Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Tony Finch
Dave Lawrence wrote: > > In the large I agree with you, but I think there's more to it than > that. If it pushed me DNSSEC records that I could verify myself from > my own configured trust anchor, why can't I trust them then? I've been idly wondering about this from the point of view of RFC

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Daniel Kahn Gillmor
On 07/10/2018 01:43 PM, Dave Lawrence wrote: > In the large I agree with you, but I think there's more to it than > that. If it pushed me DNSSEC records that I could verify myself from > my own configured trust anchor, why can't I trust them then? alternately, if i know that i'm going to verify

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Dave Lawrence
Joe Abley writes: >but collapsing the address selection back to the extent that you can > avoid name resolution at all seems like a better end goal. > > So rather than resolverless operation, think about resolutionless or > nameless, eliminating the DNS as unnecessary overhead. > > Perhaps I

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Adam Roach
On 7/10/18 12:55 PM, Joe Abley wrote: On Jul 10, 2018, at 18:02, Adam Roach wrote: In large part because DNS provides "a richer scheme that accommodates address families and multiple addresses with priorities". *cups hand to ear* Was that the sound of a distant desire to specify use of SRV

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Joe Abley
On Jul 10, 2018, at 18:02, Adam Roach wrote: > In large part because DNS provides "a richer scheme that accommodates address > families and multiple addresses with priorities". *cups hand to ear* Was that the sound of a distant desire to specify use of SRV for HTTP? Joe

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Dave Lawrence
Tim Wicinski writes: > "Are you trying to re-invent DNSSEC for people who don't want to deploy > DNSSEC?" > > My magic 8-ball says "signs point to Yes" I don't grok how y'all got "trying to re-invent DNSSEC" out of this, so this is sure to be an entertaining discussion.

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Dave Lawrence
Paul Vixie writes: > > For example www.example.com pushes you a > > record for img1.example.com . Should you use > > it? > > no. sibling names might be delegation points. kashpureff taught us this > in 1996 or so, and kaminsky reinforced

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Patrick McManus
yes; and.. dns has always provided a point of indirection that is useful. dynamically rewriting markup might be infeasible.. and many fetch() like things are driven from script where the markup changes are not obvious or perhaps ill fitting.. and of course there are questions of cached content

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Joe Abley
On Jul 10, 2018, at 16:09, Adam Roach wrote: > [as an individual] > >> On 7/10/18 9:59 AM, Paul Wouters wrote: >> It seems more like an extension of the Public Suffix. Which domains can >> make claims about other domains. > > Based on the conversation that took place in DoH in Singapore, I

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Paul Wouters
On Tue, 10 Jul 2018, Adam Roach wrote: On 7/10/18 9:59 AM, Paul Wouters wrote: It seems more like an extension of the Public Suffix. Which domains can make claims about other domains. Based on the conversation that took place in DoH in Singapore, I think it's mostly *not* about this. The

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Adam Roach
[as an individual] On 7/10/18 9:59 AM, Paul Wouters wrote: It seems more like an extension of the Public Suffix. Which domains can make claims about other domains. Based on the conversation that took place in DoH in Singapore, I think it's mostly *not* about this. The questions that have

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Tim Wicinski
> > "Are you trying to re-invent DNSSEC for people who don't want to deploy > DNSSEC?" My magic 8-ball says "signs point to Yes" On Tue, Jul 10, 2018 at 5:09 AM, Philip Homburg wrote: > >For example www.example.com pushes you a record for img1.example.com > . > >Should you use it? What

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread Patrick McManus
probably not (whatever is available will be adhoc) - its a side meeting (aka bar bof) meant to take advantage of whomever is there. It has no process value. I'll make an effort to take minutes and report out though. On Tue, Jul 10, 2018 at 9:42 AM, manu tman wrote: > > > On Mon, Jul 9, 2018

Re: [DNSOP] [Doh] Resolverless DNS Side Meeting in Montreal

2018-07-10 Thread manu tman
On Mon, Jul 9, 2018 at 7:49 PM Patrick McManus wrote: > > *We'll do the meeting over 1 hour in the Dorchester room from 16:30 to > 17:30 on Monday July 16th.* > Will it be recorded and will there be everything set for remote participants? Manu ___