd3ahNd2Ym2ZwJZLomrUKnqiRk0jFifmHEc=; b=vyFKt67mQXZZZ61I6yYqALIUeK6kKPAIHnOeA1ir700iET/x/3gRdSDTxoW623I9A7 bOEs6JtjK8PJX6o+Yb5clcXhrd3KnNY3KfmGZcduXEFpti9gVM33uamyVOxeM63OmTjM i2hXaCnW2kQeHA/ZWKPZWbEPiewWMCw9ZRSocW1qctY4Wkam+hVGLfbYrHpRLbxqBGk+ jbMpa8/Hxr20520MfaFNodTYhH4GtOqwnvTWADl6gv1q+AbhEiAFEvY0vGy2plXH74Yn tWuOUU6KQvkehLZxyfwJC7bDg1sWYG9A5ec91wUH+jCq7/UZyFEPYlCjpWzT0yuo8YFk Mpqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Rpc1qXdxhd3ahNd2Ym2ZwJZLomrUKnqiRk0jFifmHEc=; b=NWnexS/YB3CJZEdRnA0ThTIapqsmuKq+zRGQJlu6BzQHUiIwVmBWOFPKW53XoX1KwE DEOuwZIL3r5kY/L1Rg2O/SbwpwRIqJTT/W/jt9AGo9gC3OhZqt/MVdRWFPdT9QaVk8Ox 575svsPq5P5NLpvJB5sLu9XX5Xm81j49r7UiifSkFGViH8vK852V8zCPM52bMq8Gwz3w 4w0J55rUb8fz5QAquRTROTpg6qd4wuqKVmVepEip9lwFXagyVe2GdHO7I+wAPSB7ngar ocPlyDYpR7lv5xtP/3GhZoI0nNMQ0ppPRk3tVCMtNmRvnUOtSJ8vCR78GO+GNlKhqZQm isbg==
X-Gm-Message-State: AIVw11080r029ZD5F+VgYf3n0GTLA7MQ3g+Tq2Esq07ACWIVouGG4FLp wZ3fjvI3yo9aulSzwFYkothQi32bNL/Z+rI=
X-Received: by 10.36.172.65 with SMTP id m1mr10993164iti.118.1502384562691; Thu, 10 Aug 2017 10:02:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.133.159 with HTTP; Thu, 10 Aug 2017 10:02:41 -0700 (PDT)
In-Reply-To: <6050C765-D3FB-4037-930A-43FE00A5CB89@dukhovni.org>
References: <CANtKdUfJs=p-jiZ-QQ6Mk=iKh_2h6=596SYWLJ=mJsf61R0=9g@mail.gmail.com> <20170808143018.m6zqnapcnkiushfq@LK-Perkele-VII> <20170808172002.GN8146@mournblade.imrryr.org> <CANtKdUcmqsRG7aV8poqOCe=qMAk5qAkw2WY3JZqvnf1WVAknUw@mail.gmail.com> <20170808210631.GO8146@mournblade.imrryr.org> <CANtKdUfcn=Z73pxXTov70e2+-0kc9Q6PGTchS=aUhRR0V+RNMw@mail.gmail.com> <9408F973-F6F0-41CD-9A81-82185686E24C@dukhovni.org> <CANtKdUc6PaDyBOcG_LhvezbnZ8JEv=xFf=MosQWSY8dg4MxjLg@mail.gmail.com> <20170809174827.GQ8146@mournblade.imrryr.org> <CANtKdUdqHM-bu_Z_GVcCN_Jca9SNNNdBkQKPOOtX_a=zW_EJZA@mail.gmail.com> <20170809183310.GU8146@mournblade.imrryr.org> <CANtKdUcqcoKjRctyGJ6Qc41vOxEvt8Knzjc6CZGn-0jqN9g5BA@mail.gmail.com> <6050C765-D3FB-4037-930A-43FE00A5CB89@dukhovni.org>
From: Daniel Margolis <dmargolis@google.com>
Date: Thu, 10 Aug 2017 10:02:41 -0700
Message-ID: <CANtKdUcc5mBNeUd9kPg_VemcbX4vdDwfvVgoXrr=nQtYLDeStQ@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="94eb2c1fc808497ee90556692af2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/SHKGRfJzZuVVBdkv6SJRPMu1Lrw>
Subject: Re: [Uta] draft-ietf-uta-mta-sts-07 STS policy removal.
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 17:02:48 -0000

It's certainly doable. As you might have guessed, I'm vaguely attached to
the idea that "not having a TXT means you don't have a policy." I don't
really know _why_ I'm attached to this--functionally, your suggested
behavior is about the same in terms of implementation--but it feels a bit
funny to me to treat _not_ having a TXT record as significant _if_ you
previously had one. (Of course, if people don't know you previously had
one, they don't need to know the absence is "significant", so this may be
silly to worry about.)

Also, note that this slightly oddifies the _DNS_ caching story; the
NXDOMAIN TTL is derived from the SOA record, so unlike a "real" TXT record,
the TTL on the "null" record comes (obviously) from a different place,
which is a little bit (but only a little bit) weird in terms of usability
of the configuration parameters, so to speak.

If anyone else has read this far on the thread, I'm happy to get feedback
on this proposal from others on the list.

On Wed, Aug 9, 2017 at 9:05 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

>
> > On Aug 9, 2017, at 8:05 PM, Daniel Margolis <dmargolis@google.com>
> wrote:
> >
> > 1. Publish a new policy (as with any new policy, updating the TXT
> record's ID) with mode=none.
> > 2. After all pre-existing policies have expired (e.g. the time of step 1
> plus the existing policy's max_age), safely remove the TXT record and
> current policy.
>
> One corner of the problem space we did not consider:
>
>   * I'd like to be able to delete the "none" policy promptly, by noticing
>     a removed TXT record.
>
>   * So it would be nice to be able to remove the TXT record promptly.
>
>   * However, you're suggesting that policy refresh should not happen
>     when the TXT record is absent.
>
>   * This implies that the TXT record removal must wait until everyone's
>     max_age has expired.
>
>   * Consequently "none" policies will linger in caches needlessly long.
>
> If instead NXDOMAIN/NODATA triggers a policy refresh (new logically
> empty id) then senders can flush "none" policies as soon as they
> also see the TXT record deleted, and that deletion can reduce the
> number of required DNS changes.  Instead of modifying the TXT to
> trigger refresh and later deleting it, it can be deleted right
> away.
>
> The only complication is that deleted TXT is then, for senders with
> a cached policy other than none, just another TXT value (NULL if
> using a SQL database or similar) that triggers refresh and cached
> policies can then have a NULL id, but a "none" policy with a NULL
> id can be deleted right away.
>
> Please think it over...
>
> --
>         Viktor.
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email