I tested this. you can bind _label onto CNAME but not A/AAAA. bind won't serve zones with it.
So yea.. I think the change is needed. thats substantful. -G On Wed, Jan 31, 2018 at 10:29 AM, Warren Kumari <war...@kumari.net> wrote: > On Tue, Jan 30, 2018 at 6:44 PM, George Michaelson <g...@algebras.org> wrote: >> I think we're rat holing. I'm not an author on this draft, but I know >> them both, and I work with one, and I believe the draft is basically >> in the right space and .. well.. we're rat holing. >> >> So, noting my disclaimer of bias, can we .. move on? Is there real >> matters of substance left on this one? It feels like its close. > > There is one matter of substance (but, IMO, very minor substance!) -- > the original document said that the names are of the form: > _is-ta-[key].example.com > _not-ta-[key].example.com > > This works, but some implementations really don't like having A/AAA > records for names which start with an underscore... So, we are > proposing to use instead: > xm--is-ta-[key].example.com > xm--not-ta-[key].example.com > > Why XM--? Well, we wanted some sort of identifier (that isn't an > underscore), and XM-- felt "similar" to XN--. A quick look through the > .com and .net zonefiles didn't show any collisions (yes, I realize > that this is a tiny slice of the namespace, but it was quick and > easy), nor did looking in various passive-dns and similar places. > > For folk who would like try this, I have a PoC / toy implementation at > https://www.ksk-test.net - note that this uses JS and I'm *so* not a > JavaScript programmer. It works on the browsers that I tested, that's > all I'll commit to :-) > > The document could really benefit from a better introduction / > explanation of how this will be used (similar to my earlier > conversational description) and integrating the comments received. > The authors intend to publish this soon. > > W > > >> >> -G >> >> On Wed, Jan 31, 2018 at 4:51 AM, Andrew Sullivan <a...@anvilwalrusden.com> >> wrote: >>> On Tue, Jan 30, 2018 at 10:42:15AM -0500, Joe Abley wrote: >>>> >>>> I realise that the following is not what anybody means in this thread >>> >>> Hmm. Actually, I wasn't sure :-) >>> >>>> I probably missed some. Anyway, I think when people are saying "address >>>> record" here they actually mean "IP address record". >>>> >>> >>> We should probably say that, then, and also of course we should fix >>> the poor text in the teminology document to point this out. >>> >>> A >>> >>> -- >>> Andrew Sullivan >>> a...@anvilwalrusden.com >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
